gpt4 book ai didi

azure - 如何在 Terraform 中传递带有 secret (用户、密码)的变量

转载 作者:行者123 更新时间:2023-12-03 02:20:12 30 4
gpt4 key购买 nike

按照文档我创建了 Main.tf、Terraform.tfvars、variables.tf,

###Terraform 提供者是 Azure,我打算做什么?构建一个虚拟机并通过变量传递用户/密码以避免暴露 secret ,或者将它们写入 Main.tf 文件(我已经这样做了,并且对我来说效果很好,但不是一个好的安全实践)

###main.tf,以下是与我尝试传递给虚拟机以允许我管理它的用户/密码交互的相关内容:

resource "azurerm_network_interface" "nic_poc" {
count = 1
name = "nic_test_persistent${count.index}"
location = "North Europe"
resource_group_name = local.rg.name

ip_configuration {
name = "internal"
subnet_id = data.terraform_remote_state.my_azure_dev.outputs.org_dev.subnet.northeurope.main.subnets["dev1-XX.XXX.XXX.X_XX"].id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_windows_virtual_machine" "vm_persistent" {
count = 1
name = "vm-persistent${count.index}"
resource_group_name = local.rg.name
location = "North Europe"
size = "Standard_D4_v3"

# Here my variables for User/Password
admin_username = "var.admin_username"
admin_password = "var.admin_password"
network_interface_ids = [
element(azurerm_network_interface.nic_poc.*.id, count.index)
]

os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}

source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}

}

###terraform.tfvars,这里声明变量的值,因为它是我从几个例子中理解的(可能误解了它们)

###terrafrom.tfvars, here declaring the value for these variables:
TF_VAR_admin_username = "adminuser"
TF_VAR_admin_password = "OurP@**w0rd1998#"

###variables.tf,这里声明没有值的变量,因为不知道是否可以在这里声明以及如何声明

variable "admin_username" {
type = string
}

variable "admin_password" {
type = string
}

###错误

Error: creating Windows Virtual Machine "vm-persistent0" (Resource Group "nXXX-XXX-dev1-org-dev-XX"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameter" Message="The supplied password must be between 8-123 characters long and must satisfy at least 3 of password complexity requirements from the following:\r\n1) Contains an uppercase character\r\n2) Contains a lowercase character\r\n3) Contains a numeric digit\r\n4) Contains a special character\r\n5) Control characters are not allowed" Target="adminPassword"

当我运行我的 terraform 代码时,它提示:密码不符合小写、大写、数字、符号要求

事实并非如此,为什么?好吧,当直接在我的 Main.tf 文件中声明时,相同的密码工作得很好,但这不是一个好的做法,因为完全可见,这就是为什么我想通过变量传递它以防止它被嗅探

我错过了什么?

最佳答案

您正在使用:

admin_username      = "var.admin_username"
admin_password = "var.admin_password"

相反,你应该使用

admin_username      = var.admin_username
admin_password = var.admin_password

就像您在双引号中给出值一样,它将采用其中存在的值,如下所示:

enter image description here

<小时/>

如果您使用 .tfvars 文件来保存值,那么您应该仅声明具有该名称的变量,如下所示:

variable "TF_VAR_admin_username" {
type = string
}

variable "TF_VAR_admin_password" {
type = string
}

然后在虚拟机 block 中使用此变量,例如:

  admin_username      = var.TF_VAR_admin_username
admin_password = var.TF_VAR_admin_password

enter image description here

或者您可以直接在变量中调用它们,这样就不必在 .tfvars 文件中提及

Var.tf 文件:

variable "admin_username" {
type = string
default = "adminuser"
}

variable "admin_password" {
type = string
default = "OurP@**w0rd1998#"
}

** 我的 main.tf 文件:**

data "azurerm_resource_group" "example" {
name = "ansumantest"
}

resource "azurerm_virtual_network" "example" {
name = "example-network"
address_space = ["10.0.0.0/16"]
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
}

resource "azurerm_subnet" "example" {
name = "internal"
resource_group_name = data.azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
}

resource "azurerm_network_interface" "example" {
name = "example-nic"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name

ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
}
}

resource "azurerm_windows_virtual_machine" "vm_persistent" {
name = "vm-persistent"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
size = "Standard_D4_v3"

# Here my variables for User/Password
admin_username = var.admin_username
admin_password = var.admin_password
network_interface_ids = [azurerm_network_interface.example.id]

os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}

source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}
}

输出:

enter image description here

关于azure - 如何在 Terraform 中传递带有 secret (用户、密码)的变量,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69378722/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com