CODEWITHSUNDEEP
terraformterraform-provider-gcp
William Wang
William Wang

Reputation: 133

terraform: how to add a block of secret_environment_variables in google_cloudfunctions_function

I am new to terraform. I am trying to deploy a cloud function with multi secrets exposed as environment variables. It fails however I tried it. My code snippet is below.

resource "google_cloudfunctions_function" "function" {
  name        = "function-test"
  description = "My function"
  runtime     = "python310"
  ...
  entry_point                  = "helloGET"
 
  environment_variables = {
    MY_ENV_VAR = "my-env-var-value"
  }

  secret_environment_variables = [  
    {
      key     = "envID"
      secret  = var.envID
      version = "latest"
    },
    {
      key     = "client_id"
      secret  = var.client_id
      version = "latest"
    },
    {
      key     = "client_secret"
      secret  = var.client_secret
      version = "latest"
    }
  ]
}

Then the terraform plan produced the following errors:

Error: Unsupported argument │ │ on resources.tf line 378, in resource "google_cloudfunctions_function" "cloud_function": │ 378: secret_environment_variables = [ │ │ An argument named "secret_environment_variables" is not expected here. Did you mean to define a block of type "secret_environment_variables"?

What is the right syntax, please?

Upvotes: 0

Views: 2487

Answers (2)

Jatin
Jatin

Reputation: 111

In the second generation of Google Cloud Functions, secrets are accessed using secret_environment_variables instead of environment_variables.

So it should be:

resource "google_cloudfunctions2_function" "function"

Upvotes: -1

Marko E
Marko E

Reputation: 18108

As per the documentation [1], the secret_environment_variables is a block:

The secret_environment_variables block supports:

That means that it is not a list, which is denoted with square brackets, or what you have been trying to do. This should fix it:

resource "google_cloudfunctions_function" "function" {
  name        = "function-test"
  description = "My function"
  runtime     = "python310"
  ...
  entry_point                  = "helloGET"
 
  environment_variables = {
    MY_ENV_VAR = "my-env-var-value"
  }

  secret_environment_variables {  
      key     = "envID"
      secret  = var.envID
      version = "latest"
  }

  secret_environment_variables {
      key     = "client_id"
      secret  = var.client_id
      version = "latest"
  }

  secret_environment_variables {
      key     = "client_secret"
      secret  = var.client_secret
      version = "latest"
  }
}

[1] https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloudfunctions_function#nested_secret_environment_variables

Upvotes: 3

Related Questions