如何使用 terraform 的 helm_release 资源将字符串列表设置为 yaml 文件中的键值

问题描述 投票:0回答:1

该代码用于修补 argocd 配置映射以添加 SSO 身份验证。

resource "helm_release" "argocd" {
  name             = "argocd"
  create_namespace = "true"
  chart            = "argo-cd"
  namespace        = "argocd"
  version          = "5.16.9"
  repository       = "https://argoproj.github.io/argo-helm"

  set {
    name = "configs.cm.url"
    value = "https://cypherphage.com"
  }

  set {
    name = "server.config.oidc\\.config"
    value = yamlencode({
        "name" = "Onelogin"
        "issuer" = "https://example.onelogin"
        "clientID" = "82348237984732927493928"
        "clientSecret" = "hjsadjdhg38q7eaw"
        "requestedScopes" = "['openid', 'profile', 'email', 'groups']"
    })
  }
}

argocd-cm 配置映射 yaml 文件应如下所示(重点关注末尾的 requestsScopes 键)->

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
  labels:
    app.kubernetes.io/part-of: argocd
data:
  url: https://<argocd.myproject.com>
  oidc.config: |
    name: OneLogin
    issuer: https://<subdomain>.onelogin.com/oidc/2
    clientID: aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaaaaaaaa
    clientSecret: abcdef123456

    # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
    requestedScopes: ["openid", "profile", "email", "groups"]

但我似乎无法创建 yaml 文件,其中键“requestedScopes”的值位于单行中,例如

requestedScopes: ["openid", "profile", "email", "groups"]

我能达到的最好成绩是:

requestedScopes: 
  - openid 
  - profile
  - email

我尝试过的:

"requestedScopes" = "['openid', 'profile', 'email', 'groups']"
"requestedScopes" = "[\"openid\", \"profile\", \"email\", \"groups\"]"

我遇到的错误:

helm_release.argocd: Modifying... [id=argocd]
╷
│ Error: failed parsing key "server.config.oidc\\.config" with value "clientID": "82348237984732927493928"
│ "clientSecret": "hjsadjdhg38q7eaw"
│ "issuer": "https://example.onelogin"
│ "name": "Onelogin"
│ "requestedScopes": "['openid', 'profile', 'email', 'groups']"
│ , key " 'profile'" has no value (cannot end with ,)
│ 
│   with helm_release.argocd,
│   on main.tf line 38, in resource "helm_release" "argocd":
│   38: resource "helm_release" "argocd" {

╷
│ Error: failed parsing key "server.config.oidc\\.config" with value "clientID": "82348237984732927493928"
│ "clientSecret": "hjsadjdhg38q7eaw"
│ "issuer": "https://example.onelogin"
│ "name": "Onelogin"
│ "requestedScopes": "[\"openid\", \"profile\", \"email\", \"groups\"]"
│ , key " \"profile\"" has no value (cannot end with ,)
│ 
│   with helm_release.argocd,
│   on main.tf line 26, in resource "helm_release" "argocd":
│   26: resource "helm_release" "argocd" {
terraform kubernetes-helm argocd onelogin
1个回答
0
投票

有点晚了,但这就是我的做法,只需将其全部作为字符串提供

 set_sensitive {
    name  = "server.config.oidc\\.config"
    type  = "string"
    value = <<-YAML
      name: xx
      issuer: ${var.sso_oidc_issuer_url}
      clientID: ${var.sso_oidc_client_id}
      clientSecret: ${var.sso_oidc_client_secret}
      requestedScopes:
        - openid
        - profile
        - email
        - xx
    YAML
  }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.