[英]How can I leverage for_each to shorten my Terraform code?
I would like to create a set of Azure policies and add them to an initiative using Terraform.我想创建一组 Azure 策略并将它们添加到使用 Terraform 的计划中。
The way I have set up my architecture/structure however feels wrong, as I have to repeat myself over and over again.然而,我建立架构/结构的方式感觉不对,因为我必须一遍又一遍地重复自己。 There are going to be a lot more instances (like module "resource-group-policy" {}
) of my policy-module
.我的policy-module
将会有更多实例(例如module "resource-group-policy" {}
)。 Currently, I also have to add a policy_definition_reference
for each of the policy resources.目前,我还必须为每个策略资源添加一个policy_definition_reference
。
My first approach was to come up with an additional module that bundles similar instances of my policy-module
together.我的第一种方法是提出一个附加模块,将我的policy-module
的类似实例捆绑在一起。 This way my main.tf become a lot shorter and readable, however, it almost doubled my code, as I had to introduce an output var for each of my submodules to output the policies id.这样,我的 main.tf 变得更短且可读性更高,但是,它几乎使我的代码翻了一番,因为我不得不为我的每个子模块引入 output var 到 output 策略 id。
Is there a way I can leverage for example the for_each
statement to significantly shorten my terraform code?有没有办法可以利用例如for_each
语句来显着缩短我的 terraform 代码?
./policy-module/main.tf ./policy-module/main.tf
terraform {
# ...
}
resource "azurerm_policy_definition" "policy" {
# ...
}
./policy-module/output.tf ./policy-module/output.tf
output "id" {
value = azurerm_policy_definition.policy.id
}
./policy-module/variables.tf ./policy-module/variables.tf
variable "pattern" {
type = string
}
# ...
./main.tf ./main.tf
terraform {
# ...
}
provider "azurerm" {
# ...
}
resource "azurerm_policy_set_definition" "initiative" {
# ...
policy_definition_reference {
policy_definition_id = module.management-group-policy.id
}
policy_definition_reference {
policy_definition_id = module.resource-group-policy.id
}
# ...
}
module "management-group-policy" {
source = "./policy-module"
pattern = "mg-*"
type = "Microsoft.Management/managementGroups"
display_name = "Management Groups"
}
module "resource-group-policy" {
source = "./policy-module"
pattern = "rg-*"
type = "Microsoft.Resources/resourceGroups"
display_name = "Resource Groups"
}
# many more variations of modul
Start with something like this:从这样的事情开始:
module "policies" {
source = "./policy-module"
for_each = {
rg = {
pattern = "rg-*",
type = "Microsoft.Resources/resourceGroups",
display_name = "Resource Groups"
},
mg = {
pattern = "mg-*",
type = "Microsoft.Management/managementGroups",
display_name = "Management Groups"
}
}
pattern = each.value.pattern
type = each.value.type
display_name = each.value.display_name
}
Your azurerm_policy_set_definition
is actually the trickier one:您的azurerm_policy_set_definition
实际上是更棘手的一个:
resource "azurerm_policy_set_definition" "initiative" {
# ...
policy_definition_reference {
for_each = module.policies
policy_definition_id = each.key.id
}
}
I'm not 100% sure about this, have a play around but the essence being that you need to iterate again over the policies
which you created above.我对此不是 100% 确定的,可以试一试,但本质是您需要再次迭代您在上面创建的policies
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.