Terraform - 动态变量参数

Terraform - Dynamic variables arguments

我觉得我已经尝试了很多不同的方法,但我可能对如何调用这些变量有点不满意。我有以下代码:

  config_rule_params = {
      "access_keys_rotated" = {
          "input_parameters" = "{\"maxAccessKeyAge\": \"90\"}",
          "maximum_execution_frequency" = "TwentyFour_Hours",
          "source" = {
              "owner" = "AWS",
              "source_identifier" = "ACCESS_KEYS_ROTATED"
          }
      },
      "acm_certificate_expiration_check" = {
          "input_parameters" = "{\"daysToExpiration\": \"30\"}",
          "maximum_execution_frequency" = "TwentyFour_Hours",
          "source" = {
              "owner" = "AWS",
              "source_identifier" = "ACM_CERTIFICATE_EXPIRATION_CHECK"
          },
          "scope" = {
              "compliance_resource_types" = "AWS::ACM::Certificate"
          }
      }
  }
}

resource "aws_config_config_rule" "parameterised_config_rules" {
    for_each                    = local.config_rule_params
    name                        = each.key
    input_parameters            = each.value.input_parameters
    maximum_execution_frequency = each.value.maximum_execution_frequency
    
    dynamic "source" {
        for_each = local.config_rule_params[*].source[*]
        content {
            owner = each.value.owner
            source_identifier = each.source_identifier
        }
    }

    dynamic "scope" {
        for_each = local.config_rule_params[*].scope[*]
        content {
            compliance_resource_types = each.value.compliance_resource_types
        }
    }
}

最终我会在 config_rule_params 下添加大量规则,但并非所有规则都有 sourcescope 甚至其他参数。创建资源时如何正确调用这些变量?当前出现以下错误:

Error: Unsupported attribute
  on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 53, in resource "aws_config_config_rule" "parameterised_config_rules":
  53:         for_each = local.config_rule_params[*].source[*]
This object does not have an attribute named "source".
Error: Unsupported attribute
  on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 61, in resource "aws_config_config_rule" "parameterised_config_rules":
  61:         for_each = local.config_rule_params[*].scope[*]
This object does not have an attribute named "scope".
ERROR: Job failed: exit code 1

当您在 dynamic blocks 中使用 for_each 时,默认情况下使用块的标签(sourcescope)引用迭代器,而不是 each:

The iterator argument (optional) sets the name of a temporary variable that represents the current element of the complex value. If omitted, the name of the variable defaults to the label of the dynamic block ("setting" in the example above).

在您的示例中,它将是 sourcescope:

    dynamic "source" {
        for_each = local.config_rule_params[*].source[*]
        content {
            owner = source.value.owner
            source_identifier = source.source_identifier
        }
    }

    dynamic "scope" {
        for_each = local.config_rule_params[*].scope[*]
        content {
            compliance_resource_types = scope.value.compliance_resource_types
        }
    }

您正确地使用了 [*] 运算符作为一种简洁的方式来将可能为 null 或不为 null 的值适配到具有零个或一个元素的列表中,但这里有两件事需要更改:

  • 默认情况下,dynamic 块的迭代器符号是您正在生成的块的名称。 each 是顶级资源本身的迭代器符号,即使在 dynamic 块内也是如此。
  • 作为上一项的结果,您可以使用 each.value 作为 dynamic 块中 for_each 表达式的一部分,以引用 [=18 的当前元素=].

将它们放在一起,我们得到如下结果:

resource "aws_config_config_rule" "parameterised_config_rules" {
  for_each                    = local.config_rule_params

  name                        = each.key
  input_parameters            = each.value.input_parameters
  maximum_execution_frequency = each.value.maximum_execution_frequency
    
  dynamic "source" {
    for_each = each.value.source[*]
    content {
      owner             = source.value.owner
      source_identifier = source.value.source_identifier
    }
  }

  dynamic "scope" {
    for_each = each.value.scope[*]
    content {
      compliance_resource_types = scope.value.compliance_resource_types
    }
  }
}

请注意,在 dynamic "source" 块中,当前元素是 source.value,而在 dynamic "scope" 块中,当前元素是 scope.value。因此,在 dynamic 块中 使用 each.value 是有效的,因此在构建这些嵌套块时,您可以同时参考两个重复级别.