Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow multiple secrets for RDS Proxy #17713

Open
ghost opened this issue Feb 19, 2021 · 3 comments
Open

Allow multiple secrets for RDS Proxy #17713

ghost opened this issue Feb 19, 2021 · 3 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/rds Issues and PRs that pertain to the rds service.

Comments

@ghost
Copy link

ghost commented Feb 19, 2021

This issue was originally opened by @cisnerosk as hashicorp/terraform#27833. It was migrated here as a result of the provider split. The original body of the issue is below.

Current Terraform Version

0.13.3

I did take a quick look at the Changelog for newer versions, and I didn't see where this is implemented in newer versions yet.

Use-cases

In the console you can add many secrets to the RDS proxy. Additionally the AWS CDK supports this, while trying to do this with Terraform it fails. It seems as though auth.secrets_arn can't take an array of values.

Attempted Solutions

N/A

Proposal

I'm not sure of how to fix this, although I suspect this block needs to be changed to support sets of hashes. I'm not familiar with Go, so this may be the wrong starting point.

References

aws/aws-cdk#9098
@ghost ghost added enhancement Requests to existing resources that expand the functionality or scope. new labels Feb 19, 2021
@ghost ghost mentioned this issue Feb 19, 2021
Closed
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Feb 19, 2021
@trevorrea
Copy link
Contributor

@cisnerosk - you can define multiple auth blocks like below although it's not immediately obvious from the docs you can do this it works.

  auth {
    auth_scheme = "SECRETS"
    description = "1"
    iam_auth    = "DISABLED"
    secret_arn  = aws_secretsmanager_secret.rds_proxy["1"].arn
  }
  auth {
    auth_scheme = "SECRETS"
    description = "2"
    iam_auth    = "DISABLED"
    secret_arn  = aws_secretsmanager_secret.rds_proxy["2"].arn
  }
  auth {
    auth_scheme = "SECRETS"
    description = "3"
    iam_auth    = "DISABLED"
    secret_arn  = aws_secretsmanager_secret.rds_proxy["3"].arn
  }

@breathingdust breathingdust added service/rds Issues and PRs that pertain to the rds service. and removed needs-triage Waiting for first response or review from a maintainer. new labels Sep 4, 2021
@msusta
Copy link

msusta commented Aug 4, 2022

Just passing through - this definitely works so this issue should be closed.

@karthik-twilio
Copy link

Same issue, I want to have wildcard and get all ARN to applied for that db_proxy. Then, I need secret_arn to support list

secret_arn = data.aws_secretsmanager_secret_version.this[*].arn

The above solution might not work, because we can't predict the number of secrets attached.

Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/rds Issues and PRs that pertain to the rds service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@breathingdust @trevorrea @msusta @karthik-twilio