From 10cdb0cdb4e53b04d349e20c8dc0681628a316be Mon Sep 17 00:00:00 2001
From: Adam Lewis <23342526+Adam-D-Lewis@users.noreply.github.com>
Date: Mon, 14 Oct 2024 13:38:01 -0500
Subject: [PATCH] force forward auth redeployment when tls secret changes

---
 .../kubernetes_services/template/forward-auth.tf   |  1 +
 .../modules/kubernetes/forwardauth/main.tf         | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/src/_nebari/stages/kubernetes_services/template/forward-auth.tf b/src/_nebari/stages/kubernetes_services/template/forward-auth.tf
index 2d98bf3e6..2441b1b77 100644
--- a/src/_nebari/stages/kubernetes_services/template/forward-auth.tf
+++ b/src/_nebari/stages/kubernetes_services/template/forward-auth.tf
@@ -8,6 +8,7 @@ module "forwardauth" {
   node-group                  = var.node_groups.general
   forwardauth_middleware_name = var.forwardauth_middleware_name
   cert_secret_name            = var.cert_secret_name
+
 }
 
 variable "forwardauth_middleware_name" {
diff --git a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/forwardauth/main.tf b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/forwardauth/main.tf
index 564d397d1..e5ca05c91 100644
--- a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/forwardauth/main.tf
+++ b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/forwardauth/main.tf
@@ -162,6 +162,20 @@ resource "kubernetes_deployment" "forwardauth-deployment" {
       }
     }
   }
+
+  lifecycle {
+    # force forward auth redeployment if the cert is updated
+    replace_triggered_by = [
+      kubernetes_secret_v1.cert_secret.metadata.0.uid
+    ]
+  }
+}
+
+data "kubernetes_secret_v1" "cert_secret" {
+  metadata {
+    name      = var.cert_secret_name
+    namespace = var.namespace
+  }
 }
 
 resource "kubernetes_manifest" "forwardauth-middleware" {