此对象没有名为 ca_public_key_pem 的参数、嵌套块或导出属性
This object has no argument, nested block, or exported attribute named ca_public_key_pem
我正在尝试访问我的 tls_self_signed_cert 对象的 ca_public_key_pem 属性,但我被告知 属性 不存在。
然而在源代码和该模块的示例中,它似乎存在。
output "ca_public_key_pem" {
value = "${chomp(element(concat(tls_private_key.ca.*.public_key_pem, list("")), 0))}" # TODO: Workaround for issue #11210
}
有谁知道如何从 tls_self_signed_cert 资源获取 PEM 格式的 CA 证书的 public 密钥?
我目前使用的模块如下:
resource "tls_private_key" "RootKey" {
algorithm = "RSA"
rsa_bits = 2048
}
resource "tls_self_signed_cert" "SelfSigned" {
key_algorithm = "${tls_private_key.RootKey.algorithm}"
private_key_pem = "${tls_private_key.RootKey.private_key_pem}"
subject {
common_name = "Domain.com"
organization = "Org Name"
}
is_ca_certificate = true
validity_period_hours = 26280
early_renewal_hours = 8760
allowed_uses = ["cert_signing"]
}
然后在我的 azurerm_virtual_network_gateway 配置中,我有以下内容:
...
vpn_client_configuration {
address_space = ["10.9.0.0/24"]
vpn_client_protocols = ["IkeV2"]
root_certificate {
name = "My-Root-CA"
public_cert_data = "${tls_self_signed_cert.SelfSigned.ca_public_key_pem}"
}
}
我试过使用 cert_pem 但它对这个 属性 无效。
azurerm_virtual_network_gateway public_cert_data 异常要求证书采用 PEM 格式,但没有传统的 -----BEGIN CERTIFICATE----- 或 -----END CERTIFICATE----- 标记:
The root_certificate block supports:
name - (Required) A user-defined name of the root certificate.
public_cert_data - (Required) The public certificate of the root
certificate authority. The certificate must be provided in Base-64
encoded X.509 format (PEM). In particular, this argument must not
include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE-----
markers.
它输出的 tls_self_signed_cert resource has the cert_pem 属性,但这确实有 -----BEGIN CERTIFICATE----- 和 -----END CERTIFICATE----- 标记。
因此,如果您想将这些链接起来,则需要删除这些标记。最简单的方法是使用 replace 函数。
此输出的最小示例如下所示:
resource "tls_private_key" "example" {
algorithm = "ECDSA"
ecdsa_curve = "P384"
}
resource "tls_self_signed_cert" "example" {
key_algorithm = "ECDSA"
private_key_pem = "${tls_private_key.example.private_key_pem}"
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
}
output "cert" {
value = "${tls_self_signed_cert.example.cert_pem}"
}
output "trimmed_cert" {
value = "${replace(replace(tls_self_signed_cert.example.cert_pem, "-----BEGIN CERTIFICATE-----", ""), "-----END CERTIFICATE-----", "")}"
}
应用此输出将输出以下内容:
Outputs:
cert = -----BEGIN CERTIFICATE-----
MIIB1jCCAVygAwIBAgIQR4Z4djFeJNQSPegYFMqhXTAKBggqhkjOPQQDAzAzMRsw
GQYDVQQKExJBQ01FIEV4YW1wbGVzLCBJbmMxFDASBgNVBAMTC2V4YW1wbGUuY29t
MB4XDTE5MTEwMTE2MjUzOFoXDTE5MTEwMjA0MjUzOFowMzEbMBkGA1UEChMSQUNN
RSBFeGFtcGxlcywgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbTB2MBAGByqGSM49
AgEGBSuBBAAiA2IABA5bcywnzZwDjVfK3zSTLUtEiTeA/spOQ3q02816H1jYO28K
Yg1wbyPluC9c8t2H0r2WzDPmdr9iFLo7rjW3v1sCXJOL839YA/CUuwqRexjd8Iuy
jWKa0YNvA5AmbuRsqKM1MDMwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwMDaAAwZQIwdBO17wBD/Fud
kcOiVVQvhPV13SRZydLBaXGHABcSBIW4UMv3JqwbJTq/wDF0k0daAjEAyRXu+eHA
+BpJjVEvcZL7V93zMv4tNede8SHpwHm4o/ogjTINlcRnMN6tu+uXiH5I
-----END CERTIFICATE-----
trimmed_cert =
MIIB1jCCAVygAwIBAgIQR4Z4djFeJNQSPegYFMqhXTAKBggqhkjOPQQDAzAzMRsw
GQYDVQQKExJBQ01FIEV4YW1wbGVzLCBJbmMxFDASBgNVBAMTC2V4YW1wbGUuY29t
MB4XDTE5MTEwMTE2MjUzOFoXDTE5MTEwMjA0MjUzOFowMzEbMBkGA1UEChMSQUNN
RSBFeGFtcGxlcywgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbTB2MBAGByqGSM49
AgEGBSuBBAAiA2IABA5bcywnzZwDjVfK3zSTLUtEiTeA/spOQ3q02816H1jYO28K
Yg1wbyPluC9c8t2H0r2WzDPmdr9iFLo7rjW3v1sCXJOL839YA/CUuwqRexjd8Iuy
jWKa0YNvA5AmbuRsqKM1MDMwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwMDaAAwZQIwdBO17wBD/Fud
kcOiVVQvhPV13SRZydLBaXGHABcSBIW4UMv3JqwbJTq/wDF0k0daAjEAyRXu+eHA
+BpJjVEvcZL7V93zMv4tNede8SHpwHm4o/ogjTINlcRnMN6tu+uXiH5I
这个由两个 replace 函数生成的修剪输出应该可用于 azurerm_virtual_network_gateway public_cert_data 参数。
我正在尝试访问我的 tls_self_signed_cert 对象的 ca_public_key_pem 属性,但我被告知 属性 不存在。
然而在源代码和该模块的示例中,它似乎存在。
output "ca_public_key_pem" {
value = "${chomp(element(concat(tls_private_key.ca.*.public_key_pem, list("")), 0))}" # TODO: Workaround for issue #11210
}
有谁知道如何从 tls_self_signed_cert 资源获取 PEM 格式的 CA 证书的 public 密钥?
我目前使用的模块如下:
resource "tls_private_key" "RootKey" {
algorithm = "RSA"
rsa_bits = 2048
}
resource "tls_self_signed_cert" "SelfSigned" {
key_algorithm = "${tls_private_key.RootKey.algorithm}"
private_key_pem = "${tls_private_key.RootKey.private_key_pem}"
subject {
common_name = "Domain.com"
organization = "Org Name"
}
is_ca_certificate = true
validity_period_hours = 26280
early_renewal_hours = 8760
allowed_uses = ["cert_signing"]
}
然后在我的 azurerm_virtual_network_gateway 配置中,我有以下内容:
...
vpn_client_configuration {
address_space = ["10.9.0.0/24"]
vpn_client_protocols = ["IkeV2"]
root_certificate {
name = "My-Root-CA"
public_cert_data = "${tls_self_signed_cert.SelfSigned.ca_public_key_pem}"
}
}
我试过使用 cert_pem 但它对这个 属性 无效。
azurerm_virtual_network_gateway public_cert_data 异常要求证书采用 PEM 格式,但没有传统的 -----BEGIN CERTIFICATE----- 或 -----END CERTIFICATE----- 标记:
The root_certificate block supports:
name- (Required) A user-defined name of the root certificate.
public_cert_data- (Required) The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the-----BEGIN CERTIFICATE-----or-----END CERTIFICATE-----markers.
它输出的 tls_self_signed_cert resource has the cert_pem 属性,但这确实有 -----BEGIN CERTIFICATE----- 和 -----END CERTIFICATE----- 标记。
因此,如果您想将这些链接起来,则需要删除这些标记。最简单的方法是使用 replace 函数。
此输出的最小示例如下所示:
resource "tls_private_key" "example" {
algorithm = "ECDSA"
ecdsa_curve = "P384"
}
resource "tls_self_signed_cert" "example" {
key_algorithm = "ECDSA"
private_key_pem = "${tls_private_key.example.private_key_pem}"
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
}
output "cert" {
value = "${tls_self_signed_cert.example.cert_pem}"
}
output "trimmed_cert" {
value = "${replace(replace(tls_self_signed_cert.example.cert_pem, "-----BEGIN CERTIFICATE-----", ""), "-----END CERTIFICATE-----", "")}"
}
应用此输出将输出以下内容:
Outputs:
cert = -----BEGIN CERTIFICATE-----
MIIB1jCCAVygAwIBAgIQR4Z4djFeJNQSPegYFMqhXTAKBggqhkjOPQQDAzAzMRsw
GQYDVQQKExJBQ01FIEV4YW1wbGVzLCBJbmMxFDASBgNVBAMTC2V4YW1wbGUuY29t
MB4XDTE5MTEwMTE2MjUzOFoXDTE5MTEwMjA0MjUzOFowMzEbMBkGA1UEChMSQUNN
RSBFeGFtcGxlcywgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbTB2MBAGByqGSM49
AgEGBSuBBAAiA2IABA5bcywnzZwDjVfK3zSTLUtEiTeA/spOQ3q02816H1jYO28K
Yg1wbyPluC9c8t2H0r2WzDPmdr9iFLo7rjW3v1sCXJOL839YA/CUuwqRexjd8Iuy
jWKa0YNvA5AmbuRsqKM1MDMwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwMDaAAwZQIwdBO17wBD/Fud
kcOiVVQvhPV13SRZydLBaXGHABcSBIW4UMv3JqwbJTq/wDF0k0daAjEAyRXu+eHA
+BpJjVEvcZL7V93zMv4tNede8SHpwHm4o/ogjTINlcRnMN6tu+uXiH5I
-----END CERTIFICATE-----
trimmed_cert =
MIIB1jCCAVygAwIBAgIQR4Z4djFeJNQSPegYFMqhXTAKBggqhkjOPQQDAzAzMRsw
GQYDVQQKExJBQ01FIEV4YW1wbGVzLCBJbmMxFDASBgNVBAMTC2V4YW1wbGUuY29t
MB4XDTE5MTEwMTE2MjUzOFoXDTE5MTEwMjA0MjUzOFowMzEbMBkGA1UEChMSQUNN
RSBFeGFtcGxlcywgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbTB2MBAGByqGSM49
AgEGBSuBBAAiA2IABA5bcywnzZwDjVfK3zSTLUtEiTeA/spOQ3q02816H1jYO28K
Yg1wbyPluC9c8t2H0r2WzDPmdr9iFLo7rjW3v1sCXJOL839YA/CUuwqRexjd8Iuy
jWKa0YNvA5AmbuRsqKM1MDMwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwMDaAAwZQIwdBO17wBD/Fud
kcOiVVQvhPV13SRZydLBaXGHABcSBIW4UMv3JqwbJTq/wDF0k0daAjEAyRXu+eHA
+BpJjVEvcZL7V93zMv4tNede8SHpwHm4o/ogjTINlcRnMN6tu+uXiH5I
这个由两个 replace 函数生成的修剪输出应该可用于 azurerm_virtual_network_gateway public_cert_data 参数。