使用 terraform 动态块创建防火墙规则

时间:2021-07-31 14:34:49

标签: module terraform

我正在使用 terraform modules 创建 GCP firewall 规则。我正在为 dynamic variables 苦苦挣扎,我需要一些帮助

我的模块定义如下

##fw.tf
resource "google_compute_firewall" "main" {
name = var.name
network = var.network
direction = var.direction
source_ranges = var.source_ranges
target_tags = var.target_tags
dynamic "allow" {
for_each = var.allow
   content {
     protocol = allow.value.protocol
     ports = allow.value.ports
      }
     }
 }

##Variables.tf
// instance.tf variables
 variable "name" {
     type = string
    }
 variable "network" {
     type = string
   }
 variable "direction" {
     type = string
     default = "Ingress"
    }

 variable "source_ranges" {
    type = list(string)
   }
 variable "target_tags" {
     type = list(string)
   }
 variable "protocol" {
     type = string
    }
 variable "ports" {
     type = list(string)
    }
 variable "allow" {
     type = map(string)
    }

调用定义如下

   ##fw.tf
   module "firewall" {
   source = "…/…/modules/fw"
   name = var.fw_fwrule_name
   network = var.fw_network
   description = var.fw_desc
   direction = var.fw_direction
   priority = var.fw_priority
   source_ranges = var.fw_ranges
   target_tags = var.fw_target_tags
   dynamic "allow" {
       for_each = var.fw_allow
           content {
                protocol = allow.value.protocol
                 ports = allow.value.ports
                }
              }
           }
   ##fw.tfvars
   // instance varaibles
   project = "infras-12345"
   fw_fwrule_name = "fw-allow-ssh"
   fw_network = "default"
   fw_desc = "Test firewall"
   fw_direction = "INGRESS"
   fw_priority = 1000
   fw_ranges = [
       "0.0.0.0/0",
       ]
   fw_target_tags = ["http","https"]
         fw_allow = {
         protocol = "tcp"
         ports = ["80"]
        }

    ##variables.tf
    variable "project" {}
    variable "fw_fwrule_name" {}
    variable "fw_network" {}
    variable "fw_desc" {}
    variable "fw_direction" {}
    variable "fw_priority" {}
    variable "fw_ranges" {}
    variable “fw_target_tags” {
           type = list(string)
          }
    variable "fw_allow" {
        description = "Custom tags to set on the Instances in the ASG"
        type = map(string)
        default = {}
       }

当我执行 terraform plan 时,它失败并显示以下错误

  terraform plan -var-file=fw.tfvars
    ╷
    │ Error: Argument or block definition required
    │
    │ on fw.tf line 22, in module “fw1”:
    │ 22:
    │
    │ An argument or block definition is required here.

更新:

修复了大括号和引号问题。现在它显示以下错误

  $ terraform plan  -var-file=fw.tfvars
  ╷
  │ Error: Invalid value for input variable
  │
  │   on fw.tfvars line 16:
  │   16: fw_allow = {
  │   17:   protocol = "tcp"
  │   18:   ports    = [ "80" ]
  │   19: }
  │
  │ The given value is not valid for variable "fw_allow": element "ports": string required.

请建议解决问题

0 个答案:

没有答案
相关问题
最新问题