添加资源时 Terraform 身份验证不起作用
Terraform auth not working when adding resources
我想在我们的 OpenStack 环境中试用 Terraform。我尝试设置它,但它似乎只在定义以下内容时有效:
provider "openstack" {
user_name = "test"
tenant_name = "test"
password = "testpassword"
auth_url = "https://test:5000/v3/"
region = "test"
}
我可以 运行 terraform plan 没有任何问题它说:
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
当我尝试添加资源时:
resource "openstack_compute_instance_v2" "test" {
name = "test_server"
image_id = "test_id123"
flavor_id = "3"
key_pair = "test"
security_groups = ["default"]
network {
name = "Default Network"
}
}
当我 运行 terraform 计划时,我现在得到
Error: Error running plan: 1 error(s) occurred:
provider.openstack: Authentication failed
身份验证有效。您的 provider 部分中的内容不正确。
Terraform 在没有 resource 使用时不会验证 provider 信息。
我验证了你的发现,然后更进一步。我使用您的示例创建了两个提供程序,一个用于 AWS,一个用于 OpenStack。然后我添加了一个资源来创建一个 AWS VPC。我的 AWS 凭证是正确的。当我 运行 terraform plan 它返回了构建 VPC 的操作计划。它没有检查伪造的 OpenStack 凭据。
另一件事,一旦 provider 有一个 resource 它总是使用凭据,即使没有什么可做的。
provider "aws" {
access_key = "<redacted>"
secret_key = "<redacted>"
region = "us-east-1"
}
provider "openstack" {
user_name = "test"
tenant_name = "test"
password = "testpassword"
auth_url = "https://test:5000/v3/"
region = "test"
}
/* Create VPC */
resource "aws_vpc" "default" {
cidr_block = "10.200.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags {
Name = "testing"
}
}
生成以下输出以验证未检查 OpenStack provider:
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ aws_vpc.default
id: <computed>
arn: <computed>
assign_generated_ipv6_cidr_block: "false"
cidr_block: "10.200.0.0/16"
default_network_acl_id: <computed>
default_route_table_id: <computed>
default_security_group_id: <computed>
dhcp_options_id: <computed>
enable_classiclink: <computed>
enable_classiclink_dns_support: <computed>
enable_dns_hostnames: "true"
enable_dns_support: "true"
provider "aws" {
instance_tenancy: "default"
ipv6_association_id: <computed>
ipv6_cidr_block: <computed>
main_route_table_id: <computed>
tags.%: "1"
tags.Name: "testing"
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
我想在我们的 OpenStack 环境中试用 Terraform。我尝试设置它,但它似乎只在定义以下内容时有效:
provider "openstack" {
user_name = "test"
tenant_name = "test"
password = "testpassword"
auth_url = "https://test:5000/v3/"
region = "test"
}
我可以 运行 terraform plan 没有任何问题它说:
No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, no actions need to be performed.
当我尝试添加资源时:
resource "openstack_compute_instance_v2" "test" {
name = "test_server"
image_id = "test_id123"
flavor_id = "3"
key_pair = "test"
security_groups = ["default"]
network {
name = "Default Network"
}
}
当我 运行 terraform 计划时,我现在得到
Error: Error running plan: 1 error(s) occurred: provider.openstack: Authentication failed
身份验证有效。您的 provider 部分中的内容不正确。
Terraform 在没有 resource 使用时不会验证 provider 信息。
我验证了你的发现,然后更进一步。我使用您的示例创建了两个提供程序,一个用于 AWS,一个用于 OpenStack。然后我添加了一个资源来创建一个 AWS VPC。我的 AWS 凭证是正确的。当我 运行 terraform plan 它返回了构建 VPC 的操作计划。它没有检查伪造的 OpenStack 凭据。
另一件事,一旦 provider 有一个 resource 它总是使用凭据,即使没有什么可做的。
provider "aws" {
access_key = "<redacted>"
secret_key = "<redacted>"
region = "us-east-1"
}
provider "openstack" {
user_name = "test"
tenant_name = "test"
password = "testpassword"
auth_url = "https://test:5000/v3/"
region = "test"
}
/* Create VPC */
resource "aws_vpc" "default" {
cidr_block = "10.200.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags {
Name = "testing"
}
}
生成以下输出以验证未检查 OpenStack provider:
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ aws_vpc.default
id: <computed>
arn: <computed>
assign_generated_ipv6_cidr_block: "false"
cidr_block: "10.200.0.0/16"
default_network_acl_id: <computed>
default_route_table_id: <computed>
default_security_group_id: <computed>
dhcp_options_id: <computed>
enable_classiclink: <computed>
enable_classiclink_dns_support: <computed>
enable_dns_hostnames: "true"
enable_dns_support: "true"
provider "aws" {
instance_tenancy: "default"
ipv6_association_id: <computed>
ipv6_cidr_block: <computed>
main_route_table_id: <computed>
tags.%: "1"
tags.Name: "testing"
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.