Terraform:如何创建具有动态和静态内容的块
Posted
技术标签:
【中文标题】Terraform:如何创建具有动态和静态内容的块【英文标题】:Terraform: How to create block with dynamic and static content 【发布时间】:2022-01-20 09:56:19 【问题描述】:对于一个资源,如何创建一个同时具有动态和静态内容的块?对于下面的示例,我的所有 azure 密钥保管库都将具有一组标准的访问策略,并且一些具有一个或多个附加策略。对于此测试密钥保管库,我想应用访问策略的动态块,以及仅添加对该密钥保管库唯一的特定策略。
我尝试了各种方法来将两者结合起来,但都没有成功。
resource "azurerm_key_vault" "key_vault-test"
name = "kv-test"
location = azurerm_resource_group.rg-webapps.location
resource_group_name = azurerm_resource_group.rg-webapps.name
sku_name = "standard"
tenant_id = data.azurerm_client_config.current.tenant_id
dynamic "access_policy"
for_each = var.keyvault_accesspolicies
content
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = access_policy.value["object_id"]
certificate_permissions = access_policy.value["certificate_permissions"]
key_permissions = access_policy.value["key_permissions"]
secret_permissions = access_policy.value["secret_permissions"]
access_policy = [
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = "<some guid>"
application_id = ""
certificate_permissions = []
key_permissions = []
secret_permissions = [
"Get"
]
storage_permissions = []
]
【问题讨论】:
【参考方案1】:您以错误的方式声明静态访问策略。访问策略后不应该有"=["
。
我尝试使用以下代码并成功添加:
provider "azurerm"
features
variable "keyvault_accesspolicies"
default=
one =
object_id="objectID1"
certificate_permissions=["Get"]
key_permissions=["Get"]
secret_permissions=["Get"]
,
second=
object_id="objectid2"
certificate_permissions=["Get","List"]
key_permissions=["Get","List"]
secret_permissions=["Get","List"]
data "azurerm_client_config" "current"
data "azurerm_resource_group" "name"
name = "ansumantest"
resource "azurerm_key_vault" "key_vault-test"
name = "ansumankvtest12"
location = data.azurerm_resource_group.name.location
resource_group_name = data.azurerm_resource_group.name.name
sku_name = "standard"
tenant_id = data.azurerm_client_config.current.tenant_id
access_policy
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
secret_permissions = ["Get"]
dynamic "access_policy"
for_each = var.keyvault_accesspolicies
content
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = access_policy.value["object_id"]
certificate_permissions = access_policy.value["certificate_permissions"]
key_permissions = access_policy.value["key_permissions"]
secret_permissions = access_policy.value["secret_permissions"]
输出:
【讨论】:
以上是关于Terraform:如何创建具有动态和静态内容的块的主要内容,如果未能解决你的问题,请参考以下文章
如何在具有分离服务器的环境中使用 GWT RPC:静态内容服务器和动态内容服务器
如何使用 terraform 创建具有访问权限和密钥的 AWS IAM 服务账户