问题描述
我在 terraform 文件中配置了 AWS CodePipeline,如下所示:
I have a AWS CodePipeline configured in a terraform file, like this:
resource {
name = "Cool Pipeline"
...
stage {
name = "Source"
...
action {
name = "Source"
...
configuration {
Owner = "Me"
Repo = "<git-repo-uri>"
Branch = develop
OAuthToken = "b3287d649a28374e9283c749cc283ad74"
}
}
}
lifecycle {
ignore_changes = "OAuthToken"
}
}
忽略令牌的原因是 AWS API 没有向 terraform 显示该令牌,而是 AWS API 使用 aws codepipeline get-pipeline <name> 输出它:
The reason for ignoring the token, is that the AWS API doesn't show that token to terraform, instead AWS API outputs this with aws codepipeline get-pipeline <name>:
"pipeline": {
"stages": {
"name": "Source",
"actions": {
"configuration": {
"OAuthToken": "****"
}
}
}
}
结果是,当我执行 terraform plan时,它显示它想要更新该令牌,如下所示:
Result is, when I perform the terraform planit shows me it wants to update that token, like so:
module.modulename.aws_codepipeline.codepipeline
stage.0.action.0.configuration.%: "3" => "4"
stage.0.action.0.configuration.OAuthToken: "" => "b3287d649a28374e9283c749cc283ad74"
我的问题是,我怎样才能让 ignore_changes 生效?我试过这个没有任何成功:
My question is, how can I get the ignore_changes to take effect? I've tried this without any success:
ignore_changes = ["OAuthToken"]
ignore_changes = ["oauthtoken"]
ignore_changes = ["stage.action.configuration.OAuthToken"]
我在谷歌上搜索到的所有示例都显示了如何在同一块级别上忽略.
All examples I've found googling just shows how to ignore on the same block level.
(令牌是这个文本是假的.)
(The token is this text is fake.)
推荐答案
terraform plan 输出提示的这种语法解决了问题:
This syntax, as hinted by terraform plan output, solved the problem:
ignore_changes = [
"stage.0.action.0.configuration.OAuthToken",
"stage.0.action.0.configuration.%"
]
另一种解决方法是添加GITHUB_TOKEN系统环境变量,以token为值.这样你就不需要 tf 文件中的 ignore_changes 指令了.
Another way to solve it is to add the GITHUB_TOKEN system environment variable, with the token as the value. This way you do not need the ignore_changes directive in the tf files.
这篇关于Terraform,“忽略更改";和子块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!