堆栈内存溢出
  繁体   English   中英

将 csvdecode 放入安全组规则 terraform

[英]Putting csvdecode in security group rule terraform

 原文  2021-05-21 05:14:08       amazon-web-services/ amazon-ec2/ terraform/ aws-security-group

问题描述

我想从变量中调用 csv function 。

这是我的安全组的 main.tf 文件

resource "aws_security_group" "names" {
  count = length(var.ams_prod_sg_list)
  name        = var.ams_prod_sg_list[count.index].sg_name
  vpc_id = module.vpc.vpc_id_sg
  tags = {
    Name = var.ams_prod_sg_list[count.index].sg_tags
  }
}

resource "aws_security_group_rule" "sg_rule" {
  count             = length(var.ams_prod_sg_list)
  security_group_id = "${aws_security_group.this.*.id}"
  type              = var.ams_prod_sg_list[count.index].sg_rules.type
  protocol          = var.ams_prod_sg_list[count.index].sg_rules.protocol
  from_port         = var.ams_prod_sg_list[count.index].sg_rules.from
  to_port           = var.ams_prod_sg_list[count.index].sg_rules.to
  cidr_blocks       = [var.ams_prod_sg_list[count.index].sg_rules.cidr_blocks]
  description       = var.ams_prod_sg_list[count.index].sg_rules.description
}

这是 variable.tf 文件

locals {
  test = csvdecode(file("${path.module}/csv/test.csv"))
  test1 = csvdecode(file("${path.module}/csv/test1.csv"))
}

variable "ams_prod_sg_list" {
  description = "sg_name rules"
  type        = list(map(string))
  default = [
    {
      sg_name = "test"
      sg_rules = local.test
      sg_tags = "sg"
    },
    {
      sg_name = "test1"
      sg_rules = local.test1
      sg_tags = ""
    },
  ]
}

当我申请 terraform 时,它显示Variables may not be used here which means we cannot use local in variable 而且当我直接输入 sg_rules = csvdecode(file("${path.module}/csv/test.csv")) 时,它显示Functions may not be called here

这是test.csv文件

type,protocol,from,to,cidr_blocks,description
ingress,-1,0,0,10.100.0.0/16,test
ingress,tcp,80,80,10.100.0.0/16,

我也试过把它放在变量和本地

variable "ams_prod_sg_list" {
  description = "sg_name rules"
  type        = list(map(string))
  default     = null
}

locals {
  default_ams_prod_sg_list = [
    {
      sg_name = "test"
      sg_rule = "${local.test}"
      sg_tags = "sg"
    },
    {
      sg_name = "test1"
      sg_rule = "${local.test1}"
      sg_tags = ""
    },
  ]

  ams_prod_sg_list = var.ams_prod_sg_list != null ? var.ams_prod_sg_list : local.default_ams_prod_sg_list
}

现在收到此错误

Error: Inconsistent conditional result types
│ 
│   on sg-variable.tf line 46, in locals:
│   46:   ams_prod_sg_list = var.ams_prod_sg_list != null ? var.ams_prod_sg_list : local.default_ams_prod_sg_list
│     ├────────────────
│     │ local.default_ams_prod_sg_list is tuple with 2 elements
│     │ var.ams_prod_sg_list is a list of map of string, known only after apply
│ 
│ The true and false result expressions must have consistent types. The given
│ expressions are list of map of string and tuple, respectively.

我也试着把这个

variable "ams_prod_sg_list" {
  description = "sg_name rules"
  type        = list(map(string))
  default     = null
}

locals {
  default_ams_prod_sg_list = tolist([
    tomap({
      sg_name = "test"
      sg_rule = "${local.test}"
      sg_tags = "sg"
    }),
    tomap({
      sg_name = "test1"
      sg_rule = "${local.test1}"
      sg_tags = ""
    }),
  ])

  ams_prod_sg_list = var.ams_prod_sg_list != null ? var.ams_prod_sg_list : local.default_ams_prod_sg_list
}

收到此错误

Error: Unsupported attribute
│ 
│   on security-group.tf line 91, in resource "aws_security_group_rule" "sg_rule":
│   91:   type              = var.ams_prod_sg_list[count.index].sg_rules.type
│     ├────────────────
│     │ count.index is a number, known only after apply
│     │ var.ams_prod_sg_list is a list of map of string, known only after apply
│ 
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│ 
│   on security-group.tf line 92, in resource "aws_security_group_rule" "sg_rule":
│   92:   protocol          = var.ams_prod_sg_list[count.index].sg_rules.protocol
│     ├────────────────
│     │ count.index is a number, known only after apply
│     │ var.ams_prod_sg_list is a list of map of string, known only after apply
│ 
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│ 
│   on security-group.tf line 93, in resource "aws_security_group_rule" "sg_rule":
│   93:   from_port         = var.ams_prod_sg_list[count.index].sg_rules.from
│     ├────────────────
│     │ count.index is a number, known only after apply
│     │ var.ams_prod_sg_list is a list of map of string, known only after apply
│ 
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│ 
│   on security-group.tf line 94, in resource "aws_security_group_rule" "sg_rule":
│   94:   to_port           = var.ams_prod_sg_list[count.index].sg_rules.to
│     ├────────────────
│     │ count.index is a number, known only after apply
│     │ var.ams_prod_sg_list is a list of map of string, known only after apply
│ 
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│ 
│   on security-group.tf line 95, in resource "aws_security_group_rule" "sg_rule":
│   95:   cidr_blocks       = [var.ams_prod_sg_list[count.index].sg_rules.cidr_blocks]
│     ├────────────────
│     │ count.index is a number, known only after apply
│     │ var.ams_prod_sg_list is a list of map of string, known only after apply
│ 
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│ 
│   on security-group.tf line 96, in resource "aws_security_group_rule" "sg_rule":
│   96:   description       = var.ams_prod_sg_list[count.index].sg_rules.description
│     ├────────────────
│     │ count.index is a number, known only after apply
│     │ var.ams_prod_sg_list is a list of map of string, known only after apply
│ 
│ This value does not have any attributes.
╵
╷
│ Error: Invalid function argument
│ 
│   on sg-variable.tf line 34, in locals:
│   34:     tomap({
│   35:       sg_name = "test"
│   36:       sg_rule = "${local.test}"
│   37:       sg_tags = "sg"
│   38:     }),
│     ├────────────────
│     │ local.test is list of object with 2 elements
│ 
│ Invalid value for "v" parameter: cannot convert object to map of any single
│ type.
╵
╷
│ Error: Invalid function argument
│ 
│   on sg-variable.tf line 39, in locals:
│   39:     tomap({
│   40:       sg_name = "test1"
│   41:       sg_rule = "${local.test1}"
│   42:       sg_tags = ""
│   43:     }),
│     ├────────────────
│     │ local.test1 is list of object with 1 element
│ 
│ Invalid value for "v" parameter: cannot convert object to map of any single
│ type.

1 个解决方案

解决方案1
 1  2021-05-21 05:23:45

变量必须在运行时完全定义 您可以使它们“动态”。

真假结果表达式必须具有一致的类型

该错误意味着您的if表达式具有不同的类型,这是不允许的。 要解决此问题,您可以使用以下内容:

variable "ams_prod_sg_list" {
  description = "sg_name rules"
  type        = list(map(string))
  default     = []
}

locals {
  default_ams_prod_sg_list = [
    {
      sg_name = "test"
      sg_rule = "local.test"
      sg_tags = "sg"
    },
    {
      sg_name = "test1"
      sg_rule = "local.test1"
      sg_tags = ""
    },
  ]

  ams_prod_sg_list = length(var.ams_prod_sg_list) > 0  ? var.ams_prod_sg_list : local.default_ams_prod_sg_list
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS 和 Terraform - 安全组中的默认出口规则 带有 Terraform 的 AWS - 安全组规则中的安全组参数 使用 terraform 将 vpc 的安全组 ID 放入列表中 如何使用 append 或删除安全组的入口/出口规则 Terraform? Terraform aws 安全组 revoke_rule_on_delete? 如何使用Terraform设置安全组规则描述? 有条件地使用 terraform 中的计数创建 aws_security_group_rule 使用 Terraform (AWS) 将安全组添加到另一个安全组的入站规则作为源 如何使用 terraform 创建允许来自任何地方的 RDP 端口的 aws 安全组规则? terraform 想在我只想向安全组添加规则时替换 ec2 实例
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM