Merge pull request #135 from ExpediaGroup/feature/fix_dd_secret

githubjianli · web-flow · commit 8696cd58be67 · 2024-01-05T10:30:47.000-08:00
Feature/fix dd secret
diff --git a/common.tf b/common.tf
@@ -51,19 +51,21 @@ data "aws_iam_policy_document" "waggle_dance_glue_policy" {
 
 
 data "aws_secretsmanager_secret" "datadog_key" {
+  count = length(var.datadog_key_secret_name) > 0 ? 1 : 0
   name  = var.datadog_key_secret_name
 }
 
 data "aws_secretsmanager_secret_version" "datadog_key" {
-  count = length(data.aws_secretsmanager_secret.datadog_key) > 0 ? 1 : 0
-  secret_id = data.aws_secretsmanager_secret.datadog_key.id
+  count = length(var.datadog_key_secret_name) > 0 ? 1 : 0
+  secret_id = data.aws_secretsmanager_secret.datadog_key[0].id
 }
 
-locals {
-  datadog_keys = jsondecode(data.aws_secretsmanager_secret_version.datadog_key[0].secret_string)
+data "external" "datadog_key" {
+  count = length(var.datadog_key_secret_name) > 0 ? 1 : 0
+  program = ["echo", "${data.aws_secretsmanager_secret_version.datadog_key[0].secret_string}"]
 }
 
 provider "datadog" {
-  api_key  = local.datadog_keys.api_key != null ? local.datadog_keys.api_key : ""
-  app_key  = local.datadog_keys.app_key != null ? local.datadog_keys.app_key : ""
+  api_key  = chomp(data.external.datadog_key[0].result["api_key"])
+  app_key  = chomp(data.external.datadog_key[0].result["app_key"])
 }
diff --git a/templates.tf b/templates.tf
@@ -197,11 +197,11 @@ data "template_file" "datadog-agent" {
   template = file("${path.module}/templates/datadog-agent.json")
 
   vars = {
-    region              = var.aws_region
-    loggroup            = var.wd_instance_type == "ecs" ? join("", aws_cloudwatch_log_group.waggledance_ecs.*.name) : ""
-    datadog_secret_key = jsondecode(data.aws_secretsmanager_secret_version.datadog_key[0].secret_string).api_key
-    wd_instance_type = var.wd_instance_type
-    metrics_port = var.metrics_port
+    region                = var.aws_region
+    loggroup              = var.wd_instance_type == "ecs" ? join("", aws_cloudwatch_log_group.waggledance_ecs.*.name) : ""
+    datadog_secret_key    = length(var.datadog_key_secret_name) > 0 ? chomp(data.external.datadog_key[0].result["api_key"]) : ""
+    wd_instance_type      = var.wd_instance_type
+    metrics_port          = var.metrics_port
     datadog_agent_version = var.datadog_agent_version
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -381,7 +381,7 @@ variable "tcp_keepalive_probes" {
 variable "datadog_key_secret_name" {
   description = "Name of the secret containing the DataDog API key. This needs to be created manually in AWS secrets manager. This is only applicable to ECS deployments."
   type        = string
-  default     = null
+  default     = ""
 }
 
 variable "datadog_agent_version" {

Original file line number	Diff line number	Diff line change
`@@ -51,19 +51,21 @@ data "aws_iam_policy_document" "waggle_dance_glue_policy" {`
`51`	`51`
`52`	`52`
`53`	`53`	`data "aws_secretsmanager_secret" "datadog_key" {`
	`54`	`+ count = length(var.datadog_key_secret_name) > 0 ? 1 : 0`
`54`	`55`	`name = var.datadog_key_secret_name`
`55`	`56`	`}`
`56`	`57`
`57`	`58`	`data "aws_secretsmanager_secret_version" "datadog_key" {`
`58`		`- count = length(data.aws_secretsmanager_secret.datadog_key) > 0 ? 1 : 0`
`59`		`- secret_id = data.aws_secretsmanager_secret.datadog_key.id`
	`59`	`+ count = length(var.datadog_key_secret_name) > 0 ? 1 : 0`
	`60`	`+ secret_id = data.aws_secretsmanager_secret.datadog_key[0].id`
`60`	`61`	`}`
`61`	`62`
`62`		`-locals {`
`63`		`- datadog_keys = jsondecode(data.aws_secretsmanager_secret_version.datadog_key[0].secret_string)`
	`63`	`+data "external" "datadog_key" {`
	`64`	`+ count = length(var.datadog_key_secret_name) > 0 ? 1 : 0`
	`65`	`+ program = ["echo", "${data.aws_secretsmanager_secret_version.datadog_key[0].secret_string}"]`
`64`	`66`	`}`
`65`	`67`
`66`	`68`	`provider "datadog" {`
`67`		`- api_key = local.datadog_keys.api_key != null ? local.datadog_keys.api_key : ""`
`68`		`- app_key = local.datadog_keys.app_key != null ? local.datadog_keys.app_key : ""`
	`69`	`+ api_key = chomp(data.external.datadog_key[0].result["api_key"])`
	`70`	`+ app_key = chomp(data.external.datadog_key[0].result["app_key"])`
`69`	`71`	`}`
Original file line number	Diff line number	Diff line change
`@@ -381,7 +381,7 @@ variable "tcp_keepalive_probes" {`
`381`	`381`	`variable "datadog_key_secret_name" {`
`382`	`382`	`description = "Name of the secret containing the DataDog API key. This needs to be created manually in AWS secrets manager. This is only applicable to ECS deployments."`
`383`	`383`	`type = string`
`384`		`- default = null`
	`384`	`+ default = ""`
`385`	`385`	`}`
`386`	`386`
`387`	`387`	`variable "datadog_agent_version" {`