我有下面的地形,它创建RDS实例,然后尝试在现有机密中创建一个新的键值。
从机密管理器获取rds凭据。
locals {
db_name = "mydb"
username = jsondecode(data.aws_secretsmanager_secret_version.rdscreds.secret_string)["rds_username"]
password = jsondecode(data.aws_secretsmanager_secret_version.rdscreds.secret_string)["rds_password"]
}
创建rds实例(为了简洁起见,删除了一些变量(
module "rds" {
source = "git::https://scm....."
db_name = local.db_name
username = local.username
password = local.password
}
在现有的秘密中创建新密钥
locals {
database_url = "{"DATABASE_URL": "postgres://${local.username}:${local.password}@${module.rds.endpoint}/${local.db_name}"}"
}
resource "aws_secretsmanager_secret_version" "example" {
secret_id = "some existing secret"
secret_string = jsondecode(local.database_url)
}
当我申请获得以下错误
Error: Incorrect attribute value type
│
│ on ..........applicationsrdsdb_instancemain.tf line 76, in resource "aws_secretsmanager_secret_version" "example":
│ 76: secret_string = jsondecode(local.database_url)
│ ├────────────────
│ │ local.database_url has a sensitive value
│
│ Inappropriate value for attribute "secret_string": string required.
secret_string只是一个字符串,而不是TF映射或任何其他变量。所以应该是:
secret_string = local.database_url