Terraform 遍历对象映射中的列表
Terraform iterate through list within a map of objects
我正在寻求有关遍历对象映射中的列表的帮助。
这是我当前的地图:
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
}
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
}
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
}
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
我的最终目标是在每个列表中的每个端口上使用 for each。
我在 terraform 模板文件中使用 go templating,这是我目前拥有的,它适用于索引位置 0
%{ for key , value in tunnels }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.ports[0]} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}
如有任何帮助,我们将不胜感激。我一直在研究合并功能,看看它是否是一个很好的用例。
最终目标是为每个端口设置单独的 dport 规则。
您必须将 tunnles
压平,merge
可用于此:
variable "tunnels" {
default = {
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
},
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
},
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
},
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
}
locals {
tunnels_flat = merge([
for tunnel_name, tunnel_details in var.tunnels:
{
for idx, port in tunnel_details.ports:
"${tunnel_name}-${port}" => merge({
port = port
}, tunnel_details)
}
]...)
}
然后你将迭代(伪代码):
%{ for key , value in local.tunnels_flat }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.port} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}
我正在寻求有关遍历对象映射中的列表的帮助。
这是我当前的地图:
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
}
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
}
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
}
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
我的最终目标是在每个列表中的每个端口上使用 for each。
我在 terraform 模板文件中使用 go templating,这是我目前拥有的,它适用于索引位置 0
%{ for key , value in tunnels }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.ports[0]} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}
如有任何帮助,我们将不胜感激。我一直在研究合并功能,看看它是否是一个很好的用例。
最终目标是为每个端口设置单独的 dport 规则。
您必须将 tunnles
压平,merge
可用于此:
variable "tunnels" {
default = {
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
},
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
},
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
},
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
}
locals {
tunnels_flat = merge([
for tunnel_name, tunnel_details in var.tunnels:
{
for idx, port in tunnel_details.ports:
"${tunnel_name}-${port}" => merge({
port = port
}, tunnel_details)
}
]...)
}
然后你将迭代(伪代码):
%{ for key , value in local.tunnels_flat }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.port} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}