GCP范围的Terraform变量

Question

我想为各种GCP范围创建一个变量，然后在创建GCP计算实例时使用该变量（范围）。

https://cloud.google.com/sdk/gcloud/reference/alpha/compute/instances/set-scopes#--scopes

换句话说，我想避免在制作每个新实例时不得不写出这么长的URL。用Terraform做到这一点的最佳方法是什么？

service_account {

        scopes               = ["https://www.googleapis.com/auth/devstorage.read_only",
                                "https://www.googleapis.com/auth/logging.write",
                                "https://www.googleapis.com/auth/monitoring.write",
                                "https://www.googleapis.com/auth/pubsub",
                                "https://www.googleapis.com/auth/service.management.readonly",
                                "https://www.googleapis.com/auth/servicecontrol",
                                "https://www.googleapis.com/auth/trace.append",
                                "https://www.googleapis.com/auth/cloud-platform",
                                "https://www.googleapis.com/auth/cloud-platform.read-only",
                                "https://www.googleapis.com/auth/cloudplatformprojects",
                                "https://www.googleapis.com/auth/cloudplatformprojects.readonly"]

    }

terraform --version Terraform v0.12.12 + provider.google v2.17.0

Answer 1

假设Terraform为0.12.x，您可以使用列表类型变量（参考：https://www.terraform.io/docs/configuration/variables.html）

在main.tf（或您使用的任何Terraform文件）中：

variable "account_scopes" {
    default = []
    type = list(string)
    description = "List of service account scopes"
}

resource "google_compute_instance" "default" {
    name         = "Hostname"
    machine_type = "n1-standard-2"
    zone         = "us-central1-b"

    boot_disk {
        initialize_params {
            image = "projects/centos-cloud/global/images/centos-8-v20191018"
        }
    }

    scratch_disk {
    }

    network_interface {
        network = "default"
    }

    service_account {
        scopes = var.account_scopes
    }
}

terraform.auto.tfvars

account_scopes = [
                  "https://www.googleapis.com/auth/devstorage.read_only",
                  "https://www.googleapis.com/auth/logging.write",
                  "https://www.googleapis.com/auth/monitoring.write",
                  "https://www.googleapis.com/auth/pubsub",
                  "https://www.googleapis.com/auth/service.management.readonly",
                  "https://www.googleapis.com/auth/servicecontrol",
                  "https://www.googleapis.com/auth/trace.append",
                  "https://www.googleapis.com/auth/cloud-platform",
                  "https://www.googleapis.com/auth/cloud-platform.read-only",
                  "https://www.googleapis.com/auth/cloudplatformprojects",
                  "https://www.googleapis.com/auth/cloudplatformprojects.readonly"
                  ]