feat: edit k8s-secrets replication to allow multiple space-separated values in TerraformState tag

.github/workflows/tf-apply-secrets.yaml

@@ -76,6 +76,8 @@ jobs:
       - name: Terraform Apply Secrets
         id: terraform_apply_secrets
         working-directory: terraform/k8s-secrets
+        env:
+          TF_VAR_namespace: ${{ inputs.environment }}
         run: |
           set -euo pipefail
 

terraform/k8s-secrets/10-secrets.tf

@@ -16,20 +16,28 @@ data "aws_secretsmanager_secret" "tagged_object" {
 data "aws_secretsmanager_secret_version" "filtered" {
   depends_on = [data.aws_secretsmanager_secret.tagged_object]
 
-  for_each = { for key, object in data.aws_secretsmanager_secret.tagged_object : key => object if(object.tags["EKSClusterName"] == var.eks_cluster_name && (contains(local.terraform_states_list, object.tags["TerraformState"]))) }
+  for_each = {
+    for key, object in data.aws_secretsmanager_secret.tagged_object :
+    key => object
+    if(
+      object.tags["EKSClusterName"] == var.eks_cluster_name &&
+      length([
+        for state in split(" ", object.tags["TerraformState"]) : state
+        if contains(flatten([for item in local.terraform_states_list : split(",", item)]), state)
+      ]) > 0
+    )
+  }
 
   secret_id = each.value.name
 }
 
 locals {
   sv_namespaces_pairs = flatten([
-    for sv_key, sv_value in data.aws_secretsmanager_secret_version.filtered : [
-      for ns in toset(split(" ", (data.aws_secretsmanager_secret.tagged_object[sv_key].tags["EKSClusterNamespacesSpaceSeparated"]))) : {
-        eks_replica_secret_name = data.aws_secretsmanager_secret.tagged_object[sv_value.secret_id].tags["EKSReplicaSecretName"],
-        secret_version          = sv_value,
-        namespace               = ns
-      }
-    ]
+    for sv_key, sv_value in data.aws_secretsmanager_secret_version.filtered : {
+      eks_replica_secret_name = data.aws_secretsmanager_secret.tagged_object[sv_value.secret_id].tags["EKSReplicaSecretName"],
+      secret_version          = sv_value,
+      namespace               = var.TF_VAR_namespace
+    }
   ])
 }
 

terraform/k8s-secrets/98-variables.tf

@@ -18,4 +18,10 @@ variable "tags" {
 variable "eks_cluster_name" {
   type        = string
   description = "Name of the interop EKS cluster"
+}
+
+variable "TF_VAR_namespace" {
+  type        = string
+  description = "Namespace where the secrets will be replicated in the EKS cluster"
+  default     = "dev-analytics" # Default value, it can be overridden by the workflow input
 }