From 6e657d26d9bdcc765374e745e04c358d479a947c Mon Sep 17 00:00:00 2001
From: nava-platform-bot <platform-admins@navapbc.com>
Date: Sat, 22 Feb 2025 00:08:20 +0000
Subject: [PATCH] app: Update `template-infra:app` to version
 0.15.3.post2.dev0+8d7ab07

---
 .template-infra/app-app.yml  |  2 +-
 infra/app/service/main.tf    |  4 ++--
 infra/app/service/secrets.tf | 29 +++++++++++++++++------------
 3 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/.template-infra/app-app.yml b/.template-infra/app-app.yml
index 360c098..ab944bd 100644
--- a/.template-infra/app-app.yml
+++ b/.template-infra/app-app.yml
@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v0.15.3-1-gc805160
+_commit: v0.15.3-2-g8d7ab07
 _src_path: https://github.com/navapbc/template-infra
 app_has_dev_env_setup: true
 app_local_port: 3000
diff --git a/infra/app/service/main.tf b/infra/app/service/main.tf
index fd122f5..f52b1bb 100644
--- a/infra/app/service/main.tf
+++ b/infra/app/service/main.tf
@@ -101,9 +101,9 @@ module "service" {
   )
 
   secrets = concat(
-    [for secret_name in keys(local.service_config.secrets) : {
+    [for secret_name, secret_arn in module.secrets.secret_arns : {
       name      = secret_name
-      valueFrom = module.secrets[secret_name].secret_arn
+      valueFrom = secret_arn
     }],
     local.feature_flags_secrets,
     module.app_config.enable_identity_provider ? [{
diff --git a/infra/app/service/secrets.tf b/infra/app/service/secrets.tf
index e65eaa0..466b98e 100644
--- a/infra/app/service/secrets.tf
+++ b/infra/app/service/secrets.tf
@@ -1,16 +1,21 @@
 module "secrets" {
-  for_each = local.service_config.secrets
+  source = "../../modules/secrets"
 
-  source = "../../modules/secret"
+  service_name = local.service_name
+  secrets = {
+    for name, config in local.service_config.secrets :
+    name => {
+      manage_method = config.manage_method
 
-  # When generating secrets and storing them in parameter store, append the
-  # terraform workspace to the secret store path if the environment is temporary
-  # to avoid conflicts with existing environments.
-  # Don't do this for secrets that are managed manually since the temporary
-  # environments will need to share those secrets.
-  secret_store_name = (each.value.manage_method == "generated" && local.is_temporary ?
-    "${each.value.secret_store_name}/${terraform.workspace}" :
-    each.value.secret_store_name
-  )
-  manage_method = each.value.manage_method
+      # When generating secrets and storing them in parameter store, append the
+      # terraform workspace to the secret store path if the environment is temporary
+      # to avoid conflicts with existing environments.
+      # Don't do this for secrets that are managed manually since the temporary
+      # environments will need to share those secrets.
+      secret_store_name = (config.manage_method == "generated" && local.is_temporary ?
+        "${config.secret_store_name}/${terraform.workspace}" :
+        config.secret_store_name
+      )
+    }
+  }
 }