Terraform Composer 的值 airflow_config_override secrets-backend_kwargs
Value for Terraform Composer airflow_config_override secrets-backend_kwargs
我需要使用 Terraform 更改默认设置 project_id in my Composer environment so that I can access secrets from another project. To do so, according to Terraform, I need the variable airflow_config_overrides。我想我应该有这样的东西:
resource "google_composer_environment" "test" {
# ...
config {
software_config {
airflow_config_overrides = {
secrets-backend = "airflow.providers.google.cloud.secrets.secret_manager.CloudSecretManagerBackend",
secrets-backend_kwargs = {"project_id":"9999999999999"}
}
}
}
}
secrets-backend section-key 似乎有效。另一方面,secrets-backend_kwargs 返回以下错误:
Inappropriate value for attribute "airflow_config_overrides": element "secrets-backend_kwargs": string required
问题似乎在于 GCP 需要 JSON 格式,而 Terraform 需要字符串。我怎样才能让 Terraform 以所需的格式提供它?
您可以使用 jsonencode function.
将 {"project_id":"9999999999999"} 等映射转换为 JSON 编码字符串
因此,将 google_composer_environment resource documentation 中给出的示例与您在问题中的配置合并,您可以这样做:
resource "google_composer_environment" "test" {
name = "mycomposer"
region = "us-central1"
config {
software_config {
airflow_config_overrides = {
secrets-backend = "airflow.providers.google.cloud.secrets.secret_manager.CloudSecretManagerBackend",
secrets-backend_kwargs = jsonencode({"project_id":"9999999999999"})
}
pypi_packages = {
numpy = ""
scipy = "==1.1.0"
}
env_variables = {
FOO = "bar"
}
}
}
}
我需要使用 Terraform 更改默认设置 project_id in my Composer environment so that I can access secrets from another project. To do so, according to Terraform, I need the variable airflow_config_overrides。我想我应该有这样的东西:
resource "google_composer_environment" "test" {
# ...
config {
software_config {
airflow_config_overrides = {
secrets-backend = "airflow.providers.google.cloud.secrets.secret_manager.CloudSecretManagerBackend",
secrets-backend_kwargs = {"project_id":"9999999999999"}
}
}
}
}
secrets-backend section-key 似乎有效。另一方面,secrets-backend_kwargs 返回以下错误:
Inappropriate value for attribute "airflow_config_overrides": element "secrets-backend_kwargs": string required
问题似乎在于 GCP 需要 JSON 格式,而 Terraform 需要字符串。我怎样才能让 Terraform 以所需的格式提供它?
您可以使用 jsonencode function.
{"project_id":"9999999999999"} 等映射转换为 JSON 编码字符串
因此,将 google_composer_environment resource documentation 中给出的示例与您在问题中的配置合并,您可以这样做:
resource "google_composer_environment" "test" {
name = "mycomposer"
region = "us-central1"
config {
software_config {
airflow_config_overrides = {
secrets-backend = "airflow.providers.google.cloud.secrets.secret_manager.CloudSecretManagerBackend",
secrets-backend_kwargs = jsonencode({"project_id":"9999999999999"})
}
pypi_packages = {
numpy = ""
scipy = "==1.1.0"
}
env_variables = {
FOO = "bar"
}
}
}
}