![](/img/trans.png)
[英]How to use Terraform for_each resource block and count resource block
[英]How to get resource id of terraform resource inside of a for_each loop
我想使用 terraform 創建天藍色防火牆網絡規則。
我必須在我的規則集合中使用很多源 ip,所以我創建了一個 ip 組(“ipg_onpremise”)。 現在我需要從我的規則集合中引用 ip 組。 不幸的是,我不能為此使用名稱(“ipg_onpremise”),而是使用資源 ID(“/subscriptions/xx-xx-xx/resourceGroups/rg-shared/providers/Microsoft.Network/ipGroups/ipg_onpremise”)。
這是我的代碼:
# firewall.tf
resource "azurerm_firewall_network_rule_collection" "nrc_fw_shared_onprem_hub" {
name = "onprem-hub"
azure_firewall_name = azurerm_firewall.fw_shared.name
resource_group_name = azurerm_resource_group.rg_shared.name
priority = var.nrc_fw_shared_onprem_hub_rule_priority
action = var.nrc_fw_shared_onprem_hub_rule_action
dynamic "rule" {
for_each = var.nrc_fw_shared_onprem_hub_rules
content {
name = rule.value.name
description = lookup(rule.value, "description", null)
source_addresses = lookup(rule.value, "source_addresses", null)
source_ip_groups = lookup(rule.value, "source_ip_groups" , null)
destination_addresses = lookup(rule.value, "destination_addresses", null)
destination_ip_groups = lookup(rule.value, "destination_ip_groups", null)
destination_ports = lookup(rule.value, "destination_ports", null)
protocols = lookup(rule.value, "protocols", null)
}
}
}
resource "azurerm_ip_group" "ipg_onpremise" {
name = "ipg-onpremise"
location = azurerm_resource_group.rg_shared.location
resource_group_name = azurerm_resource_group.rg_shared.name
cidrs = var.ipg_onpremise_cidrs
}
# terraform.tfvars
nrc_fw_shared_onprem_hub_rules = [
{
name = "onprem->hub"
source_addresses = []
destination_addresses = ["10.0.0.0/16"]
destination_ports = ["*"]
protocols = ["Any"]
source_ip_groups = ["ipg_onpremise"]
destination_ip_groups = []
},
]
運行 terraform 時,出現以下錯誤:
azurerm_firewall_network_rule_collection.nrc_fw_shared_onprem_hub: Creating...
╷
│ Error: creating/updating Network Rule Collection "onprem-hub" in Firewall "fw_shared" (Resource Group "rg-shared"): network.AzureFirewallsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="AzureIpGroupsInvalidResourceId" Message="The resourceId ipg_onpremise is an invalid resourceId of an IpGroup." Details=[]
│
│ with azurerm_firewall_network_rule_collection.nrc_fw_shared_onprem_hub,
│ on firewall.tf line 34, in resource "azurerm_firewall_network_rule_collection" "nrc_fw_shared_onprem_hub":
│ 34: resource "azurerm_firewall_network_rule_collection" "nrc_fw_shared_onprem_hub" {
│
我已經搜索了有關如何使 id 內聯的想法,但找不到任何內容。 有人可以幫我推動正確的方向嗎?
ID 是azurerm_ip_group
的一部分。 所以你必須重構你的很多代碼:
resource "azurerm_ip_group" "ipg_onpremise" {
for_each = {for idx, val in var.nrc_fw_shared_onprem_hub_rules: idx => val}
name = each.value.name
location = azurerm_resource_group.rg_shared.location
resource_group_name = azurerm_resource_group.rg_shared.name
cidrs = var.ipg_onpremise_cidrs
}
resource "azurerm_firewall_network_rule_collection" "nrc_fw_shared_onprem_hub" {
name = "onprem-hub"
azure_firewall_name = azurerm_firewall.fw_shared.name
resource_group_name = azurerm_resource_group.rg_shared.name
priority = var.nrc_fw_shared_onprem_hub_rule_priority
action = var.nrc_fw_shared_onprem_hub_rule_action
dynamic "rule" {
for_each = var.nrc_fw_shared_onprem_hub_rules
content {
name = rule.value.name
description = lookup(rule.value, "description", null)
source_addresses = lookup(rule.value, "source_addresses", null)
source_ip_groups = azurerm_ip_group.ipg_onpremise[rule.value.name].id
destination_addresses = lookup(rule.value, "destination_addresses", null)
destination_ip_groups = lookup(rule.value, "destination_ip_groups", null)
destination_ports = lookup(rule.value, "destination_ports", null)
protocols = lookup(rule.value, "protocols", null)
}
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.