terraform 私有端点私有 dns 区域无法填充

Question

i have following code to create private endpoint, and if provided, will be associated with a private dns zone as well, however, the private endpoint is crated ignoring private dns zone value I entered, treat it as Null resource.我有以下代码来创建私有端点，如果提供，也将与私有 dns 区域相关联，但是，私有端点是装箱的，忽略了我输入的私有 dns 区域值，将其视为 ZBBB93EF26E3C101FF11CDD21CAB 资源。 I'm not sure what went wrong inside the dynamic block我不确定动态块内出了什么问题

resource "azurerm_private_endpoint" "this" {
  name                = join("", [lookup(var.service_subresource_map, "name"), "-pvt-endpoint"])
  location            = var.location
  resource_group_name = var.resource_group_name
  subnet_id           = data.azurerm_subnet.endpoint_subnet.id
  tags                = var.tags

  private_service_connection {
    name                           = join("", [lookup(var.service_subresource_map, "name"), "-pvt-endpoint-conn"])
    private_connection_resource_id = lookup(var.service_subresource_map, "resource_id")
    subresource_names              = [lookup(var.service_subresource_map, "subresource_name")]
    is_manual_connection           = false
  }

  dynamic "private_dns_zone_group" {
    for_each = var.private_dns_zone_group[*]

    content {
      name                 = private_dns_zone_group.value.name
      private_dns_zone_ids = private_dns_zone_group.value.private_dns_zone_ids
    }
  }

the value I provided in private_dns_zone_group is this我在 private_dns_zone_group 中提供的值是这个

private_dns_zone_group = {
    name = "private-dns-zone-group"
    private_dns_zone_ids = [
      "/subscriptions/xxx/resourceGroups/rogertest/providers/Microsoft.Network/privateDnsZones/example.com",
    ]
  }

and variable is as following变量如下

variable "private_dns_zone_group" {
 
  type = object({
    name                 = string
    private_dns_zone_ids = list(string)
  })
  default = null
}

everything is deployed without error except for private dns zone association除私有 dns 区域关联外，所有内容均已正确部署

if I replace dynamic block with simple block like this如果我用这样的简单块替换动态块

private_dns_zone_group {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [
      "/subscriptions/xxx/resourceGroups/rogertest/providers/Microsoft.Network/privateDnsZones/example.com",
    ]
  }

then it works.然后它工作。

Answer 1

Depending on your service, if you want to use Private Endpoint then you will have to properly name as per the naming convention for the Private DNS Zones which can referred from this Microsoft Documentation .根据您的服务，如果您想使用私有端点，那么您必须按照私有 DNS 区域的命名约定正确命名，该区域可以参考此Microsoft Documentation 。 For example, If you are creating Private Endpoint for App Service , Storage and SQL , then your Private DNS Group will have Id's of Zones with names : ['privatelink.azurewebsites.net','privatelink.blob.core.windows.net','privatelink.database.windows.net'] .例如，如果您正在为App Service 、 Storage和SQL创建私有端点，那么您的私有 DNS 组将具有名称为： ['privatelink.azurewebsites.net','privatelink.blob.core.windows.net','privatelink.database.windows.net']的区域 ID ['privatelink.azurewebsites.net','privatelink.blob.core.windows.net','privatelink.database.windows.net'] 。

I tested the same for only app service by using your code:我使用您的代码仅对应用程序服务进行了相同的测试：

.tfvars

private_dns_zone_group = {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [
      "/subscriptions/xxxxx/resourceGroups/xxxxx/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net"
    ]
}

Main.tf

provider "azurerm" {
  features{}
}

variable "private_dns_zone_group" {
 
  type = object({
    name                 = string
    private_dns_zone_ids = list(string)
  })
  default = null
}
data "azurerm_subnet" "endpoint_subnet" {
  name                 = "default"
  virtual_network_name = "ansuman-vnet"
  resource_group_name  = "xxxxxx"
}

resource "azurerm_private_endpoint" "this" {
  name                = "appservice-pvt-endpoint"
  location            = "west us 2"
  resource_group_name = data.azurerm_subnet.endpoint_subnet.resource_group_name
  subnet_id           = data.azurerm_subnet.endpoint_subnet.id

  private_service_connection {
    name                           =  "appservice-pvt-endpoint-conn"
    private_connection_resource_id = "/subscriptions/xxxxx/resourcegroups/xxxxx/providers/Microsoft.Web/sites/ansumantestapp"
    subresource_names              = ["sites"]
    is_manual_connection           = false
  }

  dynamic "private_dns_zone_group" {
    for_each = var.private_dns_zone_group[*]

    content {
      name                 = private_dns_zone_group.value.name
      private_dns_zone_ids = private_dns_zone_group.value.private_dns_zone_ids
    }
  }
}

Output: Output：

Note:笔记：

Please make sure you have the latest versions of Azurerm Provider and Terraform .请确保您拥有最新版本的Azurerm Provider和Terraform 。
If you are still getting the error then try removing the default argument from the Private DNS group variable block:如果您仍然收到错误，请尝试从 Private DNS 组变量块中删除默认参数：
```
 variable "private_dns_zone_group" { type = object({ name = string private_dns_zone_ids = list(string) }) default = null ## remove this argument }
```

Answer 2

Finally found out the reason.. I put resource "azurerm_private_endpoint" "this" as a module, when I'm calling the module, I forgot to include private_dns_zone_group = var.private_dns_zone_group终于找到原因了..我把资源“azurerm_private_endpoint”“this”作为一个模块，当我调用模块时，我忘记包含private_dns_zone_group = var.private_dns_zone_group

so of course, it's always missing the tfvar value.... always something so simple...所以当然，它总是缺少 tfvar 值......总是那么简单......

terraform 私有端点私有 dns 区域无法填充

问题描述

2 个解决方案

解决方案1
0 2022-01-31 09:31:35

解决方案2
0 2022-01-31 22:05:01

terraform 私有端点私有 dns 区域无法填充

问题描述

2 个解决方案

解决方案1 0 2022-01-31 09:31:35

解决方案2 0 2022-01-31 22:05:01

解决方案1
0 2022-01-31 09:31:35

解决方案2
0 2022-01-31 22:05:01