Terraform:将 json 文件内容作为 json 传递给 heredoc
Terraform: Pass json file contents to heredoc as json
我正在使用 Terraform 来实施 Azure Policies,我想知道如何从我们的文件中获取 json 我们用 jinja 模板填充变量并将其作为值传递给我们的 terraform。
这是我当前代码的一部分:
resource "azurerm_policy_definition" "k8s_seccomp_governance" {
name = "k8s_seccomp_governance"
description = "Kubernetes cluster containers should only use allowed seccomp profiles"
policy_type = "Custom"
mode = "Microsoft.Kubernetes.Data"
display_name = "AMPS K8s Seccomp Governance"
metadata = <<METADATA
{
"category": "Kubernetes",
"version": "1.0.0"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"field": "type",
"in": ["AKS Engine", "Microsoft.Kubernetes/connectedClusters", "Microsoft.ContainerService/managedClusters"]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"constraintTemplate": "https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v2/template.yaml",
"constraint": "https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v2/constraint.yaml",
"excludedNamespaces": "[parameters('excludedNamespaces')]",
"namespaces": "[parameters('namespaces')]",
"values": {
"allowedProfiles": "[parameters('allowedProfiles')]",
"excludedContainers": "[parameters('excludedContainers')]"
}
}
}
}
policy_rule 块中的 JSON 与 /policies/seccomp/seccomp_profile_rule.json 文件中的匹配。我想知道或看看如何将 json 传递给 policy_rule 块并保持格式。
我的文件结构是这样的
.
├── policies
│ └── seccomp
│ ├── seccomp_parameters.json
│ └── seccomp_profile_rule.json
├── policy_assignments.tf
├── policy_definitions.tf
您可以像这样直接使用 file() 加载内容:
resource "azurerm_policy_definition" "k8s_seccomp_governance" {
name = "k8s_seccomp_governance"
description = "Kubernetes cluster containers should only use allowed seccomp profiles"
policy_type = "Custom"
mode = "Microsoft.Kubernetes.Data"
display_name = "AMPS K8s Seccomp Governance"
metadata = jsonencode({
category = "Kubernetes"
version = "1.0.0"
})
policy_rule = file("policies/seccomp/seccomp_profile_rule.json") # or maybe file("${path.module}/seccomp/seccomp_profile_rule.json")
}
请注意,您还可以通过将代码放入对象中并像我使用 metadata 参数那样对它进行 jsonencoding 来避免笨拙的 HEREDOC 语法。
我正在使用 Terraform 来实施 Azure Policies,我想知道如何从我们的文件中获取 json 我们用 jinja 模板填充变量并将其作为值传递给我们的 terraform。
这是我当前代码的一部分:
resource "azurerm_policy_definition" "k8s_seccomp_governance" {
name = "k8s_seccomp_governance"
description = "Kubernetes cluster containers should only use allowed seccomp profiles"
policy_type = "Custom"
mode = "Microsoft.Kubernetes.Data"
display_name = "AMPS K8s Seccomp Governance"
metadata = <<METADATA
{
"category": "Kubernetes",
"version": "1.0.0"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"field": "type",
"in": ["AKS Engine", "Microsoft.Kubernetes/connectedClusters", "Microsoft.ContainerService/managedClusters"]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"constraintTemplate": "https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v2/template.yaml",
"constraint": "https://store.policy.core.windows.net/kubernetes/allowed-seccomp-profiles/v2/constraint.yaml",
"excludedNamespaces": "[parameters('excludedNamespaces')]",
"namespaces": "[parameters('namespaces')]",
"values": {
"allowedProfiles": "[parameters('allowedProfiles')]",
"excludedContainers": "[parameters('excludedContainers')]"
}
}
}
}
policy_rule 块中的 JSON 与 /policies/seccomp/seccomp_profile_rule.json 文件中的匹配。我想知道或看看如何将 json 传递给 policy_rule 块并保持格式。
我的文件结构是这样的
.
├── policies
│ └── seccomp
│ ├── seccomp_parameters.json
│ └── seccomp_profile_rule.json
├── policy_assignments.tf
├── policy_definitions.tf
您可以像这样直接使用 file() 加载内容:
resource "azurerm_policy_definition" "k8s_seccomp_governance" {
name = "k8s_seccomp_governance"
description = "Kubernetes cluster containers should only use allowed seccomp profiles"
policy_type = "Custom"
mode = "Microsoft.Kubernetes.Data"
display_name = "AMPS K8s Seccomp Governance"
metadata = jsonencode({
category = "Kubernetes"
version = "1.0.0"
})
policy_rule = file("policies/seccomp/seccomp_profile_rule.json") # or maybe file("${path.module}/seccomp/seccomp_profile_rule.json")
}
请注意,您还可以通过将代码放入对象中并像我使用 metadata 参数那样对它进行 jsonencoding 来避免笨拙的 HEREDOC 语法。