我最近使用以下命令從 Terraform 11 升級到 12terraform 0.12升級命令,現在當我運行時出現以下錯誤地形驗證:
$ ~/terraform/us-west-2/app/production/db/rds $ terraform validate
Error: Unsupported attribute
on main.tf line 111, in resource "aws_rds_cluster" "app_db_production":
111: master_password = data.aws_kms_secret.app_db_production.master_password
This object has no argument, nested block, or exported attribute named
"master_password".
$ ~/terraform/us-west-2/app/production/db/rds $
有問題的配置:
data "aws_kms_secret" "app_db_production" {
secret {
name = "master_password"
payload = "2430db63c4f1479f122fb219d179afb1"
}
}
resource "aws_rds_cluster" "app_db_production" {
cluster_identifier = "app-db-production"
engine = "aurora-mysql"
database_name = "app"
port = 3306
master_username = "root"
master_password = data.aws_kms_secret.app_db_production.master_password
backup_retention_period = 7
preferred_backup_window = "02:00-03:00"
preferred_maintenance_window = "sat:03:00-sat:04:00"
storage_encrypted = true
apply_immediately = false
final_snapshot_identifier = "app-db-production-final-snapshot"
db_cluster_parameter_group_name = "app-db-production"
db_subnet_group_name = "app-db-production"
vpc_security_group_ids = [data.terraform_remote_state.app_production_db_sg.outputs.app_db_production]
lifecycle {
create_before_destroy = true
}
tags = {
Application = "db"
Environment = "production"
Platform = "app"
}
}
這在 Terraform 11 中運作得很好。
答案1
這是由 AWS 提供者而不是 Terraform CLI 的變更引起的。
具體來說,資料aws_kms_secret來源已被棄用並且僅在 Terraform 0.11 中可用(帶有棄用警告)。
要繼續,您必須遷移到較新的aws_kms_secrets資料來源。上面的連結是有關該遷移的完整文檔,但與此問題相關的部分是這個新資料來源的輸出位於名為 的物件屬性中plaintext,目的是您可以將整個映射用作除了像以前一樣提取單個值之外,如果需要,也可以使用單一值。
master_password = data.aws_kms_secrets.app_db_production.plaintext["master_password"]