所以我在AWS代码管道中遇到了一个错误:
错误:创建代码管道时出错:ValidationException:ActionConfiguration映射值必须满足约束:[成员必须长度小于或等于1000,成员的长度必须为大于或等于1]
谷歌它告诉我有太多的管道环境变量。它告诉我有1000个字符的限制。我不确定这意味着什么,这是意味着我的环境变量值不能超过100个字符,还是意味着组成环境变量的json不能超过1000个字符?
感谢这里的帮助。
Terraform代码按要求:
resource "aws_codepipeline" "cp_plan_pipeline" {
name = "${local.cp_name}-cp"
role_arn = aws_iam_role.cp_service_role.arn
artifact_store {
type = var.cp_artifact_type
location = module.S3.bucket_name
}
stage {
name = "Initialize"
action {
run_order = 1
name = "Source"
category = "Source"
owner = "AWS"
provider = "CodeCommit"
version = "1"
input_artifacts = []
output_artifacts = ["CodeWorkspace"]
configuration = {
RepositoryName = var.cp_repo_name
BranchName = var.cp_branch_name
PollForSourceChanges = var.cp_poll_sources
OutputArtifactFormat = var.cp_ouput_format
}
}
}
stage {
name = "Build"
action {
run_order = 1
name = "Combine_Binaries"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
namespace = "BINARYVARIABLE"
input_artifacts = ["CodeWorkspace"]
output_artifacts = ["CodeSource"]
configuration = {
ProjectName = var.cp_binary_project_name
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
type = "PLAINTEXT"
value = "#{codepipeline.PipelineExecutionId}"
},
{
name = "PL_BUCKET_KEY"
type = "PLAINTEXT"
value = "global/state/${var.bucketlocation}/"
},
{
name = "PL_DYNAMODB_TABLE_NAME"
type = "PLAINTEXT"
value = "${var.project}-${var.env}-${var.tenant}-db-${var.bucketlocation}"
},
{
name = "PL_JQ_VERSION"
type = "PLAINTEXT"
value = var.JQ_VER
},
{
name = "PL_PY_VERSION"
type = "PLAINTEXT"
value = var.PY_VER
},
{
name = "PL_GO_VERSION"
type = "PLAINTEXT"
value = var.TF_VER
},
{
name = "PL_TF_VERSION"
type = "PLAINTEXT"
value = var.TF_VER
},
{
name = "PL_GROUP_NAME"
type = "PLAINTEXT"
value = var.group_name
},
{
name = "PL_GROUP_EMAIL"
type = "PLAINTEXT"
value = var.group_email
},
{
name = "PL_PROJECT"
type = "PLAINTEXT"
value = var.project
},
{
name = "PL_TENANT"
type = "PLAINTEXT"
value = var.tenant
},
{
name = "PL_APPENV"
type = "PLAINTEXT"
value = ""
},
{
name = "PL_AWSACCOUNTNAME"
type = "PLAINTEXT"
value = ""
},
{
name = "PL_AWSACCOUNTNUMB"
type = "PLAINTEXT"
value = ""
},
{
name = "PL_PERMISSION_SETS_DIR"
type = "PLAINTEXT"
value = ""
},
])
}
}
}
stage {
name = "Code_Validation"
action {
run_order = 1
name = "Build_Lint_Py"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["CodeSource"]
output_artifacts = ["pyReport"]
configuration = {
ProjectName = var.cp_lintpy_project_name
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
type = "PLAINTEXT"
value = "#{codepipeline.PipelineExecutionId}"
},
{
name = "PL_PY_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PY_VERSION}"
},
{
name = "PL_PERMISSION_SETS_DIR"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PERMISSION_SETS_DIR}"
},
])
}
}
action {
run_order = 1
name = "Build_TF_Plan"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["CodeSource"]
output_artifacts = ["buildPlan"]
configuration = {
ProjectName = var.cp_build_tf_validate
#PrimarySource = "CodeSource"
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
type = "PLAINTEXT"
value = "#{codepipeline.PipelineExecutionId}"
},
{
name = "PL_APP_NAME"
type = "PLAINTEXT"
value = var.bucketlocation
},
{
name = "PL_BUCKET_KEY"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_BUCKET_KEY}"
},
{
name = "PL_DYNAMODB_TABLE_NAME"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_DYNAMODB_TABLE_NAME}"
},
{
name = "PL_JQ_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_JQ_VERSION}"
},
{
name = "PL_PY_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PY_VERSION}"
},
{
name = "PL_TF_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_TF_VERSION}"
},
{
name = "PL_GROUP_NAME"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_GROUP_NAME}"
},
{
name = "PL_GROUP_EMAIL"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_GROUP_EMAIL}"
},
{
name = "PL_PROJECT"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PROJECT}"
},
{
name = "PL_TENANT"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_TENANT}"
},
{
name = "PL_APPENV"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_APPENV}"
},
{
name = "PL_AWSACCOUNTNUMB"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_AWSACCOUNTNUMB}"
},
{
name = "PL_PERMISSION_SETS_DIR"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PERMISSION_SETS_DIR}"
},
])
}
}
action {
run_order = 1
name = "Build_Lint_TF"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["CodeSource"]
output_artifacts = ["tfReport"]
configuration = {
ProjectName = var.cp_linttf_project_name
#PrimarySource = "CodeSource"
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
type = "PLAINTEXT"
value = "#{codepipeline.PipelineExecutionId}"
},
{
name = "PL_BUCKET_KEY"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_BUCKET_KEY}"
},
{
name = "PL_DYNAMODB_TABLE_NAME"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_DYNAMODB_TABLE_NAME}"
},
{
name = "PL_TF_VERSION"
type = "PLAINTEXT"
value = var.TF_VER
},
{
name = "PL_TF_LINT_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_TF_LINT_VERSION}"
},
{
name = "PL_PERMISSION_SETS_DIR"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PERMISSION_SETS_DIR}"
},
])
}
}
}
stage {
name = "Test"
action {
run_order = 1
name = "Static_Analysis_Py"
category = "Test"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["CodeSource"]
output_artifacts = ["pySecReport"]
configuration = {
ProjectName = var.cp_test_static_py
PrimarySource = "CodeSource"
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
type = "PLAINTEXT"
value = "#{codepipeline.PipelineExecutionId}"
},
{
name = "PL_JQ_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_JQ_VERSION}"
},
{
name = "PL_PY_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PY_VERSION}"
},
{
name = "PL_PERMISSION_SETS_DIR"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PERMISSION_SETS_DIR}"
},
])
}
}
action {
run_order = 1
name = "Static_Analysis_TFSec"
category = "Test"
owner = "AWS"
provider = "CodeBuild"
version = "1"
namespace = "TESTVARIABLE"
input_artifacts = ["CodeSource"]
output_artifacts = ["tfSecReport"]
configuration = {
ProjectName = var.cp_test_static_tf
#PrimarySource = "CodeSource"
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
type = "PLAINTEXT"
value = "#{codepipeline.PipelineExecutionId}"
},
{
name = "PL_JQ_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_JQ_VERSION}"
},
{
name = "PL_TFSEC_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_TFSEC_VERSION}"
},
{
name = "PL_PERMISSION_SETS_DIR"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PERMISSION_SETS_DIR}"
},
#{
# name = "PL_ARTIFACTBUCKET"
# type = "PLAINTEXT"
# value = "${var.project}-${var.env}-${var.tenant}-${var.cp_name}-cp-artifacts"
#},
#{
# name = "PL_TFSECAPPROVALLINK"
# type = "PLAINTEXT"
# value = ""
#},
])
}
}
}
stage {
name = "Manual_Approval_Action"
action {
run_order = 1
name = "Manual_Review_Action-${var.project}-${var.env}-${var.tenant}-${var.cp_name}"
category = "Approval"
owner = "AWS"
provider = "Manual"
version = "1"
input_artifacts = []
output_artifacts = []
configuration = {
NotificationArn = module.sns_cp.op_sns_topic_arn
CustomData = "Please review the static code analysis and the repoistory before code is deployed."
}
}
}
stage {
name = "Deploy"
action {
run_order = 1
name = "Terraform-Apply"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["CodeSource","buildPlan"]
output_artifacts = []
version = "1"
configuration = {
ProjectName = var.cp_apply_project_name
PrimarySource = "CodeSource"
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
value = "#{codepipeline.PipelineExecutionId}"
type = "PLAINTEXT"
},
{
name = "PL_PERMISSION_SETS_DIR"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PERMISSION_SETS_DIR}"
},
{
name = "PL_BUCKET_KEY"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_BUCKET_KEY}"
},
{
name = "PL_DYNAMODB_TABLE_NAME"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_DYNAMODB_TABLE_NAME}"
},
{
name = "PL_TF_VERSION"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_TF_VERSION}"
},
{
name = "PL_GROUP_NAME"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_GROUP_NAME}"
},
{
name = "PL_GROUP_EMAIL"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_GROUP_EMAIL}"
},
{
name = "PL_PROJECT"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_PROJECT}"
},
{
name = "PL_TENANT"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_TENANT}"
},
{
name = "PL_APPENV"
type = "PLAINTEXT"
value = "#{BINARYVARIABLE.PL_APPENV}"
},
])
}
}
}
}
好吧,经过几天的调查,我的同事,他得到了所有的学分,弄清楚了1000个字符的限制。所以请记住,这是每个阶段1000个字符。因此,在没有得到Hashicorp的确认的情况下,我们得出了以下结论:
如果你想在文本编辑器中打开状态文件,请确保你正在查看文件而不是修改它;EnvironmentVariables";您将找到一个JSON语法,输出的示例如下所示。
"EnvironmentVariables": "[{"name":"PIPELINE_EXECUTION_ID","type":"PLAINTEXT","value":"#{codepipeline.PipelineExecutionId}"},{"name":"PL_APP_NAME","type":"PLAINTEXT","value":"deploy_pl"},{"name":"PL_BUCKET_KEY","type":"PLAINTEXT","value":"#{BIN.PL_BUCKET_KEY}"},{"name":"PL_DYNAMODB_TABLE_NAME","type":"PLAINTEXT","value":"#{BIN.PL_DYNAMODB_TABLE_NAME}"},{"name":"PL_GROUP_NAME","type":"PLAINTEXT","value":"#{BIN.PL_GROUP_NAME}"},{"name":"PL_GROUP_EMAIL","type":"PLAINTEXT","value":"#{BIN.PL_GROUP_EMAIL}"},{"name":"PL_PROJECT","type":"PLAINTEXT","value":"#{BIN.PL_PROJECT}"},{"name":"PL_TENANT","type":"PLAINTEXT","value":"#{BIN.PL_TENANT}"},{"name":"PL_APPENV","type":"PLAINTEXT","value":"#{BIN.PL_APPENV}"},{"name":"PL_ACCT_NUMB","type":"PLAINTEXT","value":"#{BIN.PL_ACCT_NUMB}"},{"name":"PL_PERMISSION_SETS_DIR","type":"PLAINTEXT","value":"#{BIN.PL_PERMISSION_SETS_DIR}"},{"name":"PL_IS_MGMT_ACCT","type":"PLAINTEXT","value":"#{BIN.PL_IS_MGMT_ACCT}"}]",
如果删除";EnvironmentVariables(环境变量(:以及"\"这将为您提供环境变量部分中的字符数。它使我能够准确地重命名和重构变量。
所以建议继续前进:
- 将名称空间限制在四个字符或更少
- 缩短变量以节省空间
- 仅在适当的情况下使用阶段中的变量