无法对齐导入的 S3 存储桶地形配置
[英]Unable to align imported S3 bucket terraform configuration
问题描述
I have imported an existing S3 bucket to my terraform state.
我已将现有的 S3 存储桶导入到我的terraform状态。
I am now trying to reverse engineer its configuration and pass it to the .tf file.我现在正在尝试对其配置进行逆向工程并将其传递给.tf文件。
Here is my file这是我的文件
resource "aws_s3_bucket" "my-bucket" {
provider = "aws.eu_west_1"
bucket = "my-bucket"
grant {
type = "Group"
permissions = ["READ_ACP", "WRITE"]
uri = "http://acs.amazonaws.com/groups/s3/LogDelivery"
}
grant {
id = "my-account-id"
type = "CanonicalUser"
permissions = ["FULL_CONTROL"]
}
Here is my terraform plan output这是我的terraform plan输出
~ aws_s3_bucket.my-bucket
acl: "" => "private"
No matter what value I use for the acl I always fail to align my tf with the existing acl configuration on the S3 bucket, eg无论我为acl使用什么值,我总是无法将我的tf与 S3 存储桶上的现有acl配置对齐,例如
resource "aws_s3_bucket" "my-bucket" {
provider = "aws.eu_west_1"
bucket = "my-bucket"
acl. = "private"
corresponding plan output:对应的plan输出:
Error: aws_s3_bucket.my-bucket: "acl": conflicts with grant
Error: aws_s3_bucket.my-bucket: "grant": conflicts with acl
and another:另一个:
resource "aws_s3_bucket" "my-bucket" {
provider = "aws.eu_west_1"
bucket = "my-bucket"
acl. = ""
resource "aws_s3_bucket" "my-bucket" {
provider = "aws.eu_west_1"
bucket = "my-bucket"
acl. = ""
so if I use no value for acl, terraform shows the acl will change from non-set to private所以如果我不使用 acl 的值, terraform显示acl将从非设置变为private
If I use any value whatsoever, I get an error.如果我使用任何值,我会收到一个错误。
Why is that?这是为什么?
1 个解决方案
解决方案1
2 2020-10-13 16:30:28
This is an observation on 0.13 but still might help:这是对 0.13 的观察,但仍可能有所帮助:
If I create a bucket using your original code (ie with no acl line), the resulting TF state file still includes a "acl": "private", attribute for the bucket.如果我使用您的原始代码(即没有 acl 行)创建存储桶,则生成的 TF 状态文件仍包含存储桶的"acl": "private",属性。 If I then add an acl="private" definition in the TF code, I also get "acl": conflicts with grant when trying to apply.如果我然后在 TF 代码中添加 acl="private" 定义,我也会得到"acl": conflicts with grant在尝试申请时"acl": conflicts with grant 。
But what's really odd is that if I delete the acl="private" definition (ie revert to your original code), and also delete the "acl": "private", attribute line from the state file, then the plan (including a refresh) shows that the bucket will be updated in place with this: + acl = "private" .但真正奇怪的是,如果我删除acl="private"定义(即恢复到您的原始代码),并且还删除状态文件中的"acl": "private",属性行,那么计划(包括refresh) 显示存储桶将使用以下内容进行更新: + acl = "private" 。 Applying this seems to work fine, but then a second apply shows that the grants have been lost and need to be reapplied.申请这似乎工作正常,但第二次申请表明赠款已丢失,需要重新申请。
So it seems to me that there's a bug in the S3 state refresh that might also affect the import, and in addition clearly removing the acl attribute from state makes it then incorrectly apply as a default overriding any grants.因此,在我看来,S3 状态刷新中存在一个错误,该错误也可能会影响导入,此外,从状态中明确删除 acl 属性会使其错误地应用为覆盖任何授权的默认值。 I think it might be worth using your code to create a new bucket, and then compare the state definitions to bring over any bits the original import missed.我认为可能值得使用您的代码创建一个新存储桶,然后比较状态定义以获取原始导入丢失的任何位。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.