尝试传递aws_secretsmanager_secret_version值时出错
在RDS AWS创建的PASSWORD部分,我尝试传递aws_secretsmanager_secret_version值。我的错误越来越小。
resource "aws_db_instance" "airflow" {
allocated_storage = "${var.rds_allocated_storage}"
storage_type = "${var.rds_storage_type}"
storage_encrypted = "true"
engine = "mysql"
engine_version = "${var.rds_engine_version}"
instance_class = "${var.rds_instance_class}"
name = "airflow"
identifier = "airflow"
username = "${var.rds_username}"
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
parameter_group_name = "-airflow-mysql"
vpc_security_group_ids = ["${aws_security_group_airflow_sg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.airflow_rds.id}"
kms_key_id = "${data.aws_kms_key.rds.arn}"
license_model = "general-public-license"
depends_on = [
aws_db_parameter_group.airflow_mysql
]
tags = merge(
var.common_tags,
map("Classification", "private"),
map("Name", "-airflow-rds")
)
}secretmanager.tf
resource "aws_secretsmanager_secret" "secret" {
description = "airflow"
kms_key_id = "${data.aws_kms_key.sm.arn}"
name = "airflow"
}
resource "random_string" "rds_password" {
length = 16
special = true
override_special = "/@\" "
}
resource "aws_secretsmanager_secret_version" "secret" {
secret_id = "${aws_secretsmanager_secret.secret.id}"
secret_string = <<EOF
{
"rds_password": "${random_string.rds_password.result}"
}
EOF
}以下是错误日志:
错误:函数调用中出错
在../../modules/airflow/outputs.tf第27行,输出"rds_password":27: value = jsondecode(aws_secretsmanager_secret_version.secret.secret_string)"rds_password“|-| aws_secretsmanager_secret_version.secret.secret_string is "{\n \"rds_password\":\"9Y\"@xu3jy@sNGXt/\"\n }\n”
调用函数"jsondecode“失败:对象键:值对后的字符'@‘无效。
错误:函数调用中出错
在../../modules/airflow/rds.tf第12行,在资源“airflow”中: 12: password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)"rds_password"}“|-| aws_secretsmanager_secret_version.secret.secret_string is "{\n \ "aws_db_instance”:\"9Y\"@xu3jy@sNGXt/\"\n }\n“
调用函数"jsondecode“失败:对象键:值对后的字符'@‘无效。
回答 2
Stack Overflow用户
发布于 2019-08-08 22:58:24
正如您在Terraform documentation中看到的,secret_string中的key-val对象应该使用jsonencode()注入。
请看下面的示例(改编自文档页面):
# The map here can come from other supported configurations
# like locals, resource attribute, map() built-in, etc.
variable "example" {
default = {
#HERE YOU DEFINE YOUR MAP
rds_password= "${random_string.rds_password.result}"
}
type = "map"
}
resource "aws_secretsmanager_secret_version" "example" {
secret_id = "${aws_secretsmanager_secret.example.id}"
# HERE YOU INJECT THE KEY/VAL
secret_string = "${jsonencode(var.example)}"
}Stack Overflow用户
发布于 2020-05-21 21:30:22
我认为您没有正确地为地图建立索引。问题出在secret_string)["rds_password"]。
替换
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"使用
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string["rds_password"])}"https://stackoverflow.com/questions/57415154
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号