个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
27
4
我正在尝试使用下面给出的典型变量创建多个角色分配,其中“permission {}”是我想以类型映射的形式引入的新变量,因此我可以执行多个角色分配。
我的 TFVARS 文件
azure_vnets= {
prod= [
{
cidr = ["10.0.0.0/24"]
vnet_name = "vnet1"
dns = ["10.0.0.1"]
rg = "myrg1"
permission = {
Contributor = ["xxxxxxxxxxxx", "xxxxxxxxxxxxx"],
Reader = ["xxxxxxxxxxx", "xxxxxxxxxx"]
}
location = "eastus"
},
{
cidr = ["10.0.1.0/24"]
vnet_name = "vnet2"
dns = ["10.0.1.2"]
rg = "myrg2"
permission = {
Contributor = ["xxxxxxxxxxxx", "xxxxxxxxxxxxx"],
Reader = ["xxxxxxxxxxx", "xxxxxxxxxx"]
}
location = "westeurope"
}
],
nonprod = [
{
cidr = ["10.0.3.0/24"]
vnet_name = "vnet1"
dns = ["10.0.3.1"]
rg = "nonprodrg"
location = "eastus"
permission = {
Contributor = ["xxxxxxxxxxxx", "xxxxxxxxxxxxx"],
Reader = ["xxxxxxxxxxx", "xxxxxxxxxx"]
}
},
{
cidr = ["10.0.4.0/24"]
vnet_name = "nonprod-vnet2"
dns = ["10.0.4.2"]
sub = "nonProd"
rg = "mynonprodrg"
permission = {
Contributor = ["xxxxxxxxxxxx", "xxxxxxxxxxxxx"],
Reader = ["xxxxxxxxxxx", "xxxxxxxxxx"]
}
location = "westeurope"
}
]
}
我的资源创建文件我在这里定义了一个本地变量,它可以帮助我在角色分配创建中下面给出的 for_each 循环中使用上述变量。我想知道如何从上面的 TFvar 变量获取下面 for_each role_assignment 创建中的 Rolename 作为 Key 和 ObjectID 作为值
locals {
flat_azure_vnets = merge([
for env_name, env_vn_list in var.azure_vnets:
{
for idx, env_vn in env_vn_list:
"${env_name}-${idx}" => env_vn
}
]...)
}
resource "azurerm_role_assignment" "role_assignment" {
for_each = { for k, v in local.flat_azure_vnets : k => v }
scope = azurerm_resource_group.this.id
role_definition_name = each.xxx
principal_id = each.key
}
最佳答案
要迭代新的permission 属性,您必须进一步扁平化您的flat_azure_vnets。所以你可以引入flat_azure_vnets2:
locals {
flat_azure_vnets = merge([
for env_name, env_vn_list in var.azure_vnets:
{
for idx, env_vn in env_vn_list:
"${env_name}-${idx}" => env_vn
}
]...)
flat_azure_vnets2 = merge([
for key, env in local.flat_azure_vnets:
{
for cidx, contrinutor in env["permission"]["Contributor"]:
"${key}-${cidx}" => merge(
env, {
"contrinutor" = contrinutor,
"reader" = env["permission"]["Reader"][cidx]
}
)
}
]...)
}
以以下形式生成 flat_azure_vnets2(注意新的 contrinutor 和 reader 属性):
test = {
"nonprod-0-0" = {
"cidr" = [
"10.0.3.0/24",
]
"contrinutor" = "xxxxxxxxxxxx"
"dns" = [
"10.0.3.1",
]
"location" = "eastus"
"permission" = {
"Contributor" = [
"xxxxxxxxxxxx",
"xxxxxxxxxxxxx",
]
"Reader" = [
"xxxxxxxxxxx",
"xxxxxxxxxx",
]
}
"reader" = "xxxxxxxxxxx"
"rg" = "nonprodrg"
"vnet_name" = "vnet1"
}
"nonprod-0-1" = {
"cidr" = [
"10.0.3.0/24",
]
"contrinutor" = "xxxxxxxxxxxxx"
"dns" = [
"10.0.3.1",
]
"location" = "eastus"
"permission" = {
"Contributor" = [
"xxxxxxxxxxxx",
"xxxxxxxxxxxxx",
]
"Reader" = [
"xxxxxxxxxxx",
"xxxxxxxxxx",
]
}
"reader" = "xxxxxxxxxx"
"rg" = "nonprodrg"
"vnet_name" = "vnet1"
}
"nonprod-1-0" = {
"cidr" = [
"10.0.4.0/24",
]
"contrinutor" = "xxxxxxxxxxxx"
"dns" = [
"10.0.4.2",
]
"location" = "westeurope"
"permission" = {
"Contributor" = [
"xxxxxxxxxxxx",
"xxxxxxxxxxxxx",
]
"Reader" = [
"xxxxxxxxxxx",
"xxxxxxxxxx",
]
}
"reader" = "xxxxxxxxxxx"
"rg" = "mynonprodrg"
"sub" = "nonProd"
"vnet_name" = "nonprod-vnet2"
}
"nonprod-1-1" = {
"cidr" = [
"10.0.4.0/24",
]
"contrinutor" = "xxxxxxxxxxxxx"
"dns" = [
"10.0.4.2",
]
"location" = "westeurope"
"permission" = {
"Contributor" = [
"xxxxxxxxxxxx",
"xxxxxxxxxxxxx",
]
"Reader" = [
"xxxxxxxxxxx",
"xxxxxxxxxx",
]
}
"reader" = "xxxxxxxxxx"
"rg" = "mynonprodrg"
"sub" = "nonProd"
"vnet_name" = "nonprod-vnet2"
}
"prod-0-0" = {
"cidr" = [
"10.0.0.0/24",
]
"contrinutor" = "xxxxxxxxxxxx"
"dns" = [
"10.0.0.1",
]
"location" = "eastus"
"permission" = {
"Contributor" = [
"xxxxxxxxxxxx",
"xxxxxxxxxxxxx",
]
"Reader" = [
"xxxxxxxxxxx",
"xxxxxxxxxx",
]
}
"reader" = "xxxxxxxxxxx"
"rg" = "myrg1"
"vnet_name" = "vnet1"
}
"prod-0-1" = {
"cidr" = [
"10.0.0.0/24",
]
"contrinutor" = "xxxxxxxxxxxxx"
"dns" = [
"10.0.0.1",
]
"location" = "eastus"
"permission" = {
"Contributor" = [
"xxxxxxxxxxxx",
"xxxxxxxxxxxxx",
]
"Reader" = [
"xxxxxxxxxxx",
"xxxxxxxxxx",
]
}
"reader" = "xxxxxxxxxx"
"rg" = "myrg1"
"vnet_name" = "vnet1"
}
"prod-1-0" = {
"cidr" = [
"10.0.1.0/24",
]
"contrinutor" = "xxxxxxxxxxxx"
"dns" = [
"10.0.1.2",
]
"location" = "westeurope"
"permission" = {
"Contributor" = [
"xxxxxxxxxxxx",
"xxxxxxxxxxxxx",
]
"Reader" = [
"xxxxxxxxxxx",
"xxxxxxxxxx",
]
}
"reader" = "xxxxxxxxxxx"
"rg" = "myrg2"
"vnet_name" = "vnet2"
}
"prod-1-1" = {
"cidr" = [
"10.0.1.0/24",
]
"contrinutor" = "xxxxxxxxxxxxx"
"dns" = [
"10.0.1.2",
]
"location" = "westeurope"
"permission" = {
"Contributor" = [
"xxxxxxxxxxxx",
"xxxxxxxxxxxxx",
]
"Reader" = [
"xxxxxxxxxxx",
"xxxxxxxxxx",
]
}
"reader" = "xxxxxxxxxx"
"rg" = "myrg2"
"vnet_name" = "vnet2"
}
}
关于azure - 根据输入在 Terraform 中动态创建角色分配,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71197656/
27
4
0
有什么方法可以将 Terraform 模板输出用于另一个 Terraform 模板的输入? 例如:我有一个创建 ELB 的 Terraform 模板,我有另一个 Terraform 模板,它将创建一个
我正在使用 Terraform 在 Azure 中设置虚拟网络。 我有几个 VNet,每个 VNet 都有自己的网络安全组 100% 在 Terraform 中管理,在运行 Terraform 之前不
resources and data sources在 terraform 文档中 link ,谁能解释一下它们的区别以及可以使用它们的示例场景 最佳答案 Data Sources :允许 Terra
terraform plan 等命令如何知道/决定使用哪些文件? -help 显示了一个 DIR-OR-PLAN 参数,但没有显示如何使用它: $ terraform -help plan Usage
我在尝试运行使用 terraform lock 的 terraform 脚本时收到以下错误消息。 *Acquiring state lock. This may take a few moments.
我想简化这样的构造 variable "google" { type = object({ project = string region = string
这是一个场景 - 您开发用于研发组织的 terraform 模块。它们已经被一两个微服务使用,转化为十几个 pod。您确定了重构机会,例如将某些功能提取到其自己的 terraform 模块中。很好,但
Terraform 是否支持条件属性?我只想根据变量的值使用属性。 例子: resource "aws_ebs_volume" "my_volume" { availability_zone =
我想将此作为功能请求发布,但我想在发布之前看看是否有其他人找到了一些聪明的方法。或者也许 Hashicorp 的某个人可以告诉我这将是 future 的一个功能 在运行 terraform apply
我在 terraform 的变量插值中遇到了麻烦。这是我的 terraform 配置的样子。即内置函数内的变量 variable "key" {} ssh_keys { pat
运行 terraform 并等待需要很长时间。 所以我想运行它来排除需要最长执行时间的 rds 或者我只想运行 ec2 资源。 有没有办法在 terraform 中做这样的事情? 最佳答案 您可以使用
terraform 是否提供这样的功能来覆盖变量值?假设我已经声明了下面给出的两个变量。 variable "foo" {} variable "bar" { default = "false"} f
我正在为 Terraform Associate Certification 做准备考试。我在 Udemy 上进行了一次练习考试,并收到了一个关于自动安装社区提供程序的问题。但是,根据实际 terra
我有很多使用 Terraform 的 gcp-provider 用 Terraform 0.11 编写的 Terraform 模块,并希望将其升级到 Terraform 0.12。 为此,我需要保留系
我的项目有 2 个存储库。静态网站和服务器。我希望网站由 cloudfront 和 s3 托管,服务器在 elasticbeanstalk 上。我知道这些资源至少需要了解 Route53 资源才能在同
我能有这样的资源吗 resource "foo" "bar.baz"{ ... } 或者以后 . 会把我搞砸吗?特别是,是否允许这样做: resource "foo" "other"{ ...
我能有这样的资源吗 resource "foo" "bar.baz"{ ... } 或者以后 . 会把我搞砸吗?特别是,是否允许这样做: resource "foo" "other"{ ...
运行时terraform init使用 Terraform 时 0.11.3我们收到以下错误: Initializing provider plugins... - Checking for avai
我正在尝试将项目的 CLI 工作区迁移到 Terraform Cloud。我正在使用 Terraform 版本 0.14.8 并遵循官方指南 here . $ terraform0.14.8 work
尝试在Azure Pipeline中将terraform init作为任务运行时,错误指出 spawn C:\hostedtoolcache\windows\terraform\0.12.7\x64\
我是一名优秀的程序员,十分优秀!