diff --git a/manifests/modules/security/secrets-manager/.workshop/cleanup.sh b/manifests/modules/security/secrets-manager/.workshop/cleanup.sh new file mode 100644 index 000000000..93561ab30 --- /dev/null +++ b/manifests/modules/security/secrets-manager/.workshop/cleanup.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -e + +kubectl delete clustersecretstore cluster-secret-store --ignore-not-found > /dev/null + +kubectl delete SecretProviderClass catalog-spc -n catalog --ignore-not-found > /dev/null + +kubectl delete ExternalSecret catalog-external-secret -n catalog --ignore-not-found > /dev/null + +check=$(aws secretsmanager list-secrets --filters Key="name",Values="${SECRET_NAME}" --output text) + +if [ ! -z "$check" ]; then + echo "Deleting Secrets Manager data..." + aws secretsmanager delete-secret --secret-id ${SECRET_NAME} +fi \ No newline at end of file diff --git a/manifests/modules/security/secrets-manager/.workshop/terraform/addon.tf b/manifests/modules/security/secrets-manager/.workshop/terraform/addon.tf index 95b9a330f..bd6bbcfb2 100644 --- a/manifests/modules/security/secrets-manager/.workshop/terraform/addon.tf +++ b/manifests/modules/security/secrets-manager/.workshop/terraform/addon.tf @@ -82,35 +82,8 @@ resource "aws_iam_policy" "secrets_manager" { POLICY } -resource "kubernetes_annotations" "catalog-sa" { - api_version = "v1" - kind = "ServiceAccount" - metadata { - name = "catalog" - namespace = "catalog" - } - annotations = { - "eks.amazonaws.com/role-arn" = "${module.secrets_manager_role.iam_role_arn}" - } - force = true +output "environment" { + value = <