[英]Terraform - Dynamic variables arguments
I feel like I've tried this a bunch of different ways but I may be a little off in terms of how I am calling these variables.我觉得我已经尝试了很多不同的方法,但在我如何调用这些变量方面我可能有点偏离。 I have the following code:
我有以下代码:
config_rule_params = {
"access_keys_rotated" = {
"input_parameters" = "{\"maxAccessKeyAge\": \"90\"}",
"maximum_execution_frequency" = "TwentyFour_Hours",
"source" = {
"owner" = "AWS",
"source_identifier" = "ACCESS_KEYS_ROTATED"
}
},
"acm_certificate_expiration_check" = {
"input_parameters" = "{\"daysToExpiration\": \"30\"}",
"maximum_execution_frequency" = "TwentyFour_Hours",
"source" = {
"owner" = "AWS",
"source_identifier" = "ACM_CERTIFICATE_EXPIRATION_CHECK"
},
"scope" = {
"compliance_resource_types" = "AWS::ACM::Certificate"
}
}
}
}
resource "aws_config_config_rule" "parameterised_config_rules" {
for_each = local.config_rule_params
name = each.key
input_parameters = each.value.input_parameters
maximum_execution_frequency = each.value.maximum_execution_frequency
dynamic "source" {
for_each = local.config_rule_params[*].source[*]
content {
owner = each.value.owner
source_identifier = each.source_identifier
}
}
dynamic "scope" {
for_each = local.config_rule_params[*].scope[*]
content {
compliance_resource_types = each.value.compliance_resource_types
}
}
}
Eventually I will have a ton of rules added under config_rule_params
and not all of them will have source
, scope
or even other parameters.最终,我将在
config_rule_params
下添加大量规则,但并非所有规则都有source
、 scope
甚至其他参数。 How can I properly call these variables when creating my resource?创建资源时如何正确调用这些变量? Currently getting the following error:
当前收到以下错误:
Error: Unsupported attribute
on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 53, in resource "aws_config_config_rule" "parameterised_config_rules":
53: for_each = local.config_rule_params[*].source[*]
This object does not have an attribute named "source".
Error: Unsupported attribute
on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 61, in resource "aws_config_config_rule" "parameterised_config_rules":
61: for_each = local.config_rule_params[*].scope[*]
This object does not have an attribute named "scope".
ERROR: Job failed: exit code 1
When you use for_each
in dynamic blocks , by default the iterator is refereed to using label of the block ( source
and scope
), rather then each
:当您在动态块中使用
for_each
时,默认情况下,迭代器被引用为使用块的 label ( source
和scope
),而不是each
:
The iterator argument (optional) sets the name of a temporary variable that represents the current element of the complex value.
迭代器参数(可选)设置表示复数值的当前元素的临时变量的名称。 If omitted, the name of the variable defaults to the label of the dynamic block ("setting" in the example above).
如果省略,则变量的名称默认为动态块的 label (上例中的“设置”)。
In your example it would be source
and scope
:在您的示例中,它将是
source
和scope
:
dynamic "source" {
for_each = local.config_rule_params[*].source[*]
content {
owner = source.value.owner
source_identifier = source.source_identifier
}
}
dynamic "scope" {
for_each = local.config_rule_params[*].scope[*]
content {
compliance_resource_types = scope.value.compliance_resource_types
}
}
You're correctly using the [*]
operator as a concise way to adapt a value that might either be null or not into a list with either zero or one elements, but there are two things to change here:您正确地使用
[*]
运算符作为一种简洁的方式来调整可能是 null 或不包含零或一个元素的列表,但这里有两件事需要更改:
dynamic
block is, by default, the name of the block you are generating.dynamic
块的迭代器符号是您正在生成的块的名称。 each
is the iterator symbol for the top-level resource itself, even inside a dynamic
block. each
是顶级资源本身的迭代器符号,即使在dynamic
块内也是如此。each.value
as part of the for_each
expression in your dynamic
block, to refer to the current element of local.config_rule_params
.each.value
作为dynamic
块中for_each
表达式的一部分,以引用local.config_rule_params
的当前元素。 Putting those together, we get something like this:把它们放在一起,我们得到这样的东西:
resource "aws_config_config_rule" "parameterised_config_rules" {
for_each = local.config_rule_params
name = each.key
input_parameters = each.value.input_parameters
maximum_execution_frequency = each.value.maximum_execution_frequency
dynamic "source" {
for_each = each.value.source[*]
content {
owner = source.value.owner
source_identifier = source.value.source_identifier
}
}
dynamic "scope" {
for_each = each.value.scope[*]
content {
compliance_resource_types = scope.value.compliance_resource_types
}
}
}
Notice that in the dynamic "source"
block the current element is source.value
, while in the dynamic "scope"
block the current element is scope.value
.请注意,在
dynamic "source"
块中,当前元素是source.value
,而在dynamic "scope"
块中,当前元素是scope.value
。 Because of that, it's valid to also use each.value
in those dynamic
blocks, and so you can refer to both levels of repetition together when building out these nested blocks.因此,在这些
dynamic
块中使用each.value
也是有效的,因此您可以在构建这些嵌套块时同时引用两个重复级别。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.