Terraform 计划显示已应用的更改
Terraform plan showing changes that already apply
我有一个管道可以在 rabbitmq、minio、keycloak 和其他使用 terraform 的应用程序中创建用户,但是在 Minio 中我有一个问题是:我第一次 运行 terraform,管道创建了 bucket ,政策和用户(到目前为止,一切都很好),但是当我 运行 其他时候,terraform 计划显示不存在的更改,因为我已经 运行 管道并且没有任何更改,如图所示:
在我的 Minio terraform 代码下方:
# Create a bucket.
resource "minio_bucket" "bucket" {
name = var.namespace
}
resource "minio_user" "user1" {
access_key = var.namespace
secret_key = var.password
policies = [
minio_canned_policy.policy1.name
# Note: using a data source here!
#data.minio_canned_policy.console_admin.name,
]
/*groups = [
minio_group.group2.name,
]*/
depends_on = [
minio_canned_policy.policy1,
]
}
# Create a policy.
resource "minio_canned_policy" "policy1" {
name = "policy1"
policy = <<EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::${minio_bucket.bucket.name}*"
},
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::${minio_bucket.bucket.name}"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::${minio_bucket.bucket.name}/*"]
}
]
}
EOT
}
在rabbitmq、keycloak等中,一切正常。
有人知道如何解决这个问题吗?
谢谢!!
尝试在这个地方使用数组:
- "Resource": "arn:aws:s3:::${minio_bucket.bucket.name}*"
+ "Resource": ["arn:aws:s3:::${minio_bucket.bucket.name}*"]
也许其他检测到的变化在那之后就会消失。如果不是,它看起来像是提供程序中的错误。
解决方案是为每个资源创建一个操作:
resource "minio_canned_policy" "policy" {
name = "policy"
policy = jsonencode(
{
Statement = [
{
Action = [
"s3:GetBucketLocation",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}*",
]
},
{
Action = [
"s3:ListAllMyBuckets",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}*",
]
},
{
Action = [
"s3:ListBucket",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}",
]
},
{
Action = [
"s3:GetObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}/*",
]
},
{
Action = [
"s3:PutObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}/*",
]
},
{
Action = [
"s3:DeleteObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}/*",
]
},
]
Version = "2012-10-17"
}
)
}
我有一个管道可以在 rabbitmq、minio、keycloak 和其他使用 terraform 的应用程序中创建用户,但是在 Minio 中我有一个问题是:我第一次 运行 terraform,管道创建了 bucket ,政策和用户(到目前为止,一切都很好),但是当我 运行 其他时候,terraform 计划显示不存在的更改,因为我已经 运行 管道并且没有任何更改,如图所示:
在我的 Minio terraform 代码下方:
# Create a bucket.
resource "minio_bucket" "bucket" {
name = var.namespace
}
resource "minio_user" "user1" {
access_key = var.namespace
secret_key = var.password
policies = [
minio_canned_policy.policy1.name
# Note: using a data source here!
#data.minio_canned_policy.console_admin.name,
]
/*groups = [
minio_group.group2.name,
]*/
depends_on = [
minio_canned_policy.policy1,
]
}
# Create a policy.
resource "minio_canned_policy" "policy1" {
name = "policy1"
policy = <<EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::${minio_bucket.bucket.name}*"
},
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::${minio_bucket.bucket.name}"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::${minio_bucket.bucket.name}/*"]
}
]
}
EOT
}
在rabbitmq、keycloak等中,一切正常。
有人知道如何解决这个问题吗?
谢谢!!
尝试在这个地方使用数组:
- "Resource": "arn:aws:s3:::${minio_bucket.bucket.name}*"
+ "Resource": ["arn:aws:s3:::${minio_bucket.bucket.name}*"]
也许其他检测到的变化在那之后就会消失。如果不是,它看起来像是提供程序中的错误。
解决方案是为每个资源创建一个操作:
resource "minio_canned_policy" "policy" {
name = "policy"
policy = jsonencode(
{
Statement = [
{
Action = [
"s3:GetBucketLocation",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}*",
]
},
{
Action = [
"s3:ListAllMyBuckets",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}*",
]
},
{
Action = [
"s3:ListBucket",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}",
]
},
{
Action = [
"s3:GetObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}/*",
]
},
{
Action = [
"s3:PutObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}/*",
]
},
{
Action = [
"s3:DeleteObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::${minio_bucket.bucket.name}/*",
]
},
]
Version = "2012-10-17"
}
)
}