可以通过 Terraform 为 Cloud Function 设置机密吗?
Can secrets be set for Cloud Function via Terraform?
Terraform google_cloudfunctions_function 资源文档将 secret environment variables 列为可选参数。我要么没有正确使用它,要么与文档相反,它实际上不受支持。
resource "google_cloudfunctions_function" "function" {
name = var.function_name
runtime = "nodejs16"
available_memory_mb = 128
source_archive_bucket = google_storage_bucket.bucket.name
source_archive_object = google_storage_bucket_object.zip.name
trigger_http = true
entry_point = var.function_entry_point
secret_environment_variables = []
}
结果:
Error: Unsupported argument on modules/cloud-function/main.tf
line 51, in resource "google_cloudfunctions_function" "function":
51: secret_environment_variables = {} An argument named
"secret_environment_variables" is not expected here. Did you mean to
define a block of type "secret_environment_variables"?
这是terraform version的结果:
Terraform v1.1.9
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/external v2.2.2
+ provider registry.terraform.io/hashicorp/google v4.18.0
根据文档,该键应该是块。这是一个例子:
resource "google_cloudfunctions_function" "function" {
name = var.function_name
runtime = "nodejs16"
available_memory_mb = 128
source_archive_bucket = google_storage_bucket.bucket.name
source_archive_object = google_storage_bucket_object.zip.name
trigger_http = true
entry_point = var.function_entry_point
secret_environment_variables {
key = "myvar"
secret = "mysecret_id"
}
}
Terraform google_cloudfunctions_function 资源文档将 secret environment variables 列为可选参数。我要么没有正确使用它,要么与文档相反,它实际上不受支持。
resource "google_cloudfunctions_function" "function" {
name = var.function_name
runtime = "nodejs16"
available_memory_mb = 128
source_archive_bucket = google_storage_bucket.bucket.name
source_archive_object = google_storage_bucket_object.zip.name
trigger_http = true
entry_point = var.function_entry_point
secret_environment_variables = []
}
结果:
Error: Unsupported argument on modules/cloud-function/main.tf line 51, in resource "google_cloudfunctions_function" "function": 51: secret_environment_variables = {} An argument named "secret_environment_variables" is not expected here. Did you mean to define a block of type "secret_environment_variables"?
这是terraform version的结果:
Terraform v1.1.9
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/external v2.2.2
+ provider registry.terraform.io/hashicorp/google v4.18.0
根据文档,该键应该是块。这是一个例子:
resource "google_cloudfunctions_function" "function" {
name = var.function_name
runtime = "nodejs16"
available_memory_mb = 128
source_archive_bucket = google_storage_bucket.bucket.name
source_archive_object = google_storage_bucket_object.zip.name
trigger_http = true
entry_point = var.function_entry_point
secret_environment_variables {
key = "myvar"
secret = "mysecret_id"
}
}