Terraform 本地exec销毁触发器-忽略对google访问令牌的更改
我有一个null_资源,它有一个本地exec块,使用googleaccess令牌生成一个curl。 因为这是在销毁期间执行的,所以我不得不将其定义为触发器变量 每次我执行Terraform 本地exec销毁触发器-忽略对google访问令牌的更改,terraform,terraform0.12+,Terraform,Terraform0.12+,我有一个null_资源,它有一个本地exec块,使用googleaccess令牌生成一个curl。 因为这是在销毁期间执行的,所以我不得不将其定义为触发器变量 每次我执行terraformapply时,都必须替换null_资源,因为谷歌访问令牌一直在变化 resource "null_resource" "env_to_group" { for_each = local.map_env_group triggers = { env
terraformapply resource "null_resource" "env_to_group" {
for_each = local.map_env_group
triggers = {
env_id = google_apigee_environment.apigee[each.value.env].id
group_id = google_apigee_envgroup.apigee[each.value.group].id
access_token = data.google_client_config.current.access_token
project = var.project
group = each.value.group
env = each.value.env
}
provisioner "local-exec" {
when = destroy
command = <<EOF
curl -o /dev/null -s -w "%%{http_code}" -H "Authorization: Bearer ${self.triggers.access_token}"\
"https://apigee.googleapis.com/v1/organizations/${self.triggers.project}/envgroups/${self.triggers.group}/attachments/${self.triggers.env}" \
-X DELETE -H "content-type:application/json"
EOF
}
}
资源“空”资源“环境到组”{
for_each=local.map_env_组
触发器={
env_id=google_apigee_environment.apigee[each.value.env].id
group\u id=google\u apigee\u envgroup.apigee[each.value.group].id
access\u token=data.google\u client\u config.current.access\u token
project=var.project
组=每个.value.group
env=each.value.env
}
供应人“本地执行官”{
何时=毁灭
command=我认为您仍然可以使用dependens\u
元参数和一个单独的资源来实现这一点,以使临时访问令牌在销毁生命周期中可供该命令使用
resource "local_file" "access_token" {
content = data.google_client_config.current.access_token
filename = "/var/share/access-token"
}
resource "null_resource" "env_to_group" {
for_each = local.map_env_group
triggers = {
env_id = google_apigee_environment.apigee[each.value.env].id
group_id = google_apigee_envgroup.apigee[each.value.group].id
project = var.project
group = each.value.group
env = each.value.env
}
depends_on = [local_file.access_token]
provisioner "local-exec" {
when = destroy
command = <<EOF
curl -o /dev/null -s -w "%%{http_code}" -H "Authorization: Bearer $(cat /var/share/access-token)"\
"https://apigee.googleapis.com/v1/organizations/${self.triggers.project}/envgroups/${self.triggers.group}/attachments/${self.triggers.env}" \
-X DELETE -H "content-type:application/json"
EOF
}
}
资源“本地\u文件”“访问\u令牌”{
content=data.google\u client\u config.current.access\u令牌
filename=“/var/share/access令牌”
}
资源“空”资源“环境到组”{
for_each=local.map_env_组
触发器={
env_id=google_apigee_environment.apigee[each.value.env].id
group\u id=google\u apigee\u envgroup.apigee[each.value.group].id
project=var.project
组=每个.value.group
env=each.value.env
}
依赖于=[local\u file.access\u token]
供应人“本地执行官”{
何时=毁灭
command=Hi-Filip,这非常有帮助,我测试了文件选项,它似乎工作正常。谢谢。