[英]Handling Openstack provider credentials in Terraform without vault
Is there any option available for handling Openstack provider credentials in Terraform similar to the one exists in AWS provider like Environment variables .是否有任何选项可用于处理 Terraform 中的 Openstack 提供商凭证,类似于 AWS 提供商中存在的凭证,如Environment variables 。
My Usecase:我的用例:
As part of the POC, I would be invoking the terraform apply
command from my python app in which I am planning to define the Openstack credentials as environment variables and unset the same once execution completed.作为 POC 的一部分,我将从我的 python 应用程序调用
terraform apply
命令,我计划在其中将 Openstack 凭据定义为环境变量,并在执行完成后取消设置。 By this I can avoid storing the credentials in files as well the vault/consul complexity.通过这种方式,我可以避免将凭据存储在文件中以及保管库/领事的复杂性。
Please clarify, thanks.请说明,谢谢。
There are several ways of solving this. 有几种解决方法。 I would recommend doing this from a Vault.
我建议从保险柜中进行此操作。 But if you really do not want to do that, you could use Terraform input variables and use environment variables there.
但是,如果您真的不想这样做,则可以使用Terraform输入变量并在其中使用环境变量。
Like this: terraform apply -var "osuser=${ENV_VAR}"
像这样:
terraform apply -var "osuser=${ENV_VAR}"
Or specifically for the OpenStack Provider in Terraform you can use the Environment Variables that are documented here: https://www.terraform.io/docs/providers/openstack/ 或专门针对Terraform中的OpenStack提供程序,您可以使用此处记录的环境变量: https : //www.terraform.io/docs/providers/openstack/
From documentation: 从文档:
auth_url - (Optional; required if cloud is not specified) The Identity authentication URL.
auth_url-(可选;如果未指定云,则为必需)身份验证URL。 If omitted, the OS_AUTH_URL environment variable is used.
如果省略,则使用OS_AUTH_URL环境变量。
These environment variables are usually provided to you in the openstack GUI as well. 这些环境变量通常也在openstack GUI中也提供给您。
You can also prompt the user for these things, as I mentioned in https://github.com/hashicorp/terraform/issues/13022#issuecomment-819658436 :您还可以提示用户这些事情,正如我在https://github.com/hashicorp/terraform/issues/13022#issuecomment-819658436中提到的:
# You can set other TF variables in here as well.
echo "Please enter the outgoing e-mail account's password: "
read -sr TF_VAR_smtp_password_unquoted
export TF_VAR_smtp_password="\"$TF_VAR_smtp_password_unquoted\""
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.