Use Secret for Workspace Variables

[ejhayes]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Related to #2 except for Secrets

Potential Terraform Configuration

Although the existing CRD has been updated for all forms of valueFrom, the only supported type is currently configMapKeyRef. It would be useful if this also supported secretKeyRef.

One use case here would be to use outputs from one terraform module to be passed in to another terraform module. This was previously possible when outputs could be added to a ConfigMap but is no longer possible now that all module outputs are stored in a secret (see: #80).

---
apiVersion: app.terraform.io/v1alpha1
kind: Workspace
metadata:
  name: test-workspace
spec:
  organization: myOrg
  secretsMountPath: "/tmp/secrets"
  module:
    source: "someSource"
  variables:
    - key: some_var
      valueFrom:
        secretKeyRef:
          key: my-secret
          name: secret-name
      sensitive: false
      environmentVariable: false

In addition updates to secrets should cause the workspace to be rerun, just like the current behavior withConfigMaps.

References

[arybolovlev]

Hi @ejhayes,

I will go ahead and close this issue since it was implemented in this PR.

Thank you.