为 kubernetes_role 资源构建动态地形字段

Build dynamic terraform fields for kubernetes_role resource

请帮助理解如何正确构建资源的动态规则

在输入中我想发送这样的变量:

  role_rules = {
    rule01 = {
      "api_groups" = ["apps"]
      "resources"  = ["pods"]
      "resource_names" = ["foo"]
      "verbs"          = ["get", "list", "watch"]
    }
    rule02 = {
      "api_groups" = ["apps2"]
      "resources"  = ["services"]
      "resource_names" = ["foo2"]
      "verbs"          = ["*"]
    }
  }

结果我的资源有两条规则。 我试图以这样的方式做到这一点:

resource "kubernetes_role" "this" {
  metadata {
    name      = var.role_name
    labels    = local.metadata_labels
  }
  dynamic "rule" {
    for_each = local.role_permission_rules
    content {
      api_groups     = try(role.value["api_groups"], "")
      resources      = try(role.value["resources"], "")
      resource_names = try(role.value["resource_names"], "")
      verbs          = try(role.value["verbs"], "")
    }
  }
}
locals {
  role_permission_rules = {
    for rule in keys(var.role_rules):
      rule => lookup(var.role_rules, rule)
  }
}

但不幸的是,它无法处理很多对根模块没有价值的错误。 关于如何纠正这些东西的任何想法?

我建议使用查找而不是尝试。但是,我认为您只需要通过将项目包含在方括号 [] 中将其放入列表中即可。另外我建议参考 rule.value 而不是 role.value

例如:

dynamic "rule" {
   for_each = local.role_permission_rules
   content {
     api_groups     = [lookup(rule.value, "api_groups", null)]
     resources      = [lookup(rule.value, "resources", null)]
     resource_names = [lookup(rule.value, "resource_names", null)]
     verbs          = [lookup(rule.value, "verbs", null)]
   }
}