如何在 Terraform 中有条件地配置 Azure 点到站点 vpn？

Question

如何有条件地为当前的 Azure VPN 网关提供点到站点 VPN？我想要 dev/qa VPN 网关的 P2S VPN 但不是产品。我尝试使用带有布尔变量的计数属性，但 terraform 不喜欢这样（vpn_client_configuration.0：无效或未知键：计数）

vpn_client_configuration {
    count = "${var.p2s_vpn_enabled}" 

    address_space =  ["${var.p2s_vpn_address_space}"]

    root_certificate {
      name = "${var.p2s_vpn_root_cert_name}"
      public_cert_data = "${var.p2s_vpn_root_cert_base64_data}"
    }       
  }

windows

的 Terraform 11

Answer 1

错误发生是因为count parameter works on resources level. The vpn_client_configuration is a optional argument in azurerm_virtual_network_gateway块。你可以尝试在 VPN 网关块级别使用 count，会是这样的，

resource "azurerm_virtual_network_gateway" "test" {
  count = "${var.p2s_vpn_enabled}"
  name                = "test"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"

  type     = "Vpn"
  vpn_type = "RouteBased"
...
}

另外还有一篇很好的文章分享Terraform tips & tricks: loops, if-statements, and gotchas

In Terraform, a boolean true is converted to a 1 and a boolean false is converted to a 0.

If you set count to 1 on a resource, you get one copy of that resource and if you set count to 0, that resource is not created at all.

希望对您有所帮助。