资源的 Okta SAML 证书的 Terraform 格式是什么:okta_idp_saml_key

What is the Terraform format for Okta SAML Cert for resource: okta_idp_saml_key

我正在尝试编写 SAML IdP 脚本并 运行 解决一些问题(除了缺少文档这一事实)。

我实在想不出 okta_idp_saml_key 脚本中 x5c 属性的正确格式。 Terraform Documentation

它应该是 base64 格式,如果我通过控制台将证书上传到 okta,它工作正常......

示例证书如下:

-----BEGIN CERTIFICATE-----
….bunch of text…
….bunch of text…
….bunch of text…
-----END CERTIFICATE-----

我尝试将其全部转换为 base64,尝试使用换行符使其成为一行,尝试这样做并转换为 base64。然后我意识到我的模块中的值类型错误,我把它设置为 string 而它应该是 set(string)... 这让我克服了我的第一个错误,然后我尝试设置每个证书行作为数组项,但随后出现以下错误:

Error: The API returned an error: Api validation failed: JsonWebKey. Causes: errorSummary: The IDP certificate JWK has an invalid x5c., Status: 400 Bad Request

这是有道理的,因为它最终在 Terraform 计划中打乱了它。

所以我这样设置值:x5c = ["-----BEGIN CERTIFICATE-----",”text”,”text”, ["-----END CERTIFICATE-----"]

但是计划是这样的:

+ resource "okta_idp_saml_key" "idp_saml_key" {
  + created    = (known after apply)
  + expires_at = (known after apply)
  + id         = (known after apply)
  + kid        = (known after apply)
  + kty        = (known after apply)
  + use        = (known after apply)
  + x5c        = [
      + "-----BEGIN CERTIFICATE-----",
      + "-----END CERTIFICATE-----",
      + "text",
      + "text",
    ]
  + x5t_s256   = (known after apply)
 }

然后,正如预期的那样,它收到有关无效证书的错误。该文档是有用的相反,我现在基本上迷路和困惑...

以前有人做过吗?有帮助吗??

供参考:TF v0.12.31、Okta Terraform v3.6

经过一些来回和其他人的帮助,我终于成功了:

resource "okta_idp_saml_key" "example" {
  x5c = ["line of textline of textline of text"]
}

这里的关键是删除回车符 returns 和行尾,并将其全部制作成一个行文件。

仅供参考,如果您将其作为一个模块来执行,那么:

#inputs.tf

# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# You must provide a value for each of these parameters.
# ---------------------------------------------------------------------------------------------------------------------

variable "cert" {
  description = "(Required) base64-encoded X.509 certificate chain with DER encoding."
  type        = set(string)
}

#main.tf 对于模块

# -----------------------------------------------------------------------------------------------
# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER

terraform {
  required_version = ">= 0.12"
}

# ---------------------------------------------------------------------------------------------------------------------
# CREATE A SAML CERT KEY
# ---------------------------------------------------------------------------------------------------------------------
resource "okta_idp_saml_key" "idp_saml_key" {
  x5c        = var.cert
}

output "id" {
  value = okta_idp_saml_key.idp_saml_key.id
}

#实际 tf 文件

# #------------------
# CREATE THE OKTA INTERNAL to EXTERNAL SAML IDP
# #------------------

module "org2org_int2ext_idp_saml_key" {
  source = "./modules/idp_saml_key"

  cert = ["line of textline of textline of text"]

}