Max length userData

[hashibot]

This issue was originally opened by @andrejvanderzee as hashicorp/terraform#16493. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Hi there,

I am encountering this issue when using ignition_file when copying encrypted PKI assets.

Error: Error applying plan:

1 error(s) occurred:

• module.kubernetes.module.masters.aws_launch_configuration.master_conf: 1 error(s) occurred:

• aws_launch_configuration.master_conf: Error creating launch configuration: ValidationError: 1 validation error detected: Value 'XXXXXXXXX' at 'userData' failed to satisfy constraint: Member must have length less than or equal to 21847
  status code: 400, request id: 82919b36-bd60-11e7-8156-e1805ec22de2

$ terraform version
Terraform v0.10.8

This is one of the failing configs:

data "ignition_systemd_unit" "pki_decrypt" {

  name   = "decrypt-pki.service"
  enabled = true

  content = <<EOF
[Unit]
Description=decrypt pki assets
Before=kubelet.service
After=network.service

[Service]
Restart=on-failure
RemainAfterExit=yes
ExecStartPre=/usr/bin/rkt run \
  --uuid-file-save=/var/run/coreos/decrypt-pki.uuid \
  --volume=ssl,kind=host,source=/etc/kubernetes/ssl,readOnly=false \
  --mount=volume=ssl,target=/etc/kubernetes/ssl \
  --volume=dns,kind=host,source=/etc/resolv.conf,readOnly=true \
  --mount volume=dns,target=/etc/resolv.conf \
  --net=host \
  --trust-keys-from-https \
  ${var.awscli_rkt_image} --exec=/bin/bash -- \
    -ec \
    'echo Decrypting PKI assets; \
     shopt -s nullglob; \
     for encKey in /etc/kubernetes/ssl/*.pem.enc; do \
     echo Decrypting $encKey; \
     /usr/bin/aws \
       --region ${var.kms_region} kms decrypt \
       --ciphertext-blob fileb://$encKey \
       --output text \
       --query Plaintext \
     | base64 -d > $$$${encKey%.enc}; \
     done; \
     echo done.'
ExecStart=-/usr/bin/rkt rm --uuid-file=/var/run/coreos/decrypt-assets.uuid

[Install]
RequiredBy=kubelet.service
EOF
}

data "ignition_file" "pki_ca" {

	filesystem = "root"
	mode       = 0644
	path = "/etc/kubernetes/ssl/ca.pem.enc"

	content { 
		mime = "application/base64"
		content = "${var.pki_ca}"
	}
}

data "ignition_file" "pki_apiserver" {

	filesystem = "root"
	mode       = 0644
	path = "/etc/kubernetes/ssl/apiserver.pem.enc"

	content { 
		mime = "application/base64"
		content = "${var.pki_apiserver}"
	}
}

data "ignition_file" "pki_apiserver_key" {

	filesystem = "root"
	mode       = 0644
	path = "/etc/kubernetes/ssl/apiserver-key.pem.enc"

	content { 
		mime = "application/base64"
		content = "${var.pki_apiserver_key}"
	}
}