Terraform 动态组创建

Question

在我下面的 terraform 代码中，我试图将组分配给实例。但是对于实例 test1、test2，我可以分配组 app1、app2、app3。但我想将 app1、app2、app3 组分配给 test1 实例，将 t1、t2、t3 组分配给 test2 实例。 group_assignments 块中是否缺少任何逻辑。谢谢

locals {
  instances = [
    {
      instance  = "test1"
      baseUrl   = "url"
      subDomain = "sd"
      groups = [
        "app1",
        "app2",
        "app3",
      ]
},
    {
      instance  = "test2"
      baseUrl   = "url2"
      subDomain = "sd2"
      groups = [
        "t1",
        "t2",
        "t3",
      ]
},
  ]
}
resource "og" "press" {
  for_each = { for k, instance in flatten(local.instances[*].groups) : k => instance }
  name     = each.value
}
resource "ol" "press2" {
  for_each                   = { for k, instance in local.instances : k => instance }
  label                      = "press-${each.value.instance}"
  preconfigured_app          = "press"
}
resource "oag" "assignment" {
  for_each = { for k, instance in local.instances : k => instance }
  app_id   = ol.press2[each.key].id
  dynamic "group" {
    for_each = each.value.groups
    content {
      id = og.press[group.value].id
    }
  }
}

Answer 1

我觉得应该是：

resource "okta_group" "press" {
  for_each = toset(flatten(local.instances[*].groups))
  name     = each.value
}

这样您就可以引用 okta_group 的各个实例，如 okta_group.press["app1"], okta_group.press["t1"] 等等。

Terraform 动态组创建

Terraform dynamic group creation

loops

dynamic

terraform