1. Zuhause
  2. Frage und Antwort
  3. Terraforming get Liste Variable

Terraforming get Liste Variable

2017-08-22 4 views
1 
variable "iam_action" { 
    type = "list" 
    default = ["ec2.amazonaws.com","ecs.amazonaws.com"] 
} 

resource "aws_iam_role" "s3_role" { 
    name    = "abcd" 
    assume_role_policy = <<EOF 
{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Action": "sts:AssumeRole", 
     "Principal": { 
     "Service": [ "${var.iam_action}" 
     ] 
     }, 
     "Effect": "Allow, 
     "Sid": "" 
    } 
    ] 
} 
EOF 
}

Fehler Ressourcen:Terraforming get Liste Variable

At column 1, line 1: output of an HIL expression must be a string, or a single list (argument 2 is TypeList) in:

Ich versuchte Funktion anschließen, aber ich Ausgang benötigen eine Liste ["a","b","c"] Join-Funktion zu sein gibt eine Ausgabe wie ["a,b,c"]

Quelle

2017-08-22 user60679

Antwort

2

ich es beheben mit jsonencode durch template_file

Zuerst erstellen Sie unter JSON-Datei

$ cat s3_policy.json 

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Action": "sts:AssumeRole", 
     "Principal": { 
     "Service": ${iam_action} 
     }, 
     "Effect": "Allow", 
     "Sid": "" 
    } 
    ] 
}

Aktualisieren Sie die Datei tf

variable "iam_action" { 
    type = "list" 
    default = ["ec2.amazonaws.com", "ecs.amazonaws.com"] 
} 

data "template_file" "s3_role" { 
    template = "${file("${path.module}/s3_policy.json")}" 

    vars { 
    iam_action = "${jsonencode(var.iam_action)}" 
    } 
} 

resource "aws_iam_role" "s3_role" { 
    name = "abcd" 

    assume_role_policy = "${data.template_file.s3_role.rendered}" 
}

Lauf template plan

+ aws_iam_role.s3_role 
     arn:     "<computed>" 
     assume_role_policy: "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n  \"Action\": \"sts:AssumeRole\",\n  \"Principal\": {\n  \"Service\": [\"ec2.amazonaws.com\",\"ecs.amazonaws.com\"]\n  },\n  \"Effect\": \"Allow\",\n  \"Sid\": \"\"\n }\n ]\n}\n" 
     create_date:   "<computed>" 
     force_detach_policies: "false" 
     name:     "abcd" 
     path:     "/" 
     unique_id:    "<computed>"

verweisen:

terraform interpolation

jsonencode(item) - Returns a JSON-encoded representation of the given item, which may be a string, list of strings, or map from string to string. Note that if the item is a string, the return value includes the double quotes.

Die r eason Ich kann nicht direkt Vars verwendet mit "${var.iam_action}" in template_file wird hier erklärt:

vars - (Optional) Variables for interpolation within the template. Note that variables must all be primitives. Direct references to lists or maps will cause a validation error.

Quelle

2017-08-22 11:32:48 BMW

+0

'' 'assume_role_policy: ""=> "{\ n \" Version \ ": \" 2012.10.17 \“ , \ n \ "Anweisung \": [\ n {\ n \ "Aktion \": \ "\ n \" "\ n \" \ n \ "Principal \": {\ n \ "Service \": \ "$ { var.actionl} \ "\ n}, \ n \" Effect \ "\" Allow \ "\ n \ "Sid \" \ "\" \ n} \ n] \ n} \ n" create_date : "" => "" '' 'Fehler: * aws_iam_role.s3_role: Fehler beim Erstellen der IAM-Rolle s3_sysops_role: MalformedPolicyDocument: Ungültiger Principal in der Richtlinie:" SERVICE ":" $ {var.iam_action} " – user60679

+0

sein Rendering als $ {foo } aber es nicht rendern foo = ["a", "b", "c"] – user60679

+0

@ user60679 Ich repariere und aktualisiere die Antwort, sollte jetzt in Ordnung sein. – BMW

Verwandte Themen

 Verwandte Themen