Merge pull request #15 from remerge/fix-deprecated-secret-replication

hollow · web-flow · commit 6c033ec80b05 · 2023-09-22T15:03:47.000+02:00
Fix deprecated Google Cloud secret replication
diff --git a/.copier-answers.yml b/.copier-answers.yml
@@ -1,10 +1,11 @@
 ---
 # Changes here will be overwritten by Copier
-_commit: v2.0.1
+_commit: v2.0.11-3-g8970631
 _src_path: gh:remerge/template
 project_id: terraform-modules
 project_license: apache-2.0
 project_name: Terraform Modules
 project_owner: core
 project_type: terraform-module
+run_workflows_for_all_branches: false
 use_python: false
diff --git a/.envrc b/.envrc
@@ -14,3 +14,6 @@ dotenv_if_exists
 
 # Add local scripts to PATH
 PATH_add "${PWD}/bin"
+
+# Enforce correct 1Password account
+export OP_ACCOUNT=remerge.1password.com
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -33,14 +33,14 @@ repos:
 
   # https://github.com/pre-commit/mirrors-prettier/tags
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: "v3.0.0"
+    rev: "v3.0.3"
     hooks:
       - id: prettier
         exclude: "^project/"
 
   # https://github.com/igorshubovych/markdownlint-cli/tags
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: "v0.35.0"
+    rev: "v0.37.0"
     hooks:
       - id: markdownlint-fix
         name: markdownlint
@@ -67,14 +67,14 @@ repos:
 
   # https://github.com/rhysd/actionlint/tags
   - repo: https://github.com/rhysd/actionlint
-    rev: "v1.6.25"
+    rev: "v1.6.26"
     hooks:
       - id: actionlint-docker
         name: actionlint
 
   # https://github.com/antonbabenko/pre-commit-terraform/tags
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: "v1.81.0"
+    rev: "v1.83.4"
     hooks:
       - id: terraform_fmt
         name: terraform-fmt
@@ -83,7 +83,7 @@ repos:
 
   # https://github.com/bridgecrewio/checkov/tags
   - repo: https://github.com/bridgecrewio/checkov
-    rev: "2.3.340"
+    rev: "2.4.48"
     hooks:
       - id: checkov
         name: checkov
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -36,3 +36,7 @@ Most dependencies can be installed using [Homebrew](https://brew.sh):
 brew install --cask docker
 brew install pre-commit pipx direnv copier
 ```
+
+Once `pre-commit` hook is activated (`make pre-commit-install`),
+set of formatting and linting routines is run automatically on each commit.
+The step could be avoided by providing `--no-verify` flag for `git commit`.
diff --git a/Makefile b/Makefile
@@ -82,17 +82,12 @@ update:: copier-update
 
 ## pre-commit
 
-.git/hooks/pre-commit:
-	make pre-commit-install
-
 .PHONY: pre-commit-install
 pre-commit-install: ## install pre-commit hook
 	pre-commit install -t pre-commit -t prepare-commit-msg -t commit-msg
-install:: pre-commit-install
 
 .PHONY: pre-commit-check
 pre-commit-check: ## run pre commit hooks
-pre-commit-check: .git/hooks/pre-commit
 	pre-commit run --all-files
 check:: pre-commit-check
 
diff --git a/google/redis/main.tf b/google/redis/main.tf
@@ -41,7 +41,7 @@ module "netbox-vm" {
 resource "google_secret_manager_secret" "auth" {
   secret_id = "redis-auth-${var.name}"
   replication {
-    automatic = true
+    auto {}
   }
 }
 
diff --git a/google/sql/database/main.tf b/google/sql/database/main.tf
@@ -21,7 +21,7 @@ resource "google_secret_manager_secret" "user" {
   project   = var.project
   secret_id = "sql-${var.instance}-user-${var.name}"
   replication {
-    automatic = true
+    auto {}
   }
 }
 
diff --git a/okta/pam/project/main.tf b/okta/pam/project/main.tf
@@ -20,7 +20,7 @@ resource "google_secret_manager_secret" "okta_enrollment_token" {
   project   = var.project
   secret_id = "okta-enrollment-token"
   replication {
-    automatic = true
+    auto {}
   }
 }
 
diff --git a/sendgrid/main.tf b/sendgrid/main.tf
@@ -13,7 +13,7 @@ resource "google_secret_manager_secret" "key" {
   project   = var.project
   secret_id = "sendgrid-key-${var.name}"
   replication {
-    automatic = true
+    auto {}
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ module "netbox-vm" {`
`41`	`41`	`resource "google_secret_manager_secret" "auth" {`
`42`	`42`	`secret_id = "redis-auth-${var.name}"`
`43`	`43`	`replication {`
`44`		`- automatic = true`
	`44`	`+ auto {}`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ resource "google_secret_manager_secret" "user" {`
`21`	`21`	`project = var.project`
`22`	`22`	`secret_id = "sql-${var.instance}-user-${var.name}"`
`23`	`23`	`replication {`
`24`		`- automatic = true`
	`24`	`+ auto {}`
`25`	`25`	`}`
`26`	`26`	`}`
`27`	`27`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ resource "google_secret_manager_secret" "okta_enrollment_token" {`
`20`	`20`	`project = var.project`
`21`	`21`	`secret_id = "okta-enrollment-token"`
`22`	`22`	`replication {`
`23`		`- automatic = true`
	`23`	`+ auto {}`
`24`	`24`	`}`
`25`	`25`	`}`
`26`	`26`
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ resource "google_secret_manager_secret" "key" {`
`13`	`13`	`project = var.project`
`14`	`14`	`secret_id = "sendgrid-key-${var.name}"`
`15`	`15`	`replication {`
`16`		`- automatic = true`
	`16`	`+ auto {}`
`17`	`17`	`}`
`18`	`18`	`}`
`19`	`19`