Amazon web services Terraform外部数据源EKS指纹有时不工作_Amazon Web Services_Terraform_Openid Connect_Terraform Provider Aws_Amazon Eks

Amazon web services Terraform外部数据源EKS指纹有时不工作

amazon-web-services terraform

Amazon web services Terraform外部数据源EKS指纹有时不工作,amazon-web-services,terraform,openid-connect,terraform-provider-aws,amazon-eks,Amazon Web Services,Terraform,Openid Connect,Terraform Provider Aws,Amazon Eks,我尝试使用Terraform的外部数据源检索现有EKS证书指纹，代码如下：指纹。sh #!/bin/bash THUMBPRINT=$(echo | openssl s_client -servername oidc.eks.${1}.amazonaws.com -showcerts -connect oidc.eks.${1}.amazonaws.com:443 2>&- | tac | sed -n '/-----END CERTIFICATE-----/,/-----BE

我尝试使用Terraform的外部数据源检索现有EKS证书指纹，代码如下：

指纹。sh

#!/bin/bash

THUMBPRINT=$(echo | openssl s_client -servername oidc.eks.${1}.amazonaws.com -showcerts -connect oidc.eks.${1}.amazonaws.com:443 2>&- | tac | sed -n '/-----END CERTIFICATE-----/,/-----BEGIN CERTIFICATE-----/p; /-----BEGIN CERTIFICATE-----/q' | tac | openssl x509 -fingerprint -noout | sed 's/://g' | awk -F= '{print tolower($2)}')
THUMBPRINT_JSON="{\"thumbprint\": \"${THUMBPRINT}\"}"
echo $THUMBPRINT_JSON

data.tf

data "external" "thumbprint" {
  program = ["${path.root}/scripts/thumbprint.sh", data.aws_region.current.name]
}

resource "aws_iam_openid_connect_provider" "openid" {
  depends_on      = [data.external.thumbprint]
  client_id_list  = ["sts.amazonaws.com"]
  thumbprint_list = [data.external.thumbprint.result.thumbprint]
  url             = data.aws_eks_cluster.this.identity.0.oidc.0.issuer
}

openid.tf

data "external" "thumbprint" {
  program = ["${path.root}/scripts/thumbprint.sh", data.aws_region.current.name]
}

resource "aws_iam_openid_connect_provider" "openid" {
  depends_on      = [data.external.thumbprint]
  client_id_list  = ["sts.amazonaws.com"]
  thumbprint_list = [data.external.thumbprint.result.thumbprint]
  url             = data.aws_eks_cluster.this.identity.0.oidc.0.issuer
}

并使用

data.external.thumbprint.result.thumbprint

从上述数据源获取指纹

主要的问题是我感到困惑，有时我从指纹中获取数据，有时它会变成
空白值，即使我添加了依赖于。我怎样才能解决这个问题？或者有更好的方法吗？您可以通过使用获取任何证书的指纹。数据源的资源文档很有帮助地展示了如何获取aws\u iam\u openid\u connect\u提供程序的指纹的示例资源： resource "aws_eks_cluster" "example" { name = "example" } data "tls_certificate" "example" { url = aws_eks_cluster.example.identity.0.oidc.0.issuer } resource "aws_iam_openid_connect_provider" "example" { client_id_list = ["sts.amazonaws.com"] thumbprint_list = [data.tls_certificate.example.certificates.0.sha1_fingerprint] url = aws_eks_cluster.example.identity.0.oidc.0.issuer } 您不想使用获取此信息的原因与示例相同吗？@ydaetskcoR您能告诉我如何从aws_eks_cluster datasource获取指纹吗？您可以将其与示例中所示的相结合。@ydaetskcoR您能将该注释作为答案发布吗？我会记为正确答案。