app-rails: Update template-infra:app to version 0.15.3.post2.dev0+8d7ab07

nava-platform-bot · nava-platform-bot · commit 41328b3ffcc0 · 2025-02-22T00:07:10.000Z
diff --git a/.template-infra/app-app-rails.yml b/.template-infra/app-app-rails.yml
@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v0.15.3-1-gc805160
+_commit: v0.15.3-2-g8d7ab07
 _src_path: https://github.com/navapbc/template-infra
 app_has_dev_env_setup: true
 app_local_port: 3100
diff --git a/infra/app-rails/service/main.tf b/infra/app-rails/service/main.tf
@@ -101,9 +101,9 @@ module "service" {
   )
 
   secrets = concat(
-    [for secret_name in keys(local.service_config.secrets) : {
+    [for secret_name, secret_arn in module.secrets.secret_arns : {
       name      = secret_name
-      valueFrom = module.secrets[secret_name].secret_arn
+      valueFrom = secret_arn
     }],
     local.feature_flags_secrets,
     module.app_config.enable_identity_provider ? [{
diff --git a/infra/app-rails/service/secrets.tf b/infra/app-rails/service/secrets.tf
@@ -1,16 +1,21 @@
 module "secrets" {
-  for_each = local.service_config.secrets
+  source = "../../modules/secrets"
 
-  source = "../../modules/secret"
+  service_name = local.service_name
+  secrets = {
+    for name, config in local.service_config.secrets :
+    name => {
+      manage_method = config.manage_method
 
-  # When generating secrets and storing them in parameter store, append the
-  # terraform workspace to the secret store path if the environment is temporary
-  # to avoid conflicts with existing environments.
-  # Don't do this for secrets that are managed manually since the temporary
-  # environments will need to share those secrets.
-  secret_store_name = (each.value.manage_method == "generated" && local.is_temporary ?
-    "${each.value.secret_store_name}/${terraform.workspace}" :
-    each.value.secret_store_name
-  )
-  manage_method = each.value.manage_method
+      # When generating secrets and storing them in parameter store, append the
+      # terraform workspace to the secret store path if the environment is temporary
+      # to avoid conflicts with existing environments.
+      # Don't do this for secrets that are managed manually since the temporary
+      # environments will need to share those secrets.
+      secret_store_name = (config.manage_method == "generated" && local.is_temporary ?
+        "${config.secret_store_name}/${terraform.workspace}" :
+        config.secret_store_name
+      )
+    }
+  }
 }
