尝试传递 aws_secretsmanager_secret_version 值时出错
Error when trying to pass aws_secretsmanager_secret_version value
在 RDS AWS 创建的密码部分下,我试图传递 aws_secretsmanager_secret_version 值。我遇到错误。
resource "aws_db_instance" "airflow" {
allocated_storage = "${var.rds_allocated_storage}"
storage_type = "${var.rds_storage_type}"
storage_encrypted = "true"
engine = "mysql"
engine_version = "${var.rds_engine_version}"
instance_class = "${var.rds_instance_class}"
name = "airflow"
identifier = "airflow"
username = "${var.rds_username}"
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
parameter_group_name = "-airflow-mysql"
vpc_security_group_ids = ["${aws_security_group_airflow_sg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.airflow_rds.id}"
kms_key_id = "${data.aws_kms_key.rds.arn}"
license_model = "general-public-license"
depends_on = [
aws_db_parameter_group.airflow_mysql
]
tags = merge(
var.common_tags,
map("Classification", "private"),
map("Name", "-airflow-rds")
)
}
secretmanager.tf
resource "aws_secretsmanager_secret" "secret" {
description = "airflow"
kms_key_id = "${data.aws_kms_key.sm.arn}"
name = "airflow"
}
resource "random_string" "rds_password" {
length = 16
special = true
override_special = "/@\" "
}
resource "aws_secretsmanager_secret_version" "secret" {
secret_id = "${aws_secretsmanager_secret.secret.id}"
secret_string = <<EOF
{
"rds_password": "${random_string.rds_password.result}"
}
EOF
}
错误日志如下:-
错误:函数调用错误
在 ../../modules/airflow/outputs.tf 第 27 行,在输出 "rds_password" 中:
27: 值 = jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]
|----------------
| aws_secretsmanager_secret_version.secret.secret_string 是 "{\n \"rds_password\": \"9Y\"@xu3jy@sNGXt/\"\n }\n"
调用函数 "jsondecode" 失败:对象后的无效字符“@”
key:value对。
错误:函数调用错误
在 ../../modules/airflow/rds.tf 第 12 行,在资源 "aws_db_instance" "airflow" 中:
12: 密码 = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
|----------------
| aws_secretsmanager_secret_version.secret.secret_string 是 "{\n \"rds_password\": \"9Y\"@xu3jy@sNGXt/\"\n }\n"
调用函数 "jsondecode" 失败:对象后的无效字符“@”
key:value对。
如您在 Terraform documentation 中所见,secret_string 中的键-值对象应使用 jsonencode() 注入。
查看以下示例(改编自文档页面):
# The map here can come from other supported configurations
# like locals, resource attribute, map() built-in, etc.
variable "example" {
default = {
#HERE YOU DEFINE YOUR MAP
rds_password= "${random_string.rds_password.result}"
}
type = "map"
}
resource "aws_secretsmanager_secret_version" "example" {
secret_id = "${aws_secretsmanager_secret.example.id}"
# HERE YOU INJECT THE KEY/VAL
secret_string = "${jsonencode(var.example)}"
}
我认为您没有正确地为地图编制索引。问题在 secret_string)["rds_password"].
替换
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
和
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string["rds_password"])}"
在 RDS AWS 创建的密码部分下,我试图传递 aws_secretsmanager_secret_version 值。我遇到错误。
resource "aws_db_instance" "airflow" {
allocated_storage = "${var.rds_allocated_storage}"
storage_type = "${var.rds_storage_type}"
storage_encrypted = "true"
engine = "mysql"
engine_version = "${var.rds_engine_version}"
instance_class = "${var.rds_instance_class}"
name = "airflow"
identifier = "airflow"
username = "${var.rds_username}"
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
parameter_group_name = "-airflow-mysql"
vpc_security_group_ids = ["${aws_security_group_airflow_sg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.airflow_rds.id}"
kms_key_id = "${data.aws_kms_key.rds.arn}"
license_model = "general-public-license"
depends_on = [
aws_db_parameter_group.airflow_mysql
]
tags = merge(
var.common_tags,
map("Classification", "private"),
map("Name", "-airflow-rds")
)
}
secretmanager.tf
resource "aws_secretsmanager_secret" "secret" {
description = "airflow"
kms_key_id = "${data.aws_kms_key.sm.arn}"
name = "airflow"
}
resource "random_string" "rds_password" {
length = 16
special = true
override_special = "/@\" "
}
resource "aws_secretsmanager_secret_version" "secret" {
secret_id = "${aws_secretsmanager_secret.secret.id}"
secret_string = <<EOF
{
"rds_password": "${random_string.rds_password.result}"
}
EOF
}
错误日志如下:-
错误:函数调用错误
在 ../../modules/airflow/outputs.tf 第 27 行,在输出 "rds_password" 中: 27: 值 = jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"] |---------------- | aws_secretsmanager_secret_version.secret.secret_string 是 "{\n \"rds_password\": \"9Y\"@xu3jy@sNGXt/\"\n }\n"
调用函数 "jsondecode" 失败:对象后的无效字符“@” key:value对。
错误:函数调用错误
在 ../../modules/airflow/rds.tf 第 12 行,在资源 "aws_db_instance" "airflow" 中: 12: 密码 = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}" |---------------- | aws_secretsmanager_secret_version.secret.secret_string 是 "{\n \"rds_password\": \"9Y\"@xu3jy@sNGXt/\"\n }\n"
调用函数 "jsondecode" 失败:对象后的无效字符“@” key:value对。
如您在 Terraform documentation 中所见,secret_string 中的键-值对象应使用 jsonencode() 注入。
查看以下示例(改编自文档页面):
# The map here can come from other supported configurations
# like locals, resource attribute, map() built-in, etc.
variable "example" {
default = {
#HERE YOU DEFINE YOUR MAP
rds_password= "${random_string.rds_password.result}"
}
type = "map"
}
resource "aws_secretsmanager_secret_version" "example" {
secret_id = "${aws_secretsmanager_secret.example.id}"
# HERE YOU INJECT THE KEY/VAL
secret_string = "${jsonencode(var.example)}"
}
我认为您没有正确地为地图编制索引。问题在 secret_string)["rds_password"].
替换
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
和
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string["rds_password"])}"