I have this kind of userdata.sh
(plz see below) that is used to spin up an EC2 instance. However hcl file is unable to interpret shell script variable.
I intend to set tls_disable = true
, but this part keeps getting skipped as hcl seems unable to interpret BOUNDARY_TLS_DISABLED
this variable. Any help would be greatful ! (Also I believe while using Terraform, this kind of unexpected working would happen a lot, and am curious whether Hashicorp is trying to deal with this situation)
#!/bin/bash
BOUNDARY_TLS_DISABLED=true
...
cat > /home/ubuntu/boundary-worker.hcl << EOF
listener "tcp" {
address = "$BOUNDARY_PRIVATE_IP:9202"
purpose = "proxy"
%{ if "$BOUNDARY_TLS_DISABLED" == true }
tls_disable = true
%{ else }
tls_disable = false
tls_cert_file = "$BOUNDARY_TLS_CERT_PATH"
tls_key_file = "$BOUNDARY_TLS_KEY_PATH"
%{ endif }
#proxy_protocol_behavior = "allow_authorized"
#proxy_protocol_authorized_addrs = "127.0.0.1"
}
worker {
# Name attr must be unique
public_addr = "$BOUNDARY_PUBLIC_IP"
name = "demo-worker-$BOUNDARY_NAME_SUFFIX"
description = "A default worker created for demonstration"
controllers = [
$NEW_VAR
]
}
%{ if "$BOUNDARY_KMS_TYPE" == "aws" }
kms "awskms" {
purpose = "worker-auth"
key_id = "global_root"
kms_key_id = "$BOUNDARY_KMS_WORKER_AUTH_KEY_ID"
}
%{ else }
kms "aead" {
purpose = "worker-auth"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "global_worker-auth"
}
%{ endif }
EOF
sudo mv /home/ubuntu/boundary-worker.hcl /etc/boundary-worker.hcl
...