Terraform - 动态变量 arguments

Question

I feel like I've tried this a bunch of different ways but I may be a little off in terms of how I am calling these variables.我觉得我已经尝试了很多不同的方法，但在我如何调用这些变量方面我可能有点偏离。 I have the following code:我有以下代码：

  config_rule_params = {
      "access_keys_rotated" = {
          "input_parameters" = "{\"maxAccessKeyAge\": \"90\"}",
          "maximum_execution_frequency" = "TwentyFour_Hours",
          "source" = {
              "owner" = "AWS",
              "source_identifier" = "ACCESS_KEYS_ROTATED"
          }
      },
      "acm_certificate_expiration_check" = {
          "input_parameters" = "{\"daysToExpiration\": \"30\"}",
          "maximum_execution_frequency" = "TwentyFour_Hours",
          "source" = {
              "owner" = "AWS",
              "source_identifier" = "ACM_CERTIFICATE_EXPIRATION_CHECK"
          },
          "scope" = {
              "compliance_resource_types" = "AWS::ACM::Certificate"
          }
      }
  }
}

resource "aws_config_config_rule" "parameterised_config_rules" {
    for_each                    = local.config_rule_params
    name                        = each.key
    input_parameters            = each.value.input_parameters
    maximum_execution_frequency = each.value.maximum_execution_frequency
    
    dynamic "source" {
        for_each = local.config_rule_params[*].source[*]
        content {
            owner = each.value.owner
            source_identifier = each.source_identifier
        }
    }

    dynamic "scope" {
        for_each = local.config_rule_params[*].scope[*]
        content {
            compliance_resource_types = each.value.compliance_resource_types
        }
    }
}

Eventually I will have a ton of rules added under config_rule_params and not all of them will have source , scope or even other parameters.最终，我将在config_rule_params下添加大量规则，但并非所有规则都有source 、 scope甚至其他参数。 How can I properly call these variables when creating my resource?创建资源时如何正确调用这些变量？ Currently getting the following error:当前收到以下错误：

Error: Unsupported attribute
  on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 53, in resource "aws_config_config_rule" "parameterised_config_rules":
  53:         for_each = local.config_rule_params[*].source[*]
This object does not have an attribute named "source".
Error: Unsupported attribute
  on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 61, in resource "aws_config_config_rule" "parameterised_config_rules":
  61:         for_each = local.config_rule_params[*].scope[*]
This object does not have an attribute named "scope".
ERROR: Job failed: exit code 1

Answer 1

When you use for_each in dynamic blocks , by default the iterator is refereed to using label of the block ( source and scope ), rather then each :当您在动态块中使用for_each时，默认情况下，迭代器被引用为使用块的 label （ source和scope ），而不是each ：

The iterator argument (optional) sets the name of a temporary variable that represents the current element of the complex value.迭代器参数（可选）设置表示复数值的当前元素的临时变量的名称。 If omitted, the name of the variable defaults to the label of the dynamic block ("setting" in the example above).如果省略，则变量的名称默认为动态块的 label （上例中的“设置”）。

In your example it would be source and scope :在您的示例中，它将是source和scope ：

    dynamic "source" {
        for_each = local.config_rule_params[*].source[*]
        content {
            owner = source.value.owner
            source_identifier = source.source_identifier
        }
    }

    dynamic "scope" {
        for_each = local.config_rule_params[*].scope[*]
        content {
            compliance_resource_types = scope.value.compliance_resource_types
        }
    }

Answer 2

You're correctly using the [*] operator as a concise way to adapt a value that might either be null or not into a list with either zero or one elements, but there are two things to change here:您正确地使用[*]运算符作为一种简洁的方式来调整可能是 null 或不包含零或一个元素的列表，但这里有两件事需要更改：

The iterator symbol for a dynamic block is, by default, the name of the block you are generating.默认情况下， dynamic块的迭代器符号是您正在生成的块的名称。 each is the iterator symbol for the top-level resource itself, even inside a dynamic block. each是顶级资源本身的迭代器符号，即使在dynamic块内也是如此。
As a consequence of the previous item, you can use each.value as part of the for_each expression in your dynamic block, to refer to the current element of local.config_rule_params .作为上一项的结果，您可以使用each.value作为dynamic块中for_each表达式的一部分，以引用local.config_rule_params的当前元素。

Putting those together, we get something like this:把它们放在一起，我们得到这样的东西：

resource "aws_config_config_rule" "parameterised_config_rules" {
  for_each                    = local.config_rule_params

  name                        = each.key
  input_parameters            = each.value.input_parameters
  maximum_execution_frequency = each.value.maximum_execution_frequency
    
  dynamic "source" {
    for_each = each.value.source[*]
    content {
      owner             = source.value.owner
      source_identifier = source.value.source_identifier
    }
  }

  dynamic "scope" {
    for_each = each.value.scope[*]
    content {
      compliance_resource_types = scope.value.compliance_resource_types
    }
  }
}

Notice that in the dynamic "source" block the current element is source.value , while in the dynamic "scope" block the current element is scope.value .请注意，在dynamic "source"块中，当前元素是source.value ，而在dynamic "scope"块中，当前元素是scope.value 。 Because of that, it's valid to also use each.value in those dynamic blocks, and so you can refer to both levels of repetition together when building out these nested blocks.因此，在这些dynamic块中使用each.value也是有效的，因此您可以在构建这些嵌套块时同时引用两个重复级别。

Terraform - 动态变量 arguments

问题描述

2 个解决方案

解决方案1
1 2020-12-15 21:25:32

解决方案2
1 已采纳 2020-12-16 00:55:49

Terraform - 动态变量 arguments

问题描述

2 个解决方案

解决方案1 1 2020-12-15 21:25:32

解决方案2 1 已采纳 2020-12-16 00:55:49

解决方案1
1 2020-12-15 21:25:32

解决方案2
1 已采纳 2020-12-16 00:55:49