资源的 Okta SAML 证书的 Terraform 格式是什么:okta_idp_saml_key
What is the Terraform format for Okta SAML Cert for resource: okta_idp_saml_key
我正在尝试编写 SAML IdP 脚本并 运行 解决一些问题(除了缺少文档这一事实)。
我实在想不出 okta_idp_saml_key 脚本中 x5c 属性的正确格式。 Terraform Documentation
它应该是 base64 格式,如果我通过控制台将证书上传到 okta,它工作正常......
示例证书如下:
-----BEGIN CERTIFICATE-----
….bunch of text…
….bunch of text…
….bunch of text…
-----END CERTIFICATE-----
我尝试将其全部转换为 base64,尝试使用换行符使其成为一行,尝试这样做并转换为 base64。然后我意识到我的模块中的值类型错误,我把它设置为 string 而它应该是 set(string)... 这让我克服了我的第一个错误,然后我尝试设置每个证书行作为数组项,但随后出现以下错误:
Error: The API returned an error: Api validation failed: JsonWebKey. Causes: errorSummary: The IDP certificate JWK has an invalid x5c., Status: 400 Bad Request
这是有道理的,因为它最终在 Terraform 计划中打乱了它。
所以我这样设置值:x5c = ["-----BEGIN CERTIFICATE-----",”text”,”text”, ["-----END CERTIFICATE-----"]
但是计划是这样的:
+ resource "okta_idp_saml_key" "idp_saml_key" {
+ created = (known after apply)
+ expires_at = (known after apply)
+ id = (known after apply)
+ kid = (known after apply)
+ kty = (known after apply)
+ use = (known after apply)
+ x5c = [
+ "-----BEGIN CERTIFICATE-----",
+ "-----END CERTIFICATE-----",
+ "text",
+ "text",
]
+ x5t_s256 = (known after apply)
}
然后,正如预期的那样,它收到有关无效证书的错误。该文档是有用的相反,我现在基本上迷路和困惑...
以前有人做过吗?有帮助吗??
供参考:TF v0.12.31、Okta Terraform v3.6
经过一些来回和其他人的帮助,我终于成功了:
resource "okta_idp_saml_key" "example" {
x5c = ["line of textline of textline of text"]
}
这里的关键是删除回车符 returns 和行尾,并将其全部制作成一个行文件。
仅供参考,如果您将其作为一个模块来执行,那么:
#inputs.tf
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# You must provide a value for each of these parameters.
# ---------------------------------------------------------------------------------------------------------------------
variable "cert" {
description = "(Required) base64-encoded X.509 certificate chain with DER encoding."
type = set(string)
}
#main.tf 对于模块
# -----------------------------------------------------------------------------------------------
# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER
terraform {
required_version = ">= 0.12"
}
# ---------------------------------------------------------------------------------------------------------------------
# CREATE A SAML CERT KEY
# ---------------------------------------------------------------------------------------------------------------------
resource "okta_idp_saml_key" "idp_saml_key" {
x5c = var.cert
}
output "id" {
value = okta_idp_saml_key.idp_saml_key.id
}
#实际 tf 文件
# #------------------
# CREATE THE OKTA INTERNAL to EXTERNAL SAML IDP
# #------------------
module "org2org_int2ext_idp_saml_key" {
source = "./modules/idp_saml_key"
cert = ["line of textline of textline of text"]
}
我正在尝试编写 SAML IdP 脚本并 运行 解决一些问题(除了缺少文档这一事实)。
我实在想不出 okta_idp_saml_key 脚本中 x5c 属性的正确格式。 Terraform Documentation
它应该是 base64 格式,如果我通过控制台将证书上传到 okta,它工作正常......
示例证书如下:
-----BEGIN CERTIFICATE-----
….bunch of text…
….bunch of text…
….bunch of text…
-----END CERTIFICATE-----
我尝试将其全部转换为 base64,尝试使用换行符使其成为一行,尝试这样做并转换为 base64。然后我意识到我的模块中的值类型错误,我把它设置为 string 而它应该是 set(string)... 这让我克服了我的第一个错误,然后我尝试设置每个证书行作为数组项,但随后出现以下错误:
Error: The API returned an error: Api validation failed: JsonWebKey. Causes: errorSummary: The IDP certificate JWK has an invalid x5c., Status: 400 Bad Request
这是有道理的,因为它最终在 Terraform 计划中打乱了它。
所以我这样设置值:x5c = ["-----BEGIN CERTIFICATE-----",”text”,”text”, ["-----END CERTIFICATE-----"]
但是计划是这样的:
+ resource "okta_idp_saml_key" "idp_saml_key" {
+ created = (known after apply)
+ expires_at = (known after apply)
+ id = (known after apply)
+ kid = (known after apply)
+ kty = (known after apply)
+ use = (known after apply)
+ x5c = [
+ "-----BEGIN CERTIFICATE-----",
+ "-----END CERTIFICATE-----",
+ "text",
+ "text",
]
+ x5t_s256 = (known after apply)
}
然后,正如预期的那样,它收到有关无效证书的错误。该文档是有用的相反,我现在基本上迷路和困惑...
以前有人做过吗?有帮助吗??
供参考:TF v0.12.31、Okta Terraform v3.6
经过一些来回和其他人的帮助,我终于成功了:
resource "okta_idp_saml_key" "example" {
x5c = ["line of textline of textline of text"]
}
这里的关键是删除回车符 returns 和行尾,并将其全部制作成一个行文件。
仅供参考,如果您将其作为一个模块来执行,那么:
#inputs.tf
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# You must provide a value for each of these parameters.
# ---------------------------------------------------------------------------------------------------------------------
variable "cert" {
description = "(Required) base64-encoded X.509 certificate chain with DER encoding."
type = set(string)
}
#main.tf 对于模块
# -----------------------------------------------------------------------------------------------
# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER
terraform {
required_version = ">= 0.12"
}
# ---------------------------------------------------------------------------------------------------------------------
# CREATE A SAML CERT KEY
# ---------------------------------------------------------------------------------------------------------------------
resource "okta_idp_saml_key" "idp_saml_key" {
x5c = var.cert
}
output "id" {
value = okta_idp_saml_key.idp_saml_key.id
}
#实际 tf 文件
# #------------------
# CREATE THE OKTA INTERNAL to EXTERNAL SAML IDP
# #------------------
module "org2org_int2ext_idp_saml_key" {
source = "./modules/idp_saml_key"
cert = ["line of textline of textline of text"]
}