-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathlocals.tf
54 lines (49 loc) · 1.77 KB
/
locals.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
locals {
project_id = var.project
# Fill in defaults for environment variables.
env = toset([
for e in var.env: {
key = e.key
value = e.value
secret = {
name = e.secret
alias = e.secret != null ? lookup(local.secrets_to_aliases, e.secret, null) : null
version = coalesce(e.version, "latest")
}
}
])
// Fill in defaults for volumes.
volumes = toset([
for vol in var.volumes: {
path = vol.path
name = "volume-${substr(sha1(jsonencode(vol)), 0, 4)}"
secret = {
name = vol.secret
alias = lookup(local.secrets_to_aliases, vol.secret, null)
}
items = [
for filename, version in coalesce(vol.versions, { latest = "latest" }): {
filename = filename,
version = version
}
]
}
])
// Map secrets in other projects to aliases. This allows for easy lookup when building up `local.env` and `local.volumes`.
secrets_to_aliases = {
for secret in distinct(concat(
[for env in var.env: env.secret if env.secret != null],
[for vol in var.volumes: vol.secret if vol.secret != null]
)):
secret => "secret-${substr(sha1(secret), 0, 4)}"
if length(split("/", secret)) > 1
}
// It seems like a BETA launch stage is still okay for functionality in PREVIEW.
// launch_stage = length(local.volumes) > 0 || local.env_from_secrets_count > 0 ? "BETA" : "BETA"
launch_stage = "BETA"
// Ensure backwards-compatibility for the change in VPC access variables.
vpc_access = {
connector = coalesce(var.vpc_access.connector, var.vpc_connector_name, "-") == "-" ? null : coalesce(var.vpc_access.connector, var.vpc_connector_name)
egress = coalesce(var.vpc_access.egress, var.vpc_access_egress, "private-ranges-only")
}
}