[英]Terraform : Create multiple Azure Policies using for_each?
我想創建多個 Azure 策略,我不想一個接一個地創建策略。 我想使用 for_each 來定義多個 Azure 策略。 我該怎么做呢?
例如,我有以下 Azure 單獨定義的策略,應該使用 for_each 或以任何其他更好的方式創建,如 powershell https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/azure-enterprise-政策即代碼新方法/ba-p/3607843
// Deny creation of resource groups missing certain tags
resource "azurerm_policy_definition" "require-tag-owner-on-rg" {
name = "require-tag-owner-on-rg"
policy_type = "Custom"
mode = "All"
display_name = "Require tag 'owner' on resource group"
management_group_name = var.management-group-name
metadata = <<METADATA
{
"version": "1.0.0",
"category": "Custom"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"field": "tags['owner']",
"exists": "false"
}
]
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
}
// Deny creation of resource except in EastUS
resource "azurerm_policy_definition" "only-deploy-in-eastus" {
name = "only-deploy-in-eastus"
policy_type = "Custom"
mode = "All"
display_name = "only-deploy-in-eastus"
management_group_id = data.azurerm_management_group.parent-mg.id
policy_rule = <<POLICY_RULE
{
"if": {
"not": {
"field": "location",
"equals": "eastus"
}
},
"then": {
"effect": "Deny"
}
}
POLICY_RULE
}
我嘗試使用“for_each”為您的代碼在 terraform 環境中創建定義策略,詳情如下。
terraform{
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.37.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "RG" {
name = "example"
location = "EastUS"
}
resource "azurerm_policy_definition" "policy" {
for_each = {
policy1 = "Create"
policy2 = "Use"
policy3 = "New"
}
name = each.key
policy_type = "Custom"
mode = "All"
display_name = each.value
metadata = <<METADATA
{
"version": "1.0.0",
"category": "Custom"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"field": "tags['xxxxx']",
"exists": "false"
}
]
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
}
terraform init
:
terraform plan
terraform apply
:
部署后在門戶中創建:
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.