为 kubernetes_role 资源构建动态地形字段
Build dynamic terraform fields for kubernetes_role resource
请帮助理解如何正确构建资源的动态规则
在输入中我想发送这样的变量:
role_rules = {
rule01 = {
"api_groups" = ["apps"]
"resources" = ["pods"]
"resource_names" = ["foo"]
"verbs" = ["get", "list", "watch"]
}
rule02 = {
"api_groups" = ["apps2"]
"resources" = ["services"]
"resource_names" = ["foo2"]
"verbs" = ["*"]
}
}
结果我的资源有两条规则。
我试图以这样的方式做到这一点:
resource "kubernetes_role" "this" {
metadata {
name = var.role_name
labels = local.metadata_labels
}
dynamic "rule" {
for_each = local.role_permission_rules
content {
api_groups = try(role.value["api_groups"], "")
resources = try(role.value["resources"], "")
resource_names = try(role.value["resource_names"], "")
verbs = try(role.value["verbs"], "")
}
}
}
locals {
role_permission_rules = {
for rule in keys(var.role_rules):
rule => lookup(var.role_rules, rule)
}
}
但不幸的是,它无法处理很多对根模块没有价值的错误。
关于如何纠正这些东西的任何想法?
我建议使用查找而不是尝试。但是,我认为您只需要通过将项目包含在方括号 [] 中将其放入列表中即可。另外我建议参考 rule.value 而不是 role.value
例如:
dynamic "rule" {
for_each = local.role_permission_rules
content {
api_groups = [lookup(rule.value, "api_groups", null)]
resources = [lookup(rule.value, "resources", null)]
resource_names = [lookup(rule.value, "resource_names", null)]
verbs = [lookup(rule.value, "verbs", null)]
}
}
请帮助理解如何正确构建资源的动态规则
在输入中我想发送这样的变量:
role_rules = {
rule01 = {
"api_groups" = ["apps"]
"resources" = ["pods"]
"resource_names" = ["foo"]
"verbs" = ["get", "list", "watch"]
}
rule02 = {
"api_groups" = ["apps2"]
"resources" = ["services"]
"resource_names" = ["foo2"]
"verbs" = ["*"]
}
}
结果我的资源有两条规则。 我试图以这样的方式做到这一点:
resource "kubernetes_role" "this" {
metadata {
name = var.role_name
labels = local.metadata_labels
}
dynamic "rule" {
for_each = local.role_permission_rules
content {
api_groups = try(role.value["api_groups"], "")
resources = try(role.value["resources"], "")
resource_names = try(role.value["resource_names"], "")
verbs = try(role.value["verbs"], "")
}
}
}
locals {
role_permission_rules = {
for rule in keys(var.role_rules):
rule => lookup(var.role_rules, rule)
}
}
但不幸的是,它无法处理很多对根模块没有价值的错误。 关于如何纠正这些东西的任何想法?
我建议使用查找而不是尝试。但是,我认为您只需要通过将项目包含在方括号 [] 中将其放入列表中即可。另外我建议参考 rule.value 而不是 role.value
例如:
dynamic "rule" {
for_each = local.role_permission_rules
content {
api_groups = [lookup(rule.value, "api_groups", null)]
resources = [lookup(rule.value, "resources", null)]
resource_names = [lookup(rule.value, "resource_names", null)]
verbs = [lookup(rule.value, "verbs", null)]
}
}