Amazon web services Terraform外部数据源EKS指纹有时不工作
我尝试使用Terraform的外部数据源检索现有EKS证书指纹,代码如下: 指纹。shAmazon web services Terraform外部数据源EKS指纹有时不工作,amazon-web-services,terraform,openid-connect,terraform-provider-aws,amazon-eks,Amazon Web Services,Terraform,Openid Connect,Terraform Provider Aws,Amazon Eks,我尝试使用Terraform的外部数据源检索现有EKS证书指纹,代码如下: 指纹。sh #!/bin/bash THUMBPRINT=$(echo | openssl s_client -servername oidc.eks.${1}.amazonaws.com -showcerts -connect oidc.eks.${1}.amazonaws.com:443 2>&- | tac | sed -n '/-----END CERTIFICATE-----/,/-----BE
#!/bin/bash
THUMBPRINT=$(echo | openssl s_client -servername oidc.eks.${1}.amazonaws.com -showcerts -connect oidc.eks.${1}.amazonaws.com:443 2>&- | tac | sed -n '/-----END CERTIFICATE-----/,/-----BEGIN CERTIFICATE-----/p; /-----BEGIN CERTIFICATE-----/q' | tac | openssl x509 -fingerprint -noout | sed 's/://g' | awk -F= '{print tolower($2)}')
THUMBPRINT_JSON="{\"thumbprint\": \"${THUMBPRINT}\"}"
echo $THUMBPRINT_JSON
data.tf
data "external" "thumbprint" {
program = ["${path.root}/scripts/thumbprint.sh", data.aws_region.current.name]
}
resource "aws_iam_openid_connect_provider" "openid" {
depends_on = [data.external.thumbprint]
client_id_list = ["sts.amazonaws.com"]
thumbprint_list = [data.external.thumbprint.result.thumbprint]
url = data.aws_eks_cluster.this.identity.0.oidc.0.issuer
}
openid.tf
data "external" "thumbprint" {
program = ["${path.root}/scripts/thumbprint.sh", data.aws_region.current.name]
}
resource "aws_iam_openid_connect_provider" "openid" {
depends_on = [data.external.thumbprint]
client_id_list = ["sts.amazonaws.com"]
thumbprint_list = [data.external.thumbprint.result.thumbprint]
url = data.aws_eks_cluster.this.identity.0.oidc.0.issuer
}
并使用data.external.thumbprint.result.thumbprint
从上述数据源获取指纹
主要的问题是我感到困惑,有时我从指纹中获取数据,有时它会变成
空白值,即使我添加了依赖于。我怎样才能解决这个问题?或者有更好的方法吗?您可以通过使用获取任何证书的指纹。数据源的资源文档很有帮助地展示了如何获取aws\u iam\u openid\u connect\u提供程序的指纹的示例
资源:
resource "aws_eks_cluster" "example" {
name = "example"
}
data "tls_certificate" "example" {
url = aws_eks_cluster.example.identity.0.oidc.0.issuer
}
resource "aws_iam_openid_connect_provider" "example" {
client_id_list = ["sts.amazonaws.com"]
thumbprint_list = [data.tls_certificate.example.certificates.0.sha1_fingerprint]
url = aws_eks_cluster.example.identity.0.oidc.0.issuer
}
您不想使用获取此信息的原因与示例相同吗?@ydaetskcoR您能告诉我如何从aws_eks_cluster
datasource获取指纹吗?您可以将其与示例中所示的相结合。@ydaetskcoR您能将该注释作为答案发布吗?我会记为正确答案。