如何更正使用 Terraform 创建 Azure NSG 时的此错误？

Question

我正在尝试使用 Terraform 在 Azure 中创建 NSG。

Terraform 版本为 v0.15.2，提供商版本为 azurerm v2.61.0

这是我的 TF 文件中的一段代码。

  resource "azurerm_network_security_group" "nsg" {
  name                = "SG"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name


  security_rule = [{
    access                                     = "Allow"
    description                                = "SSH Rule"
    destination_address_prefix                 = "*"
    destination_address_prefixes               = ["*"]
    destination_port_range                     = "*"
    destination_port_ranges                    = ["22"]
    direction                                  = "Inbound"
    name                                       = "SSH Rule"
    priority                                   = 100
    protocol                                   = "Tcp"
    source_address_prefix                      = "*"
    source_address_prefixes                    = ["*"]
    source_port_range                          = "22"
    source_port_ranges                         = ["22"]
    source_application_security_group_ids      = [""]
    destination_application_security_group_ids = [""]

  }]
}

现在，当我 运行 terraform plan & terraform apply 时，我得到的预期输出为：

* only one of "source_port_range" and "source_port_ranges" can be used per security rule
* only one of "destination_port_range" and "destination_port_ranges" can be used per security rule
* only one of "source_address_prefix" and "source_address_prefixes" can be used per security rule
* only one of "destination_address_prefix" and "destination_address_prefixes" can be used per security rule

现在，当我再次只保留 source_port_range, destination_port_range, source_address_prefix, destination_address_prefix 字段和 运行 terraform plan 时，会出现以下错误：

Inappropriate value for attribute "security_rule": element 0: attributes "destination_address_prefixes",
│ "destination_port_ranges", "source_address_prefixes", and "source_port_ranges" are required.

如果我添加这些并删除较早的那些，我得到：

│ Inappropriate value for attribute "security_rule": element 0: attributes "destination_address_prefix", "destination_port_range",  
│ "source_address_prefix", and "source_port_range" are required.

为什么会发生这种情况以及如何解决这个问题？

更新

考虑了评论中提到的要点，并进行了一些更改以使其正常工作。

注意事项：

• 即使在文档中提到 Optional，Terraform 也需要 security_rule 块中的所有键。
• 此外，它不允许 Source/destination address_prefixes = ["*"] 这样。 Source/Destination address_prefix 完成了任务。
• 在未提及值的地方，应使用 [] 而不是 [""]

resource "azurerm_network_security_group" "nsg" {
  name                = "SG"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name


  security_rule = [{
    access                                     = "Allow"
    description                                = "SSH Rule"
    destination_address_prefix                 = "*"
    destination_address_prefixes               = []
    destination_port_range                     = ""
    destination_port_ranges                    = ["22"]
    direction                                  = "Inbound"
    name                                       = "SSH Rule"
    priority                                   = 100
    protocol                                   = "Tcp"
    source_address_prefix                      = "*"
    source_address_prefixes                    = []
    source_port_range                          = "*"
    source_port_ranges                         = []
    source_application_security_group_ids      = []
    destination_application_security_group_ids = []

  }]
}

Answer 1

你能试试这个吗:

  security_rule = [{
    access                                     = "Allow"
    description                                = "SSH Rule"
    destination_address_prefix                 = ""
    destination_address_prefixes               = ["*"]
    destination_port_range                     = ""
    destination_port_ranges                    = ["22"]
    direction                                  = "Inbound"
    name                                       = "SSH Rule"
    priority                                   = 100
    protocol                                   = "Tcp"
    source_address_prefix                      = ""
    source_address_prefixes                    = ["*"]
    source_port_range                          = ""
    source_port_ranges                         = ["22"]
    source_application_security_group_ids      = []
    destination_application_security_group_ids = []

  }]
}

您在两个字段中定义值 - 即 Terraform 将只接受 destination_port_range 或 destination_port_ranges 之一，而不接受两者。其他属性也一样。