如何使用 terraform 将多个 IP 动态添加到 azure servicebus 防火墙
How to add multiple IPs to azure servicebus firewall dynamically using terraform
如何使用 terraform 将多个 IP 动态添加到 azure 服务总线防火墙。
我能够将这些 IP 添加到服务总线实例,同时在 tf 代码中对这些 IP 进行硬编码。
但是 terraform 正在尝试使用此 terraform 代码创建多个 network_ruleset 资源。
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_servicebus_namespace" "example" {
name = "example-sb-namespace"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku = "Premium"
capacity = 1
}
resource "azurerm_virtual_network" "example" {
name = "example-vnet"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
address_space = ["172.17.0.0/16"]
dns_servers = ["10.0.0.4", "10.0.0.5"]
}
resource "azurerm_subnet" "example" {
name = "default"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["172.17.0.0/24"]
service_endpoints = ["Microsoft.ServiceBus"]
}
locals {
ip_rules = [
"1.1.1.1",
"2.2.2.2",
"123.145.168.143",
"1.23.54.67",
"145.36.142.127",
"192.168.0.0/24",
"194.145.123.0/26"
]
}
resource "azurerm_servicebus_namespace_network_rule_set" "example" {
namespace_name = azurerm_servicebus_namespace.example.name
resource_group_name = azurerm_resource_group.example.name
default_action = "Deny"
trusted_services_allowed = true
network_rules {
subnet_id = azurerm_subnet.example.id
ignore_missing_vnet_service_endpoint = false
}
for_each = toset(local.ip_rules1)
ip_rules = [each.value]
# ip_rules = [
# "1.1.1.1",
# "2.2.2.2",
# "123.145.168.143",
# "1.23.54.67",
# "45.36.142.127",
# "192.168.0.0/24",
# "194.145.123.0/26"
# ]
}
如何针对 Azure 服务总线实例实现此方案。
如果我对您的问题的理解正确,那么以下内容应该就足够了:
resource "azurerm_servicebus_namespace_network_rule_set" "example" {
namespace_name = azurerm_servicebus_namespace.example.name
resource_group_name = azurerm_resource_group.example.name
default_action = "Deny"
trusted_services_allowed = true
network_rules {
subnet_id = azurerm_subnet.example.id
ignore_missing_vnet_service_endpoint = false
}
ip_rules = local.ip_rules
}
如何使用 terraform 将多个 IP 动态添加到 azure 服务总线防火墙。
我能够将这些 IP 添加到服务总线实例,同时在 tf 代码中对这些 IP 进行硬编码。 但是 terraform 正在尝试使用此 terraform 代码创建多个 network_ruleset 资源。
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_servicebus_namespace" "example" {
name = "example-sb-namespace"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku = "Premium"
capacity = 1
}
resource "azurerm_virtual_network" "example" {
name = "example-vnet"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
address_space = ["172.17.0.0/16"]
dns_servers = ["10.0.0.4", "10.0.0.5"]
}
resource "azurerm_subnet" "example" {
name = "default"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["172.17.0.0/24"]
service_endpoints = ["Microsoft.ServiceBus"]
}
locals {
ip_rules = [
"1.1.1.1",
"2.2.2.2",
"123.145.168.143",
"1.23.54.67",
"145.36.142.127",
"192.168.0.0/24",
"194.145.123.0/26"
]
}
resource "azurerm_servicebus_namespace_network_rule_set" "example" {
namespace_name = azurerm_servicebus_namespace.example.name
resource_group_name = azurerm_resource_group.example.name
default_action = "Deny"
trusted_services_allowed = true
network_rules {
subnet_id = azurerm_subnet.example.id
ignore_missing_vnet_service_endpoint = false
}
for_each = toset(local.ip_rules1)
ip_rules = [each.value]
# ip_rules = [
# "1.1.1.1",
# "2.2.2.2",
# "123.145.168.143",
# "1.23.54.67",
# "45.36.142.127",
# "192.168.0.0/24",
# "194.145.123.0/26"
# ]
}
如何针对 Azure 服务总线实例实现此方案。
如果我对您的问题的理解正确,那么以下内容应该就足够了:
resource "azurerm_servicebus_namespace_network_rule_set" "example" {
namespace_name = azurerm_servicebus_namespace.example.name
resource_group_name = azurerm_resource_group.example.name
default_action = "Deny"
trusted_services_allowed = true
network_rules {
subnet_id = azurerm_subnet.example.id
ignore_missing_vnet_service_endpoint = false
}
ip_rules = local.ip_rules
}