3

I have this kind of userdata.sh (plz see below) that is used to spin up an EC2 instance. However, hcl file is unable to interpret the shell script variable.

I intend to set tls_disable = true, but this part keeps getting skipped as hcl seems unable to interpret BOUNDARY_TLS_DISABLED this variable. Any help would be grateful !

#!/bin/bash

BOUNDARY_TLS_DISABLED=true
...

cat > /home/ubuntu/boundary-worker.hcl << EOF
listener "tcp" {
  address = "$BOUNDARY_PRIVATE_IP:9202"
    purpose = "proxy"
%{ if "$BOUNDARY_TLS_DISABLED" == true }
    tls_disable                       = true
%{ else }
  tls_disable   = false
  tls_cert_file = "$BOUNDARY_TLS_CERT_PATH"  
  tls_key_file  = "$BOUNDARY_TLS_KEY_PATH"
%{ endif }

    #proxy_protocol_behavior = "allow_authorized"
    #proxy_protocol_authorized_addrs = "127.0.0.1"
}

worker {
  # Name attr must be unique
    public_addr = "$BOUNDARY_PUBLIC_IP"
    name = "demo-worker-$BOUNDARY_NAME_SUFFIX"
    description = "A default worker created for demonstration"
    controllers = [
    $NEW_VAR
  ]
}

%{ if "$BOUNDARY_KMS_TYPE" == "aws" }
kms "awskms" {
    purpose    = "worker-auth"
    key_id     = "global_root"
  kms_key_id = "$BOUNDARY_KMS_WORKER_AUTH_KEY_ID"
}
%{ else }
kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}
%{ endif }
EOF

sudo mv /home/ubuntu/boundary-worker.hcl /etc/boundary-worker.hcl
Fahim Uz Zaman
  • 444
  • 3
  • 6
Piljae Chae
  • 987
  • 10
  • 23
  • 2
    Is this just a repost of https://stackoverflow.com/q/65112909/2291321? To be clear you should either be explaining how they are different or you should close/delete the old one in favour of a new question that fixes any specific issues in your old question, or better yet editing the old question instead. – ydaetskcoR Dec 03 '20 at 11:54
  • @ydaetskcoR It's similar, and I found the solution to my prior question. This question is a more detailed question. Thanks for your advice, and I'll close the prior question ! – Piljae Chae Dec 03 '20 at 14:43
  • 1
    You seem to be confusing the templating syntax here. The `%{}` bits are only seen by the template but you seem to be setting the `BOUNDARY_TLS_DISABLED` as a shell variable further up the script, not a Terraform variable that it can use. For this to be answered usefully you'd need to edit your question to include a [mcve] that exhibits the same behaviour, making it as simple as possible an example but still complete. Right now it's tricky to follow for anyone to be able to provide a good answer. – ydaetskcoR Dec 03 '20 at 15:54
  • 1
    @ydaetskcoR Sure! I'll return with an edit. – Piljae Chae Dec 04 '20 at 01:44

0 Answers0