value/key 的 AWS Secret Manager 模块 - Terraform
Module for AWS Secret Manager with value/key - Terraform
我有以下 TF 模块来创建 Secret Manager 资源:
resource "aws_secretsmanager_secret" "secrets_manager" {
count = length(var.secrets)
name = element(split(":", var.secrets[count.index]),0)
description = "Managed by Terraform"
}
resource "aws_secretsmanager_secret_version" "secret" {
count = length(var.secrets)
secret_id = aws_secretsmanager_secret.secrets_manager[count.index].id
secret_string = <<EOF
{
"${element(split(":", var.secrets[count.index]),1)}": "${element(split(":", var.secrets[count.index]),2)}"
}
EOF
}
与:
module "secrets_manager" {
source = "./modules/secret_manager"
secrets = [
"secret_name:secret_value:secret_key",
...
]
}
这对我来说效果很好。现在我想要的是在不改变这种机制的情况下创建一个没有 specifying/creating a value/key.
的 Secret 的可能性
module "secrets_manager" {
source = "./modules/secret_manager"
secrets = [
"secret_name:secret_value:secret_key",
"secret_name",
"secret_name:secret_value:secret_key",
...
]
}
我一直在尝试使用地图作为变量,等等....运气不好:
secrets_map = {
secret_one = {
secret_name = "...."
secret_value = "...."
secret_key = "...."
}
secret_two = {
secret_name = "...."
}
}
}
工作中!
resource "aws_secretsmanager_secret" "secrets_manager" {
for_each = var.secrets_map
name = each.value["secret_name"]
description = "Managed by Terraform"
}
resource "aws_secretsmanager_secret_version" "secret" {
for_each = {
for key, value in var.secrets_map :
key => value
if lookup(value, "secret_value", "") != ""
}
secret_id = each.value["secret_name"]
secret_string = <<EOF
{
"${each.value["secret_value"]}": "${each.value["secret_key"]}"
}
EOF
depends_on = [
aws_secretsmanager_secret.secrets_manager
]
}
有:
module "secrets_manager" {
source = "./modules/secret_manager"
secrets_map = {
secret_one = {
secret_name = "...."
secret_value = "...."
secret_key = "...."
}
secret_two = {
secret_name = "...."
secret_value = ""
secret_key = ""
}
}
}
并且:
variable "secrets_map" {
type = map(object({
secret_name = string
secret_value = string
secret_key = string
}))
}
我无法保留默认值以避免传递空值。
额外:
terraform import .......module.secrets_manager.aws_secretsmanager_secret.secrets_manager[\"secret_two\"] arn....
我有以下 TF 模块来创建 Secret Manager 资源:
resource "aws_secretsmanager_secret" "secrets_manager" {
count = length(var.secrets)
name = element(split(":", var.secrets[count.index]),0)
description = "Managed by Terraform"
}
resource "aws_secretsmanager_secret_version" "secret" {
count = length(var.secrets)
secret_id = aws_secretsmanager_secret.secrets_manager[count.index].id
secret_string = <<EOF
{
"${element(split(":", var.secrets[count.index]),1)}": "${element(split(":", var.secrets[count.index]),2)}"
}
EOF
}
与:
module "secrets_manager" {
source = "./modules/secret_manager"
secrets = [
"secret_name:secret_value:secret_key",
...
]
}
这对我来说效果很好。现在我想要的是在不改变这种机制的情况下创建一个没有 specifying/creating a value/key.
的 Secret 的可能性module "secrets_manager" {
source = "./modules/secret_manager"
secrets = [
"secret_name:secret_value:secret_key",
"secret_name",
"secret_name:secret_value:secret_key",
...
]
}
我一直在尝试使用地图作为变量,等等....运气不好:
secrets_map = {
secret_one = {
secret_name = "...."
secret_value = "...."
secret_key = "...."
}
secret_two = {
secret_name = "...."
}
}
}
工作中!
resource "aws_secretsmanager_secret" "secrets_manager" {
for_each = var.secrets_map
name = each.value["secret_name"]
description = "Managed by Terraform"
}
resource "aws_secretsmanager_secret_version" "secret" {
for_each = {
for key, value in var.secrets_map :
key => value
if lookup(value, "secret_value", "") != ""
}
secret_id = each.value["secret_name"]
secret_string = <<EOF
{
"${each.value["secret_value"]}": "${each.value["secret_key"]}"
}
EOF
depends_on = [
aws_secretsmanager_secret.secrets_manager
]
}
有:
module "secrets_manager" {
source = "./modules/secret_manager"
secrets_map = {
secret_one = {
secret_name = "...."
secret_value = "...."
secret_key = "...."
}
secret_two = {
secret_name = "...."
secret_value = ""
secret_key = ""
}
}
}
并且:
variable "secrets_map" {
type = map(object({
secret_name = string
secret_value = string
secret_key = string
}))
}
我无法保留默认值以避免传递空值。
额外:
terraform import .......module.secrets_manager.aws_secretsmanager_secret.secrets_manager[\"secret_two\"] arn....