[英]Putting csvdecode in security group rule terraform
我想从变量中调用 csv function 。
这是我的安全组的 main.tf 文件
resource "aws_security_group" "names" {
count = length(var.ams_prod_sg_list)
name = var.ams_prod_sg_list[count.index].sg_name
vpc_id = module.vpc.vpc_id_sg
tags = {
Name = var.ams_prod_sg_list[count.index].sg_tags
}
}
resource "aws_security_group_rule" "sg_rule" {
count = length(var.ams_prod_sg_list)
security_group_id = "${aws_security_group.this.*.id}"
type = var.ams_prod_sg_list[count.index].sg_rules.type
protocol = var.ams_prod_sg_list[count.index].sg_rules.protocol
from_port = var.ams_prod_sg_list[count.index].sg_rules.from
to_port = var.ams_prod_sg_list[count.index].sg_rules.to
cidr_blocks = [var.ams_prod_sg_list[count.index].sg_rules.cidr_blocks]
description = var.ams_prod_sg_list[count.index].sg_rules.description
}
这是 variable.tf 文件
locals {
test = csvdecode(file("${path.module}/csv/test.csv"))
test1 = csvdecode(file("${path.module}/csv/test1.csv"))
}
variable "ams_prod_sg_list" {
description = "sg_name rules"
type = list(map(string))
default = [
{
sg_name = "test"
sg_rules = local.test
sg_tags = "sg"
},
{
sg_name = "test1"
sg_rules = local.test1
sg_tags = ""
},
]
}
当我申请 terraform 时,它显示Variables may not be used here which means we cannot use local in variable
。 而且当我直接输入 sg_rules = csvdecode(file("${path.module}/csv/test.csv")) 时,它显示Functions may not be called here
这是test.csv文件
type,protocol,from,to,cidr_blocks,description
ingress,-1,0,0,10.100.0.0/16,test
ingress,tcp,80,80,10.100.0.0/16,
我也试过把它放在变量和本地
variable "ams_prod_sg_list" {
description = "sg_name rules"
type = list(map(string))
default = null
}
locals {
default_ams_prod_sg_list = [
{
sg_name = "test"
sg_rule = "${local.test}"
sg_tags = "sg"
},
{
sg_name = "test1"
sg_rule = "${local.test1}"
sg_tags = ""
},
]
ams_prod_sg_list = var.ams_prod_sg_list != null ? var.ams_prod_sg_list : local.default_ams_prod_sg_list
}
现在收到此错误
Error: Inconsistent conditional result types
│
│ on sg-variable.tf line 46, in locals:
│ 46: ams_prod_sg_list = var.ams_prod_sg_list != null ? var.ams_prod_sg_list : local.default_ams_prod_sg_list
│ ├────────────────
│ │ local.default_ams_prod_sg_list is tuple with 2 elements
│ │ var.ams_prod_sg_list is a list of map of string, known only after apply
│
│ The true and false result expressions must have consistent types. The given
│ expressions are list of map of string and tuple, respectively.
我也试着把这个
variable "ams_prod_sg_list" {
description = "sg_name rules"
type = list(map(string))
default = null
}
locals {
default_ams_prod_sg_list = tolist([
tomap({
sg_name = "test"
sg_rule = "${local.test}"
sg_tags = "sg"
}),
tomap({
sg_name = "test1"
sg_rule = "${local.test1}"
sg_tags = ""
}),
])
ams_prod_sg_list = var.ams_prod_sg_list != null ? var.ams_prod_sg_list : local.default_ams_prod_sg_list
}
收到此错误
Error: Unsupported attribute
│
│ on security-group.tf line 91, in resource "aws_security_group_rule" "sg_rule":
│ 91: type = var.ams_prod_sg_list[count.index].sg_rules.type
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ var.ams_prod_sg_list is a list of map of string, known only after apply
│
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│
│ on security-group.tf line 92, in resource "aws_security_group_rule" "sg_rule":
│ 92: protocol = var.ams_prod_sg_list[count.index].sg_rules.protocol
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ var.ams_prod_sg_list is a list of map of string, known only after apply
│
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│
│ on security-group.tf line 93, in resource "aws_security_group_rule" "sg_rule":
│ 93: from_port = var.ams_prod_sg_list[count.index].sg_rules.from
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ var.ams_prod_sg_list is a list of map of string, known only after apply
│
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│
│ on security-group.tf line 94, in resource "aws_security_group_rule" "sg_rule":
│ 94: to_port = var.ams_prod_sg_list[count.index].sg_rules.to
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ var.ams_prod_sg_list is a list of map of string, known only after apply
│
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│
│ on security-group.tf line 95, in resource "aws_security_group_rule" "sg_rule":
│ 95: cidr_blocks = [var.ams_prod_sg_list[count.index].sg_rules.cidr_blocks]
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ var.ams_prod_sg_list is a list of map of string, known only after apply
│
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│
│ on security-group.tf line 96, in resource "aws_security_group_rule" "sg_rule":
│ 96: description = var.ams_prod_sg_list[count.index].sg_rules.description
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ var.ams_prod_sg_list is a list of map of string, known only after apply
│
│ This value does not have any attributes.
╵
╷
│ Error: Invalid function argument
│
│ on sg-variable.tf line 34, in locals:
│ 34: tomap({
│ 35: sg_name = "test"
│ 36: sg_rule = "${local.test}"
│ 37: sg_tags = "sg"
│ 38: }),
│ ├────────────────
│ │ local.test is list of object with 2 elements
│
│ Invalid value for "v" parameter: cannot convert object to map of any single
│ type.
╵
╷
│ Error: Invalid function argument
│
│ on sg-variable.tf line 39, in locals:
│ 39: tomap({
│ 40: sg_name = "test1"
│ 41: sg_rule = "${local.test1}"
│ 42: sg_tags = ""
│ 43: }),
│ ├────────────────
│ │ local.test1 is list of object with 1 element
│
│ Invalid value for "v" parameter: cannot convert object to map of any single
│ type.
变量必须在运行时完全定义。 您可以使它们“动态”。
真假结果表达式必须具有一致的类型
该错误意味着您的if
表达式具有不同的类型,这是不允许的。 要解决此问题,您可以使用以下内容:
variable "ams_prod_sg_list" {
description = "sg_name rules"
type = list(map(string))
default = []
}
locals {
default_ams_prod_sg_list = [
{
sg_name = "test"
sg_rule = "local.test"
sg_tags = "sg"
},
{
sg_name = "test1"
sg_rule = "local.test1"
sg_tags = ""
},
]
ams_prod_sg_list = length(var.ams_prod_sg_list) > 0 ? var.ams_prod_sg_list : local.default_ams_prod_sg_list
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.