[英]Terraform - Dynamic variables arguments
我觉得我已经尝试了很多不同的方法,但在我如何调用这些变量方面我可能有点偏离。 我有以下代码:
config_rule_params = {
"access_keys_rotated" = {
"input_parameters" = "{\"maxAccessKeyAge\": \"90\"}",
"maximum_execution_frequency" = "TwentyFour_Hours",
"source" = {
"owner" = "AWS",
"source_identifier" = "ACCESS_KEYS_ROTATED"
}
},
"acm_certificate_expiration_check" = {
"input_parameters" = "{\"daysToExpiration\": \"30\"}",
"maximum_execution_frequency" = "TwentyFour_Hours",
"source" = {
"owner" = "AWS",
"source_identifier" = "ACM_CERTIFICATE_EXPIRATION_CHECK"
},
"scope" = {
"compliance_resource_types" = "AWS::ACM::Certificate"
}
}
}
}
resource "aws_config_config_rule" "parameterised_config_rules" {
for_each = local.config_rule_params
name = each.key
input_parameters = each.value.input_parameters
maximum_execution_frequency = each.value.maximum_execution_frequency
dynamic "source" {
for_each = local.config_rule_params[*].source[*]
content {
owner = each.value.owner
source_identifier = each.source_identifier
}
}
dynamic "scope" {
for_each = local.config_rule_params[*].scope[*]
content {
compliance_resource_types = each.value.compliance_resource_types
}
}
}
最终,我将在config_rule_params下添加大量规则,但并非所有规则都有source 、 scope甚至其他参数。 创建资源时如何正确调用这些变量? 当前收到以下错误:
Error: Unsupported attribute
on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 53, in resource "aws_config_config_rule" "parameterised_config_rules":
53: for_each = local.config_rule_params[*].source[*]
This object does not have an attribute named "source".
Error: Unsupported attribute
on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 61, in resource "aws_config_config_rule" "parameterised_config_rules":
61: for_each = local.config_rule_params[*].scope[*]
This object does not have an attribute named "scope".
ERROR: Job failed: exit code 1
当您在动态块中使用for_each时,默认情况下,迭代器被引用为使用块的 label ( source和scope ),而不是each :
迭代器参数(可选)设置表示复数值的当前元素的临时变量的名称。 如果省略,则变量的名称默认为动态块的 label (上例中的“设置”)。
在您的示例中,它将是source和scope :
dynamic "source" {
for_each = local.config_rule_params[*].source[*]
content {
owner = source.value.owner
source_identifier = source.source_identifier
}
}
dynamic "scope" {
for_each = local.config_rule_params[*].scope[*]
content {
compliance_resource_types = scope.value.compliance_resource_types
}
}
您正确地使用[*]运算符作为一种简洁的方式来调整可能是 null 或不包含零或一个元素的列表,但这里有两件事需要更改:
dynamic块的迭代器符号是您正在生成的块的名称。 each是顶级资源本身的迭代器符号,即使在dynamic块内也是如此。each.value作为dynamic块中for_each表达式的一部分,以引用local.config_rule_params的当前元素。把它们放在一起,我们得到这样的东西:
resource "aws_config_config_rule" "parameterised_config_rules" {
for_each = local.config_rule_params
name = each.key
input_parameters = each.value.input_parameters
maximum_execution_frequency = each.value.maximum_execution_frequency
dynamic "source" {
for_each = each.value.source[*]
content {
owner = source.value.owner
source_identifier = source.value.source_identifier
}
}
dynamic "scope" {
for_each = each.value.scope[*]
content {
compliance_resource_types = scope.value.compliance_resource_types
}
}
}
请注意,在dynamic "source"块中,当前元素是source.value ,而在dynamic "scope"块中,当前元素是scope.value 。 因此,在这些dynamic块中使用each.value也是有效的,因此您可以在构建这些嵌套块时同时引用两个重复级别。
使用 shell 脚本在 json 中传递动态 terraform 变量
[英]Passing dynamic terraform variables in json using shell script
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.