CODEWITHSUNDEEP
google-cloud-platformgoogle-cloud-functionsterraform
Jayz7522
Jayz7522

Reputation: 334

Can secrets be set for Cloud Function via Terraform?

The Terraform google_cloudfunctions_function resource documentation lists secret environment variables as an optional argument. I'm either not using it correctly or, contrary to the documentation, it's not in fact supported.

resource "google_cloudfunctions_function" "function" {
  name        = var.function_name
  runtime     = "nodejs16"

  available_memory_mb   = 128
  source_archive_bucket = google_storage_bucket.bucket.name
  source_archive_object = google_storage_bucket_object.zip.name
  trigger_http          = true
  entry_point           = var.function_entry_point

  secret_environment_variables = []
}

results in:

Error: Unsupported argument on modules/cloud-function/main.tf line 51, in resource "google_cloudfunctions_function" "function": 51: secret_environment_variables = {} An argument named "secret_environment_variables" is not expected here. Did you mean to define a block of type "secret_environment_variables"?

This is the result of terraform version:

Terraform v1.1.9
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/external v2.2.2
+ provider registry.terraform.io/hashicorp/google v4.18.0

Upvotes: 2

Views: 2865

Answers (1)

jordanm
jordanm

Reputation: 34914

According to the documentation, that key should be block. Here is an example:

resource "google_cloudfunctions_function" "function" {
  name        = var.function_name
  runtime     = "nodejs16"

  available_memory_mb   = 128
  source_archive_bucket = google_storage_bucket.bucket.name
  source_archive_object = google_storage_bucket_object.zip.name
  trigger_http          = true
  entry_point           = var.function_entry_point

  secret_environment_variables {
    key = "myvar"
    secret = "mysecret_id"
  }
}

Upvotes: 5

Related Questions