Error: 'threat_detection_policy' : attribute supports 1 item maximum, config has 2 declared

Error: 'threat_detection_policy' : attribute supports 1 item maximum, config has 2 declared

预期行为

我正在尝试启用 'threat detection policy' 并将警报发送到电子邮件地址列表

实际行为

抛出错误(参见错误输出)

错误输出

Error: threat_detection_policy: attribute supports 1 item maximum, config has 2 declared

  on ..\mysql-module-test\example-location\main.tf line 20, in resource "azurerm_mysql_server" "instance":
  20: resource "azurerm_mysql_server" "instance" {

Terraform(和 AzureRM 提供程序)版本

受影响的资源

Terraform 配置文件

Main.tf

resource "azurerm_mysql_server" "instance" {
  name                = "${var.names.product_name}-${var.names.environment}-${var.server_id}"
  location            = var.location
  resource_group_name = var.resource_group_name
  tags                = var.tags

  administrator_login          = local.administrator_login
  administrator_login_password = local.administrator_password

  sku_name   = var.sku_name
  storage_mb = var.storage_mb
  version    = var.mysql_version

  auto_grow_enabled                 = (var.create_mode == "Replica" ? true : var.auto_grow_enabled)
  backup_retention_days             = var.backup_retention_days
  geo_redundant_backup_enabled      = var.geo_redundant_backup_enabled
  infrastructure_encryption_enabled = var.infrastructure_encryption_enabled
  public_network_access_enabled     = (((length(var.service_endpoints) > 0) || (length(var.access_list) > 0)) ? true : false)
  ssl_enforcement_enabled           = var.ssl_enforcement_enabled
  ssl_minimal_tls_version_enforced  = var.ssl_enforcement_enabled ? "TLS1_2" : "TLSEnforcementDisabled"

  create_mode               = var.create_mode
  creation_source_server_id = (var.create_mode == "Replica" ? var.creation_source_server_id : null)

  dynamic "threat_detection_policy" {  # Error: threat_detection_policy: attribute supports 1 item maximum, config has 2 declared
    for_each = (var.threat_detection_policy != null ? var.threat_detection_policy : null)
    content {
      enabled         = var.threat_detection_policy.enable_threat_detection_policy
      email_addresses = var.threat_detection_policy.threat_detection_email_addresses
    }
  }
}

Variables.tf

# Advanced threat protection policy settings
variable "threat_detection_policy" {
  description = "Threat detection policy configuration.  If not input, threat detection will be disabled."
  type = object({
    enable_threat_detection_policy   = bool
    threat_detection_email_addresses = list(string)
  })
  default = null
}

模块调用

# advanced threat protection policy
  threat_detection_policy = {
    enable_threat_detection_policy   = true
    threat_detection_email_addresses = ["first.last@contoso.com", "first.last@contoso.com"]
  }

错误输出

Error: threat_detection_policy: attribute supports 1 item maximum, config has 2 declared

  on ..\mysql-module-test\example-location\main.tf line 20, in resource "azurerm_mysql_server" "instance":
  20: resource "azurerm_mysql_server" "instance" {

当您在地图(或对象)上使用 for_each 时,Terraform 会迭代键。所以它试图为键 enable_threat_detection_policythreat_detection_email_addresses.

创建两个 threat_detection_policy

动态块对您的场景没有实际意义,因为 azurerm_mysql_server 资源只能有一个 threat_detection_policy 块。这样的配置可能有效:

threat_detection_policy {
  enabled          = var.threat_detection_policy != null
  email_addresses  = var.threat_detection_policy != null ? var.threat_detection_policy.threat_detection_email_addresses  : []
}