How to call a variable of string with spaces in a terraform provisioner?

0
votes

I am trying to run terraform provisioner which is calling my ansible playbook , now I am passing public key as a variable from user . When passing public key it doesnt take the entire key and just ssh-rsa , but not a complete string. I want to pass the complete string as "ssh-rsa Aghdgdhfghjfdh"

The provisioner in terraform which I am running is :

resource "null_resource" "bastion_user_provisioner" {
  provisioner "local-exec" {
    command = "sleep 30 && ansible-playbook ../../../../ansible/create-user.yml --private-key ${path.module}/${var.project_name}.pem -vvv -u ubuntu -e 'username=${var.username}' -e 'user_key=${var.user_key}' -i ${var.bastion_public_ip}, -e 'root_shell=/bin/rbash' -e 'raw_password=${random_string.bastion_password.result}'"
  }
}

If i run playbook alone as:

ansible-playbook -i localhost create-user.yml --user=ubuntu --private-key=kkk000.pem -e "username=kkkkk" -e 'user_key='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+GWlljlLzW6DOEo"' -e root_shell="/bin/bash"

it works, But I want the string to be in a terraform variable which is passed in provisioner.

I want to have key copied to a file as 

ssh-rsa AWRDkj;jfdljdfldkf'sd.......

and not just

ssh-rsa
1
ansibleterraformprovisioning
Your quoting looks broken but otherwise that should be fine. However this is not a good way of doing things and you should think about how you provide these files to the Ansible roles instead of trying to pass it as a string on the command line like that.ydaetskcoR

1 Answers

0
votes

You are getting bitten by the -e key=value splitting that goes on with the command-line --extra-args interpretation [citation]. What you really want is to feed -e some JSON text, to stop it from trying to split on whitespace. That will also come in handy for sufficiently complicated random string passwords, which would otherwise produce a very bad outcome when trying to pass them on the command-line.

Thankfully, there is a jsonencode() function that will help you with that problem:

resource "null_resource" "bastion_user_provisioner" {
  provisioner "local-exec" {
    command = <<SH
set -e
sleep 30
ansible -vvv -i localhost, -c local -e '${jsonencode({
   "username"="${var.username}",
   "user_key"="${var.user_key}",
   "raw_password"="${random_string.bastion_password.result}",
})}' -m debug -a var=vars all
SH
  }
}