如下例所示:
data "aws_kms_secrets" "api_key" {
count = "${length(keys(var.keys))}"
secret {
name = "secret_name"
payload = "${element(values(var.keys), count.index)}"
}
}
resource "aws_api_gateway_api_key" "access_key" {
count = "${length(keys(var.keys))}"
name = "${var.environment}-${element(keys(var.keys), count.index)}"
value = "${lookup(element(data.aws_kms_secrets.api_key.*.plaintext, count.index), "secret_name")}"
}
从数据资源中查找明文值似乎是不可能的。
value = "${lookup(element(data.aws_kms_secrets.api_key.*.plaintext, count.index), "secret_name")}"
lookup: argument 1 should be type map, got type string in:
格式的结果
我尝试了element
、lookup
、*
和字典语法的许多组合,但都不起作用。
我的var.keys
看起来像这样:
keys = {
key-name-one = "sssss"
key-name-two = "sss"
}
发布于 2018-07-27 01:42:24
这里的技巧是使用字典语法来替换元素调用,它在映射列表中表现得更好。
value = "${lookup(data.aws_kms_secrets.api_key.*.plaintext[count.index], "secret_name")}"
做无效HCL的data.aws_kms_secrets.api_key[count.index].plaintext
很有诱惑力
发布于 2018-07-28 04:26:45
您还可以在不使用count
的情况下访问多个机密,而只需添加多个secret
块,如下所示:
data "aws_kms_secrets" "example" {
secret {
# ... potentially other configration ...
name = "master_password"
payload = "AQEC..."
}
secret {
# ... potentially other configration ...
name = "master_username"
payload = "AQEC..."
}
}
resource "aws_rds_cluster" "example" {
# ... other configuration ...
master_password = "${data.aws_kms_secrets.example.plaintext["master_password"]}"
master_username = "${data.aws_kms_secrets.example.plaintext["master_username"]}"
}
此示例在AWS Provider version 2 upgrade guide中给出,因为aws_kms_secret
data source与Terraform0.12不兼容,因此被aws_kms_secrets
(注意复数)数据源替代。
我已经更新了aws_kms_secrets
数据源示例的文档,使其也与此相匹配。
在Terraform0.12中,这些密码块也可以是dynamic的,所以你应该可以这样做:
data "aws_kms_secrets" "example" {
dynamic "secret" {
for_each = var.keys
content {
name = secret.name
payload = secret.payload
}
}
}
resource "aws_api_gateway_api_key" "access_key" {
count = "${length(var.keys)}"
name = "${var.environment}-${element(keys(var.keys), count.index)}"
value = "${lookup(data.aws_kms_secrets.api_key.plaintext), element(keys(var.keys), count.index)}"
}
发布于 2020-06-11 07:20:52
有时,您不能使用[]语法访问字典。如果字典列表来自资源,则无法使用它。以下是一种解决方法:
data "external" "extract_domain_validation_options" {
program = ["python", "${path.module}/extract_domain_validation_options.py"]
query {
encoded = "${jsonencode(flatten(aws_acm_certificate.mycrt.*.domain_validation_options))}"
}
}
resource "aws_route53_record" "validation" {
name = "${element(split(",", data.external.extract_domain_validation_options.result.resource_record_name), count.index)}"
type = "${element(split(",", data.external.extract_domain_validation_options.result.resource_record_type), count.index)}"
records = ["${element(split(",", data.external.extract_domain_validation_options.result.resource_record_value), count.index)}"]
zone_id = "${data.aws_route53_zone.myzone.zone_id}"
ttl = "60"
count = "${length(flatten(aws_acm_certificate.mycrt.*.domain_validation_options))}"
}
extract_domain_validation_options.py:
import json
import sys
query = json.loads(sys.stdin.read())
result = {}
arr = json.loads(query["encoded"])
for vo in arr:
for key in vo:
if key not in result:
result[key] = vo[key]
else:
result[key] += "," + vo[key]
sys.stdout.write(json.dumps(result))
https://stackoverflow.com/questions/51543968
复制相似问题