From f4a4253a76dd096ca40374766c2b5a0867593e6a Mon Sep 17 00:00:00 2001
From: Soya Miyoshi <miyoshisoya@gmail.com>
Date: Wed, 13 Sep 2023 10:20:15 +0900
Subject: [PATCH] feat: allow schedule expression and duration for
 rotation_rules (#8)

* feat: allow schedule expression and duration for rotation_rules

* build: update AWS provider version lower binding
---
 main.tf      |  2 ++
 variables.tf | 11 ++++++++---
 versions.tf  |  2 +-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/main.tf b/main.tf
index 3b35519..522ed83 100644
--- a/main.tf
+++ b/main.tf
@@ -74,5 +74,7 @@ resource "aws_secretsmanager_secret_rotation" "default" {
 
   rotation_rules {
     automatically_after_days = var.rotation["automatically_after_days"]
+    duration                 = var.rotation["duration"]
+    schedule_expression      = var.rotation["schedule_expression"]
   }
 }
diff --git a/variables.tf b/variables.tf
index 8c1540a..0ea05a1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -99,11 +99,12 @@ variable "rotation" {
   type = object({
     enabled                  = optional(bool, false)
     lambda_arn               = string
-    automatically_after_days = number
+    automatically_after_days = optional(number, null)
+    duration                 = optional(string, null)
+    schedule_expression      = optional(string, null)
   })
   default = {
-    lambda_arn               = ""
-    automatically_after_days = 0
+    lambda_arn = ""
   }
   description = <<-DOC
     enabled:
@@ -113,5 +114,9 @@ variable "rotation" {
         Specifies the ARN of the Lambda function that can rotate the secret.
     automatically_after_days:
         Specifies the number of days between automatic scheduled rotations of the secret.
+    duration:
+        The length of the rotation window in hours. For example, `3h` for a three hour window.
+    schedule_expression:
+        A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automatically_after_days` or `schedule_expression` must be specified.
   DOC
 }
diff --git a/versions.tf b/versions.tf
index 2973d0e..305a28d 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.0"
+      version = ">= 4.16"
     }
   }
 }