我的要求是哨兵策略应仅允许 AKS 中的以下类型的持久卷 - azure_disk","azure_file","csi","flex_volume"。
我写的政策:
import "tfplan-functions" as plan
aksstorage = plan.find_resources("kubernetes_persistent_volume")
allowed_storage = ["azure_disk","azure_file","csi","flex_volume"]
violating_storage = plan.filter_attribute_not_in_list(aksstorage,
"spec.0.persistent_volume_source", allowed_storage, true)
# Main rule
violations = length(violating_storage["messages"])
main = rule {
violations is 0
}
我收到以下错误。
<块引用>kubernetes_persistent_volume.example 的 spec.0.persistent_volume_source 值为 [{azure_disk: [], glusterfs: [], cinder: [], iscsi: [], flocker: [], local: [], nfs: [] , photon_persistent_disk: [], csi: [], fc: [], ceph_fs: [], flex_volume: [], vsphere_volume: [{fs_type: null, volume_path: /absolute/path}], host_path: [], gce_persistent_disk: [], azure_file: [], rbd: [], quobyte: [], aws_elastic_block_store: []}] 不在允许列表中:[azure_disk, azure_file, csi, flex_volume]
我是 Terraform 的新手,无法找到满足此要求的方法。