我有此代码可以将一些 json 数据从 Terraform 写入 Vault,并且我已将这些资源添加到 main.tf 中 -
provider "vault" {
address = "https://secrets.staging.hulu.com"
auth_login {
path = "auth/aws/login"
method = "aws"
namespace = var.vault_namespace
parameters = {
role = "service-${var.yp_service_id}-tfe"
header_value = var.header_value
sts_region = local.region
}
}
}
resource "vault_generic_secret" "example" {
path = "kv/${var.yp_service_id}/secret"
data_json = var.secret
}
data vault_generic_secret example {
depends_on = [vault_generic_secret.example]
path = "kv/${var.yp_service_id}/secret"
}
我要写入的数据是 JSON 格式的,看起来像这样,我认为这是一个有效的 JSON 数据 -
{
"DD_API_KEY": "*****************",
"DD_APP_KEY": "*****************",
"DD_SITE": "datadoghq.com"
}
我已经在variables.tf中声明了变量-
variable "address" {
type = string
description = "vault address"
default = "https://secrets.staging.dummy.com"
}
variable "vault_namespace" {
type = string
description = "vault namespace"
default = "5f8dd98fc08eda598857b651"
}
variable "header_value" {
type = string
description = "vault header"
default = "secrets.staging.dummy.com"
}
variable "secret" {
description = "Sensitive secrets for the service"
type = map(string)
sensitive = true
}
variable "data_json" {
description = "Sensitive secrets for the service"
type = map(any)
sensitive = true
default = {}
}
但是当我运行 Terraform Plan 时,我不断收到此错误 -
Waiting for the plan to start...
Terraform v1.7.5
on linux_amd64
Initializing plugins and modules...
╷
│ Error: Incorrect attribute value type
│
│ on main.tf line 173, in resource "vault_generic_secret" "example":
│ 173: data_json = var.secret
│
│ Inappropriate value for attribute "data_json": string required.
╵
Operation failed: failed running terraform plan (exit 1)
我如何在此处设置值data_json?我遗漏了什么吗?顺便说一下,这是 1.7.5 版本。提前致谢!
根据问题中的当前配置,变量的类型
secret为 HCL2map(string),而 Vault 提供程序期望的类型为string。因此必须将 HCL2 编码为 JSON:尽管问题中没有指定 的值
var.secret,但传输到 Vault 的值是,因此以下将是var.secret编码为问题中指定的所需 JSON 的预期值: