数字海洋托管数据库防火墙的 Terraform
Terraform for Digital Ocean Managed Database Firewall
我一直在尝试为我拥有的托管数字海洋数据库动态创建 Terraform 代码。我正在努力实现我有一些 FW 条目列表,例如:
locals {
####################################################################################
## DO object ids (the different ID's for the Postgres databases in Digital Ocean
####################################################################################
id_postgres_application_dev = "12345"
id_postgres_application_stg = "23456"
id_postgres_application_prd = "34567"
# Map to fw for Postgres
pg-application_id = {
"dev" = id_postgres_application_dev
"stg" = id_postgres_application_stg
"prd" = id_postgres_application_prd
}
####################################################################################
## Outside IP addresses
####################################################################################
fw_ip_peter = "4.100.123.140"
fw_ip_sunshine = "152.120.106.102"
####################################################################################
## Postgres Application
####################################################################################
# Map to fw for Postgres
pg-application_fw_rules_ip = {
"dev" = [
local.fw_ip_peter,
local.fw_ip_sunshine]
"stg" = [
local.fw_ip_peter]
"prd" = [
local.fw_ip_peter]
}
long_key = {
type = "string"
default = <<EOF
rule = {
type = "KEY"
value = "VALUE"
}
EOF
}
fw_rules = toset(lookup(local.pg-application_fw_rules_ip, var.environment))
}
现在我想要实现的是动态生成 FW 规则条目(这些在 Digital Ocean 文档中有描述:https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/database_firewall
因此开发环境的结果类似于:
id_postgres_application = lookup(local.pg-application_id, var.environment)
resource "digitalocean_database_firewall" "example-fw" {
cluster_id = id_postgres_application
rule {
type = "ip_addr"
value = "4.100.123.140" // Peter
}
rule {
type = "ip_addr"
value = "152.120.106.102" // Sunshine (for dev only)
}
}
所以问题出在规则部分 - 在 fw_rules 变量中重复每个条目。
有人对如何执行此操作有具体建议吗?我尝试了很多不同的解决方案,我认为我的基本问题是了解应用哪种方法?
通常,您会为此使用 dynamic blocks。因此,您的代码可能如下所示:
resource "digitalocean_database_firewall" "example-fw" {
cluster_id = id_postgres_application
dynamic "rule" {
for_each = local.application_fw_rules_ip[var.environment]
content {
type = "ip_addr"
value = rule.key
}
}
}
将代码作为示例,因为可能需要针对您的设置进行一些特定的进一步调整。
我一直在尝试为我拥有的托管数字海洋数据库动态创建 Terraform 代码。我正在努力实现我有一些 FW 条目列表,例如:
locals {
####################################################################################
## DO object ids (the different ID's for the Postgres databases in Digital Ocean
####################################################################################
id_postgres_application_dev = "12345"
id_postgres_application_stg = "23456"
id_postgres_application_prd = "34567"
# Map to fw for Postgres
pg-application_id = {
"dev" = id_postgres_application_dev
"stg" = id_postgres_application_stg
"prd" = id_postgres_application_prd
}
####################################################################################
## Outside IP addresses
####################################################################################
fw_ip_peter = "4.100.123.140"
fw_ip_sunshine = "152.120.106.102"
####################################################################################
## Postgres Application
####################################################################################
# Map to fw for Postgres
pg-application_fw_rules_ip = {
"dev" = [
local.fw_ip_peter,
local.fw_ip_sunshine]
"stg" = [
local.fw_ip_peter]
"prd" = [
local.fw_ip_peter]
}
long_key = {
type = "string"
default = <<EOF
rule = {
type = "KEY"
value = "VALUE"
}
EOF
}
fw_rules = toset(lookup(local.pg-application_fw_rules_ip, var.environment))
}
现在我想要实现的是动态生成 FW 规则条目(这些在 Digital Ocean 文档中有描述:https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/database_firewall
因此开发环境的结果类似于:
id_postgres_application = lookup(local.pg-application_id, var.environment)
resource "digitalocean_database_firewall" "example-fw" {
cluster_id = id_postgres_application
rule {
type = "ip_addr"
value = "4.100.123.140" // Peter
}
rule {
type = "ip_addr"
value = "152.120.106.102" // Sunshine (for dev only)
}
}
所以问题出在规则部分 - 在 fw_rules 变量中重复每个条目。
有人对如何执行此操作有具体建议吗?我尝试了很多不同的解决方案,我认为我的基本问题是了解应用哪种方法?
通常,您会为此使用 dynamic blocks。因此,您的代码可能如下所示:
resource "digitalocean_database_firewall" "example-fw" {
cluster_id = id_postgres_application
dynamic "rule" {
for_each = local.application_fw_rules_ip[var.environment]
content {
type = "ip_addr"
value = rule.key
}
}
}
将代码作为示例,因为可能需要针对您的设置进行一些特定的进一步调整。