[英]Terraform: ingress_with_source_security_group_id vs. computed_ingress_with_source_security_group_id
Terraform module terraform-aws-modules/security-group/aws supports two input variables. Terraform 模块terraform-aws-modules/security-group/aws支持两个输入变量。
description: List of ingress rules to create where 'source_security_group_id' is used描述:使用“source_security_group_id”创建的入口规则列表
example: ( source code )示例:( 源代码)
ingress_with_source_security_group_id = [
{
rule = "mysql-tcp"
source_security_group_id = data.aws_security_group.default.id
},
{
from_port = 10
to_port = 10
protocol = 6
description = "Service name"
source_security_group_id = data.aws_security_group.default.id
},
]
description: List of computed ingress rules to create where 'source_security_group_id' is used描述:使用“source_security_group_id”创建的计算入口规则列表
Example ( source code )示例( 源代码)
computed_ingress_with_source_security_group_id = [
{
rule = "postgresql-tcp"
source_security_group_id = module.main_sg.security_group_id
},
{
from_port = 23
to_port = 23
protocol = 6
description = "Service name"
source_security_group_id = module.main_sg.security_group_id
},
]
What's the difference between them?他们之间有什么区别?
What are computed ingress rules?什么是计算入口规则?
This is explained in Note about "value of 'count' cannot be computed" and is related to limitations of TF 0.11.这在“无法计算 'count' 的值”的注释中进行了解释,并且与 TF 0.11 的限制有关。 From the link:
从链接:
Computed values are values provided as outputs from module .
计算值是作为模块输出提供的值。 Non-computed values are all others - static values, values referenced as variable and from data-sources.
非计算值是所有其他值 - 静态值、作为变量引用的值和来自数据源的值。
When you need to specify computed value inside security group rule argument you need to specify it using an argument which starts with computed_ and provide a number of elements in the argument which starts with number_of_computed_
当您需要在安全组规则参数中指定计算值时,您需要使用以 computed_ 开头的参数来指定它,并在以 number_of_computed_ 开头的参数中提供许多元素
I get it.我得到它。
@ryan, im sure you know this by now, but for me i was confused also. @ryan,我确定你现在知道这一点,但对我来说我也很困惑。 So hopefully this helps others.
所以希望这对其他人有帮助。
Computed, seems to mean "im going to need to use output data in my group, and wont have all the data available at the time of writing the code". Computed,似乎意味着“我将需要在我的组中使用输出数据,并且在编写代码时不会拥有所有可用数据”。 Essentially, it means your going to reference module outputs for values.
本质上,这意味着您要参考模块输出的值。 Module outputs arent available until after they are ran.
模块输出在运行之前不可用。
So in this example, notice module.main_sg.security_group_id
.所以在这个例子中,注意
module.main_sg.security_group_id
。 This is the part that needs computing, because its coming from another module output.这是需要计算的部分,因为它来自另一个模块输出。 Eg it wont have that value until terraform runs, where it can then grab the output from that module.
例如,在 terraform 运行之前它不会具有该值,然后它可以从该模块中获取输出。
computed_ingress_with_source_security_group_id = [
{
rule = "postgresql-tcp"
source_security_group_id = module.main_sg.security_group_id
},
{
from_port = 23
to_port = 23
protocol = 6
description = "Service name"
source_security_group_id = module.main_sg.security_group_id
},
]
So, if you dont use computed_
here, the code breaks, beacuse it cant get the value of module.main_sg.security_group_id
.所以,如果你不在这里使用
computed_
,代码就会中断,因为它无法获取module.main_sg.security_group_id
的值。
When you have all the values available before the code runs, as in your first example, eg source_security_group_id = data.aws_security_group.default.id
then you dont need to use computed_
.当您在代码运行之前拥有所有可用值时,如您的第一个示例所示,例如
source_security_group_id = data.aws_security_group.default.id
那么您不需要使用computed_
。 This means it wont have to pass through extra functionality to resolve the values, because they are already statically specified somewhere.这意味着它不必通过额外的功能来解析这些值,因为它们已经在某处静态指定。 In this case its statically specified in a data resource, etc..
在这种情况下,它在数据资源等中静态指定。
So computed means, when terraform runs this code, it will need to wait until it gets the output data, before calculating what this security groups values will actually be, because those values are dynamic, and rely on the terraform code to run before it can see them, hence it will need to "compute" them when it runs.所以计算意味着,当 terraform 运行此代码时,它需要等到它获得输出数据,然后才能计算此安全组的值实际上是什么,因为这些值是动态的,并且依赖于 terraform 代码才能运行看到它们,因此它需要在运行时“计算”它们。
I have another example.我还有一个例子。
Here this code needs a value from another module, you cant tell that, because its grabbing that in the main.tf.在这里,这段代码需要来自另一个模块的值,你不能说,因为它在 main.tf 中获取了它。
computed_ingress_with_cidr_blocks = [{
from_port = 53
to_port = 53
protocol = "udp"
description = "Domain Name System (DNS) access"
cidr_blocks = var.priv_cidr_block
},{
...
The cidr block is taken from the vpc module. cidr 块取自 vpc 模块。
Then the egress rule is as follows那么出口规则如下
egress_with_cidr_blocks = [{
from_port = 9389
to_port = 9389
protocol = "tcp"
description = "OPEN egress, all ports, all protocols"
cidr_blocks = "0.0.0.0/0"
}]```
Notice, theres only static values in there, so no need to "compute" any values, it already is, what it is...
HTH.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.