Terraform:如何创建具有动态和静态内容的块

Posted

技术标签:

【中文标题】Terraform:如何创建具有动态和静态内容的块【英文标题】:Terraform: How to create block with dynamic and static content 【发布时间】:2022-01-20 09:56:19 【问题描述】:

对于一个资源,如何创建一个同时具有动态和静态内容的块?对于下面的示例,我的所有 azure 密钥保管库都将具有一组标准的访问策略,并且一些具有一个或多个附加策略。对于此测试密钥保管库,我想应用访问策略的动态块,以及仅添加对该密钥保管库唯一的特定策略。

我尝试了各种方法来将两者结合起来,但都没有成功。

resource "azurerm_key_vault" "key_vault-test" 
  name                   = "kv-test"
  location               = azurerm_resource_group.rg-webapps.location
  resource_group_name    = azurerm_resource_group.rg-webapps.name
  sku_name               = "standard"
  tenant_id              = data.azurerm_client_config.current.tenant_id

  dynamic "access_policy" 
    for_each = var.keyvault_accesspolicies
    content 
      tenant_id               = data.azurerm_client_config.current.tenant_id
      object_id               = access_policy.value["object_id"]
      certificate_permissions = access_policy.value["certificate_permissions"]
      key_permissions         = access_policy.value["key_permissions"]
      secret_permissions      = access_policy.value["secret_permissions"]
    
  

  access_policy = [
    
        tenant_id               = data.azurerm_client_config.current.tenant_id
        object_id               = "<some guid>"
        application_id          = ""
        certificate_permissions = []
        key_permissions         = []
        secret_permissions      = [
          "Get"
        ]
        storage_permissions     = []
    
  ]

【问题讨论】:

【参考方案1】:

您以错误的方式声明静态访问策略。访问策略后不应该有"=["

我尝试使用以下代码并成功添加:

provider "azurerm" 
  features 

variable "keyvault_accesspolicies" 
  default=
      one =
          object_id="objectID1"
          certificate_permissions=["Get"]
          key_permissions=["Get"]
          secret_permissions=["Get"]     
      ,
      second=
          object_id="objectid2"
          certificate_permissions=["Get","List"]
          key_permissions=["Get","List"]
          secret_permissions=["Get","List"]  
      
  

data "azurerm_client_config" "current" 
data "azurerm_resource_group" "name" 
    name = "ansumantest"
  

resource "azurerm_key_vault" "key_vault-test" 
  name                   = "ansumankvtest12"
  location               = data.azurerm_resource_group.name.location
  resource_group_name    = data.azurerm_resource_group.name.name
  sku_name               = "standard"
  tenant_id              = data.azurerm_client_config.current.tenant_id
  access_policy 
        tenant_id               = data.azurerm_client_config.current.tenant_id
        object_id               = data.azurerm_client_config.current.object_id
        secret_permissions      = ["Get"]
    
    dynamic "access_policy" 
    for_each = var.keyvault_accesspolicies
    content 
      tenant_id               = data.azurerm_client_config.current.tenant_id
      object_id               = access_policy.value["object_id"]
      certificate_permissions = access_policy.value["certificate_permissions"]
      key_permissions         = access_policy.value["key_permissions"]
      secret_permissions      = access_policy.value["secret_permissions"]
    


输出:

【讨论】:

以上是关于Terraform:如何创建具有动态和静态内容的块的主要内容,如果未能解决你的问题,请参考以下文章

动态/静态资源映射(Terraform)

如何在具有分离服务器的环境中使用 GWT RPC:静态内容服务器和动态内容服务器

如何使用 terraform 创建具有访问权限和密钥的 AWS IAM 服务账户

如何使具有动态或静态内容的 div 居中?

如何在 iOS 中将 UIView 添加到 UIScrollView 中(具有动态内容的视图)

如何在 terraform 中正确创建具有角色的 gcp 服务帐户