我正在使用带有 terrafrom 的 gitlabhq/gitlab
模块。
我为 gitlab 资源创建了一个单独的模块 ./terraform-modules/terraform-gitlab-project-variables-aws-iam-access-keys
terraform {
required_providers {
gitlab = {
source = "gitlabhq/gitlab"
version = "3.3.0"
}
}
}
data "gitlab_projects" "projects-name" {
search = var.projectSearch
visibility = var.projectVisibility
}
resource "aws_iam_access_key" "user" {
user = var.projectUserName
}
resource "gitlab_project_variable" "aws_access_key_user" {
project = data.gitlab_projects.projects-name.projects[0].id
key = "AWS_ACCESS_KEY_ID"
value = aws_iam_access_key.user.id
protected = var.projectAccessKeyProtected
masked = var.projectAccessKeyMasked
environment_scope = var.projectEnvironmentScope
}
resource "gitlab_project_variable" "aws_secret_key_user" {
project = data.gitlab_projects.projects-name.projects[0].id
key = "AWS_SECRET_ACCESS_KEY"
value = aws_iam_access_key.user.secret
protected = var.projectAccessSecretProtected
masked = var.projectAccessSecretMasked
environment_scope = var.projectEnvironmentScope
}
如您所见,我添加了提供者配置块,并在根模块中省略了提供者的定义。
<块引用>注意:子模块仅继承提供者配置,而不是提供者源或版本要求。每个模块必须声明自己的提供者要求。这对于非 HashiCorp 提供商尤其重要。
<块引用>配置中的每个资源都必须与一个提供程序配置相关联。与 Terraform 中的大多数其他概念不同,提供程序配置对整个 Terraform 配置是全局的,并且可以跨模块边界共享。提供程序配置只能在根 Terraform 模块中定义。
这是我的根模块,我使用的是 gitlab_projectNetwork
模块 ./project/main.tf
中的前一个模块:
provider "aws" {
access_key = var.aws_access_key_id
secret_key = var.aws_secret_access_key
region = var.aws_region
}
terraform {
required_providers {
gitlab = {
source = "gitlabhq/gitlab"
version = "3.3.0"
}
}
}
provider "gitlab" {
token = var.gitlab_token
}
terraform {
backend "http" {}
}
module "network_user" {
source = "git::https://gitlab.com/xxx/terraform-modules/terraform-aws-iam-user.git"
userName = "${var.project}-${var.env}-network"
userPath = "/infra/"
arnList = ["arn:aws:iam::${var.aws_account_id}:policy/infra/${var.project}-network-ec2-isolated-${var.env}-iam-policy"]
userTags = {
"Project": var.project,
"Environment": var.env,
"Name":"network-user"}
}
module "gitlab_projectNetwork" {
source = "git::https://gitlab.com/xxx/terraform-modules/terraform-gitlab-project-variables-aws-iam-access-keys.git"
projectUserName = module.network_user.awsIamUserName
projectSearch = "network"
projectVisibility = "private"
projectEnvironmentScope = var.env
}
当我运行脚本时出现以下错误:
2021/02/05 01:08:48 [TRACE] dag/walk: upstream of "root" errored, so skipping
Error: GET https://gitlab.com/api/v4/user: 401 {message: 401 Unauthorized}
on main.tf line 18, in provider "gitlab":
18: provider "gitlab" {
我不确定这里有什么问题,我将日志增加到 TRACE 并没有什么有趣的。我怀疑以某种方式提供程序的配置没有进一步传递给子模块。
现在,有趣的是,如果我将 provider block
添加到子模块,脚本可以正常工作。但是官方文件没有反对它吗?任何想法为什么这不起作用?