From 03873f6dcc4f5640a5af532d4023771d8e13138c Mon Sep 17 00:00:00 2001
From: Benjamin Edwards <edwards.benw@gmail.com>
Date: Wed, 21 Feb 2024 11:40:09 -0500
Subject: [PATCH] include all secrets in vuln task (#17033)

this change should fix the issue of vuln task interfering with MDM
settings.
---
 terraform/addons/external-vuln-scans/main.tf | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/terraform/addons/external-vuln-scans/main.tf b/terraform/addons/external-vuln-scans/main.tf
index e030a697e4b0..0410d4ae7456 100644
--- a/terraform/addons/external-vuln-scans/main.tf
+++ b/terraform/addons/external-vuln-scans/main.tf
@@ -6,14 +6,16 @@ locals {
     // and then we pull in the output of fleet ecs module
     for k, v in merge(
       var.fleet_config.extra_environment_variables,
-      { FLEET_VULNERABILITIES_DISABLE_SCHEDULE  = "false"}
+      { FLEET_VULNERABILITIES_DISABLE_SCHEDULE = "false" }
       ) : {
       name  = k
       value = v
     }
   ]
   secrets = [
-    for k, v in var.fleet_config.extra_secrets : {
+    for k, v in merge(var.fleet_config.extra_secrets, {
+      FLEET_MYSQL_PASSWORD = var.fleet_config.database.password_secret_arn
+      }) : {
       name      = k
       valueFrom = v
     }
@@ -54,12 +56,7 @@ resource "aws_ecs_task_definition" "vuln-processing" {
       image       = var.fleet_config.image
       essential   = true
       networkMode = "awsvpc"
-      secrets = [
-        {
-          name      = "FLEET_MYSQL_PASSWORD"
-          valueFrom = var.fleet_config.database.password_secret_arn
-        }
-      ]
+      secrets     = local.secrets
       ulimits = [
         {
           name      = "nofile"