带嵌套地图的地形嵌套动态块

时间:2020-06-05 17:45:01

标签: dictionary dynamic terraform

我正在尝试使用tf 0.12.x新的动态功能来处理嵌套地图,配置如下。

正如您在下面看到的(对此进行了简化),我正在定义所有变量,并添加包含地图的变量required_resource_access。

我希望使用新的动态功能来在嵌套的动态块中读取此地图。



variable prefix {
 description = "Prefix to applied to all top level resources"
 default = "abx"
}

variable suffix {
  description = "Suffix to applied to all valid top level resources, usually this is 2 letter region code such as we (westeurope), ne (northeurope)."
  default = "we"
}

variable env {
  description = "3 letter environment code appied to all top level resources"
  default = "dev"
}

variable location {
  description = "Where to create all resources in Azure"
  default = "westeurope"
}

variable available_to_other_tenants {
  default = false
}

variable oauth2_allow_implicit_flow {
  default = true
}

variable public_client {
  default = false
}

# other option is native
variable application_type {
  default = "webapp/api"
}

variable required_resource_access {
    type = list(object({
        resource_app_id = string
        resource_access = object({
            id = string
            type = string
        })
    }))

    default =   [{
    resource_app_id = "00000003-0000-0000-c000-000000000000"
    resource_access = {
      id   = "7ab1d382-f21e-4acd-a863-ba3e13f7da61"
      type = "Role"
    }
  }]
}

variable  reply_urls {
  default =  []
}

variable group_membership_claims {
  default = "All"
}


resource "azuread_application" "bootstrap" {
  name                       = "${var.prefix}-${var.env}-spn"
  homepage                   = "http://${var.prefix}-${var.env}-spn"
  identifier_uris            = ["http://${var.prefix}-${var.env}-spn"]
  reply_urls                 = var.reply_urls
  available_to_other_tenants = var.available_to_other_tenants
  oauth2_allow_implicit_flow = var.oauth2_allow_implicit_flow
  type                       = var.application_type
  group_membership_claims    = var.group_membership_claims

  dynamic "required_resource_access" {

    for_each = var.required_resource_access
    content {
      resource_app_id = required_resource_access.value["resource_app_id"]

      dynamic "resource_access" {

        for_each = required_resource_access.value["resource_access"]
        content {
          id   = resource_access.value["id"]
          type = resource_access.value["type"]
        }
      }
    }
  }
}

但是由于我所不知道的原因,它不断给我这个错误(请注意它也把它翻了两次),我尝试了其他一些选择,但这是我设法达到的最接近的选择,至少会给我一个有意义的错误。

------------------------------------------------------------------------

Error: Invalid index

  on pe_kubernetes.tf line 24, in resource "azuread_application" "bootstrap":
  24:           id   = resource_access.value["id"]
    |----------------
    | resource_access.value is "7ab1d382-f21e-4acd-a863-ba3e13f7da61"

This value does not have any indices.


Error: Invalid index

  on pe_kubernetes.tf line 24, in resource "azuread_application" "bootstrap":
  24:           id   = resource_access.value["id"]
    |----------------
    | resource_access.value is "Role"

This value does not have any indices.


Error: Invalid index

  on pe_kubernetes.tf line 25, in resource "azuread_application" "bootstrap":
  25:           type = resource_access.value["type"]
    |----------------
    | resource_access.value is "7ab1d382-f21e-4acd-a863-ba3e13f7da61"

This value does not have any indices.


Error: Invalid index

  on pe_kubernetes.tf line 25, in resource "azuread_application" "bootstrap":
  25:           type = resource_access.value["type"]
    |----------------
    | resource_access.value is "Role"

This value does not have any indices.

花了2天的大部分时间没有运气,因此将不胜感激任何帮助或指点!

1 个答案:

答案 0 :(得分:3)

我有一些时间来测试我的评论...
如果我将resource_access更改为列表,则可以使用。
参见下面的代码:

variable required_resource_access {
  type = list(object({
    resource_app_id = string
    resource_access = list(object({
      id   = string
      type = string
    }))
  }))

  default = [{
    resource_app_id = "00000003-0000-0000-c000-000000000000"
    resource_access = [{
      id   = "7ab1d382-f21e-4acd-a863-ba3e13f7da61"
      type = "Role"
    }]
  }]
}

resource "azuread_application" "bootstrap" {
  name                       = "test"
  type                       = "webapp/api"
  group_membership_claims    = "All"

  dynamic "required_resource_access" {
    for_each = var.required_resource_access
    content {
      resource_app_id = required_resource_access.value["resource_app_id"]

      dynamic "resource_access" {
        for_each = required_resource_access.value["resource_access"]
        content {
          id   = resource_access.value["id"]
          type = resource_access.value["type"]
        }
      }
    }
  }
}

该计划显示:

Terraform will perform the following actions:

  # azuread_application.bootstrap will be created
  + resource "azuread_application" "bootstrap" {
      + application_id             = (known after apply)
      + available_to_other_tenants = false
      + group_membership_claims    = "All"
      + homepage                   = (known after apply)
      + id                         = (known after apply)
      + identifier_uris            = (known after apply)
      + name                       = "test"
      + oauth2_allow_implicit_flow = true
      + object_id                  = (known after apply)
      + owners                     = (known after apply)
      + public_client              = (known after apply)
      + reply_urls                 = (known after apply)
      + type                       = "webapp/api"

      + oauth2_permissions {
          + admin_consent_description  = (known after apply)
          ...
        }

      + required_resource_access {
          + resource_app_id = "00000003-0000-0000-c000-000000000000"

          + resource_access {
              + id   = "7ab1d382-f21e-4acd-a863-ba3e13f7da61"
              + type = "Role"
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

我为azuread_application删除了许多变量和一些可选参数,以使代码尽可能的小,但是相同的原理也适用于您的代码,请使用for_each上的列表将循环显示对象属性。

相关问题
最新问题