data "google_project" "project" {
    project_id = var.secret_project_id
}

resource "google_secret_manager_secret" "secret_manager" {
    secret_id = var.secret_id
    replication {
        auto {}
    }
}

resource "google_secret_manager_secret_version" "secret_manager_version" {
    secret = google_secret_manager_secret.secret_manager.name
    secret_data = var.secret_data
}

resource "google_secret_manager_secret_iam_member" "secret_manager_iam_member" {
    secret_id = google_secret_manager_secret.secret_manager.id
    member = "serviceAccount:${
        data.google_project.project.number
    }-compute@developer.gserviceaccount.com"

    role = "roles/secretmanager.secretAccessor"

    depends_on = [
        google_secret_manager_secret.secret_manager
    ]
}