From 010e92b2453bb62c814b697d0ceea9b9de895e66 Mon Sep 17 00:00:00 2001
From: Adam Ross <adamross@google.com>
Date: Wed, 12 Jul 2023 11:32:16 -0700
Subject: [PATCH 1/2] feat: specify regional location for secret value
 replication

---
 infra/secrets.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infra/secrets.tf b/infra/secrets.tf
index 42fc114a..8887b863 100644
--- a/infra/secrets.tf
+++ b/infra/secrets.tf
@@ -26,6 +26,7 @@ resource "google_secret_manager_secret" "django_admin_password" {
   secret_id = var.random_suffix ? "django_admin_password-${random_id.suffix.hex}" : "django_admin_password"
   replication {
     automatic = true
+    location = var.region
   }
   depends_on = [module.project_services]
 }

From 9ee7093e0bc3dae7d9dce629bdb80a501bff60bb Mon Sep 17 00:00:00 2001
From: Adam Ross <adamross@google.com>
Date: Wed, 12 Jul 2023 11:36:24 -0700
Subject: [PATCH 2/2] fix: location replication is limited ot user_managed

---
 infra/secrets.tf | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/infra/secrets.tf b/infra/secrets.tf
index 8887b863..97bd7333 100644
--- a/infra/secrets.tf
+++ b/infra/secrets.tf
@@ -25,8 +25,13 @@ resource "random_password" "django_admin_password" {
 resource "google_secret_manager_secret" "django_admin_password" {
   secret_id = var.random_suffix ? "django_admin_password-${random_id.suffix.hex}" : "django_admin_password"
   replication {
-    automatic = true
-    location = var.region
+    # Avoid conflict with constraints/gcp.resourceLocations for Secret Manager.
+    # https://cloud.google.com/secret-manager/docs/choosing-replication
+    user_managed {
+      replicas {
+        location = var.region
+      }
+    }
   }
   depends_on = [module.project_services]
 }