Ess*_*nce 5 amazon-web-services terraform terraform-provider-aws
我有一个执行域委托的 terraform 模块。对于多个变量,会针对硬编码值进行一些验证,以检查用户是否使用有效的输入,例如:
resource "null_resource" "validate_region" {
count = contains(local.regions, var.region) == true ? 0 : "Please provide a valid AWS region. E.g. (us-west-2)"
}
是local.regions硬编码的并且var.region是用户设置的变量。上面的代码的工作原理是,当用户设置错误的变量时,它会抛出如下错误:
Error: Incorrect value type
on .terraform/foo/main.tf line 46, in resource "null_resource" "validate_region":
46: count = contains(local.regions, var.region) == true ? 0 : "Please provide a valid AWS region. E.g. (us-west-2)"
Invalid expression value: a number is required.
我现在需要验证用户当前使用的 AWS 账户是否正确。在这种情况下,用户需要在其变量中设置正确帐户的帐户 ID,而我的代码需要提取正在运行模块的帐户的帐户 ID,并将其与用户的变量进行比较。我尝试过这样的事情:
data "aws_caller_identity" "account" {}
resource "null_resource" "validate_account" {
count = data.aws_caller_identity.account.account_id == var.primary_account_id ? 0 : "Please check that you are using the AWS creds for the primary account for this domain."
}
data "aws_route53_zone" "primary" {
name = local.primary_name
}
"{data.aws_caller_identity.account.account_id == var.primary_account_id}" ? 0为了使逻辑正常工作,对部分进行了各种语法更改,但没有运气。我希望它像区域验证那样抛出错误,其中它将显示我编写的错误消息。相反(取决于语法),它会按预期为正确的帐户工作,并Error: no matching Route53Zone found为不正确的帐户抛出错误,或者它会抛出完全不同的错误,大概是因为语法把事情搞砸了。
我该如何让它发挥作用?是否可以?
小智 9
我所做的是在 locals 块中创建一个 if 语句,并使用我想要显示的错误消息获取一个文件。
\nvariable "stage" {\n type = string\n desciption = "The stage to run the deployment in"\n}\nlocals {\n stage_validation = var.stage == "prod" || var.stage == "dev" \n ? var.stage \n : file("[Error] this module should only be ran for stages ['prod' or 'dev' ]")\n}\n将阶段变量设置为“dev”或“prod”以外的任何内容的输出如下
\n\xe2\x95\xb7\n\xe2\x94\x82 Error: Invalid function argument\n\xe2\x94\x82 \n\xe2\x94\x82 on main.tf line 10, in locals:\n\xe2\x94\x82 10: stage_validation = var.stage == "prod" || var.stage == "dev" \n\xe2\x94\x82 ? var.stage \n\xe2\x94\x82 : file("[Error] this module should only be ran for stages ['prod' or 'dev' ]")\n\xe2\x94\x82 \n\xe2\x94\x82 Invalid value for "path" parameter: no file exists at This module should only be run for stages ['prod' or 'dev']; this function works only\n\xe2\x94\x82 with files that are distributed as part of the configuration source code, so if this file will be created by a resource in this\n\xe2\x94\x82 configuration you must instead obtain this result from an attribute of that resource.\n\xe2\x95\xb5\n这很有用,因为它允许您编写一条错误消息,该消息将显示给尝试运行代码的人。
\n从 1.5.0 开始,Terraform 现在有一个“检查”块,您可以使用它来检查任意条件。例如:
check "health_check" {
data "http" "terraform_io" {
url = "https://www.terraform.io"
}
assert {
condition = data.http.terraform_io.status_code == 200
error_message = "${data.http.terraform_io.url} returned an unhealthy status code"
}
}
我发现这个块:
data "aws_route53_zone" "primary" {
name = local.primary_name
}
在帐户验证资源块之前运行。像这样添加depends_on:
data "aws_route53_zone" "primary" {
name = local.primary_name
depends_on = [null_resource.validate_account,
]
}
一切都很好。
| 归档时间: |
|
| 查看次数: |
10971 次 |
| 最近记录: |