terraform - Terraform Cloud(即远程后端)TF_VAR_ 环境替换不起作用?
问题描述
地形版本:0.12.24
这真的很奇怪,因为我之前使用过TF_VAR_
替换语法并且效果很好。
提供者.tf
# Configure the AWS Provider
provider "aws" {
version = "~> 2.0"
region = "ap-southeast-2"
access_key = var.aws_access_key_id
secret_key = var.aws_secret_access_key
}
变量.tf
variable "aws_access_key_id" {
description = "Access Key for AWS IAM User"
}
variable "aws_secret_access_key" {
description = "Secret Access Key for AWS IAM User"
}
variable "terraform_cloud_token" {
description = "Token used to log into Terraform Cloud via the CLI"
}
用于 terraform 云的backend.tf
terraform {
backend "remote" {
organization = "xx"
workspaces {
name = "xx"
}
}
}
构建日志
---------------
TF_VAR_aws_secret_access_key=***
TF_VAR_aws_access_key_id=***
TF_VAR_terraform_cloud_token=***
---------------
当我尝试在本地 Docker 容器中运行它时,它也会在本地失败
Dockerfile
FROM hashicorp/terraform:0.12.24
COPY . /app
COPY .terraformrc $HOME
ENV TF_VAR_aws_secret_access_key 'XX'
ENV TF_VAR_aws_access_key_id 'XX'
ENV TF_VAR_terraform_cloud_token 'XX'
WORKDIR /app
ENTRYPOINT ["/app/.github/actions/terraform-plan/entrypoint.sh"]
入口点.sh
#!/bin/sh -l
# move terraform cloud configuration file to user root as expected
# by the backend resource
mv ./.terraformrc ~/
terraform init
terraform plan
docker 容器运行的输出
$ docker run -it tf-test
---------------
TF_VAR_aws_secret_access_key=XX
TF_VAR_aws_access_key_id=XX
TF_VAR_terraform_cloud_token=XX
---------------
Initializing the backend...
Successfully configured the backend "remote"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "aws" (hashicorp/aws) 2.56.0...
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.
Preparing the remote plan...
To view this run in a browser, visit:
https://app.terraform.io/app/XX/XX/runs/run-XX
Waiting for the plan to start...
Terraform v0.12.24
Configuring remote state backend...
Initializing Terraform configuration...
2020/04/03 01:43:04 [DEBUG] Using modified User-Agent: Terraform/0.12.24 TFC/05d5abc3eb
Error: No value for required variable
on vars.tf line 1:
1: variable "aws_access_key_id" {
The root module input variable "aws_access_key_id" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.
Error: No value for required variable
on vars.tf line 5:
5: variable "aws_secret_access_key" {
The root module input variable "aws_secret_access_key" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.
Error: No value for required variable
on vars.tf line 9:
9: variable "terraform_cloud_token" {
The root module input variable "terraform_cloud_token" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.
解决方案
好吧......这很令人困惑,因为在 Terraform 的 VM 中生成的日志会流式传输到您自己的终端/运行日志。
但这是我发现的。使用 Terraform Cloud 时,有两个选项可供您使用。
- 使用 Terraform 的 VM 运行您的
terraform
命令 - 使用您自己的(或您的 CI/CD 平台的)基础架构来运行这些
terraform
命令。
如果您选择第一个选项(令人讨厌的是默认选项)...您必须在 Terraform Cloud Dashboard 中设置环境变量。这是因为这种执行类型的所有 terraform 命令都在它们的 VM 中运行,并且出于良好的安全原因,本地环境中的环境变量不会传递给 Terraform。
如果您remote
选择了该选项,则执行此操作后,它将按预期工作。
推荐阅读
- d3.js - D3 - 将 y.domain 更改为以最小数量开始
- python - subprocess.communicate() 不会向通过 git 调用 ssh 的 Popen 提供输入
- java - 使用 Aspose PDF 18.9.1 将 PDF 转换为带有书签和链接的 WORD
- javascript - 集合中所有 ID 的 Firebase Firestore 列表
- ruby-on-rails - 电子邮件正文包含西里尔符号时测试失败
- informatica - 如何在 Informatica Manager 中启用任务工具栏
- postgresql - 续集计数关联
- postgresql - postgresql,knex,将文本添加到字段
- security - iframe 与对象 - 安全建议 - 如何嵌入外部表单
- pivot-table - Power Pivot Row Heirarchys 在具有自己的维度的数据透视表中具有自己的总计