Secretsmanager Secret create or restore #5445
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #4467
Changes proposed in this pull request:
The reasoning for this is that creating a secret and then destroying it will mark the secret for deletion with a recovery window of 7 to 30 days. This means it is not possible to create the secret again with the same name as terraform will error out with 'secret already exists'.
This prevents environments from being destroyed and recreated repeatedly and is a blocker for more generalised usage of secretmanager with terraform.
This PR change the creation logic by first checking if a secret with that name exists and:
If it does and is in a deleted state, terraform restores it and updates it with the new information (description, kms_key_id, policy, etc.)
If it does and is in a active state, terraform fails as before
If it doesn't, terraform creates it as before.
Output from acceptance testing: