我正在使用Terraform v0.11.11。 我希望能够为openstack编写一个部署脚本,该脚本接受一个IP或ip范围或任意长度的列表,该列表要在端口22的vm中白名单,让我们说
ip_list = ["11.11.0.0/16","22.22.22.0/8", "33.33.33.33" ...]
规则是否可以正确应用?
这不起作用,
"openstack_compute_secgroup_v2" "secgroup_1" {
name = "a_cluster"
description = "some security group"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "${var.ip_list}"
}
它返回以下内容:
$ terraform apply
Error: module.openstack.openstack_compute_secgroup_v2.secgroup_1: rule.3.cidr must be a single value, not a list
但是有办法做到吗?
答案 0 :(得分:0)
我没有下面的环境可以测试。这个想法应该朝正确的方向。
您应该可以调整
resource "openstack_compute_secgroup_v2" "secgroup_1" {
count = "${length(${var.ip_list})}"
name = "a_cluster_${count.index}"
description = "some security group"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "${element(var.ip_list, count.index)}"
}
}
答案 1 :(得分:0)
如果可以升级到Terraform 0.12,请使用动态嵌套块:
与ip_list = ["11.11.0.0/16","22.22.22.0/8", "33.33.33.33" ...]
"openstack_compute_secgroup_v2" "secgroup_1" {
name = "a_cluster"
description = "some security group"
dynamic "rule" {
for_each = ${var.ip_list}
content{
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = rule
}
}
}