如何在 terraform 中使用 for_each double?

how to using for_each double in terraform?

大家。
在 terraform 中使用 for_each 时,会出现重复。 这种情况下应该怎么绕过?

问题点是1)、2)。 必须通过 for_each.

从每个资源中获取数据值 
// custom hostname binding
resource "azurerm_app_service_custom_hostname_binding" "service_host_bind" {
     
  for_each                     =  azurerm_dns_cname_record.cname_target
      
  hostname                  = trim(each.value.fqdn, ".")
      
  app_service_name     = azurerm_app_service._service.name
      
  resource_group_name = azurerm_resource_group._rg.name
      
  depends_on          = [azurerm_dns_txt_record._txt_target]

  lifecycle {
        ignore_changes = [ssl_state, thumbprint]
      }    }

// app service managed certificate
resource "azurerm_app_service_managed_certificate" "_service_manage_cert" {
      
      for_each                    = azurerm_app_service_custom_hostname_binding._service_host_bind
      
      custom_hostname_binding_id  = each.value.id     
    }

// app service certificate binding
resource "azurerm_app_service_certificate_binding" "xtrm_service_certi_bind" {
      
      1) hostname_binding_id = azurerm_app_service_custom_hostname_binding._service_host_bind.id
      // ## how to for_each??
      2) certificate_id               = azurerm_app_service_managed_certificate._service_manage_cert.id
        // ## how to for_each??
      ssl_state           = "SniEnabled"       
    }

目前,我们已经为重定向准备了几个域,我们尝试为每个域授予证书。

例如,当有端点域(www.azure.com)时,重定向域:auz-ure.com, auz-ure.com, az-ops.shop,等等

(天蓝色-redirect.net -> www.azure.com

auz-ure.com -> www.azure.com

az-ops.shop -> www.azure.com)

terraform代码我参考了文档

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_managed_certificate

由于您对应用服务托管证书使用与自定义主机名绑定相同的索引,因此您可以再次迭代自定义主机名绑定:

resource "azurerm_app_service_certificate_binding" "xtrm_service_certi_bind" {
      
    for_each            = azurerm_app_service_custom_hostname_binding.service_host_bind
    hostname_binding_id = azurerm_app_service_custom_hostname_binding.service_host_bind[each.key].id     
    certificate_id      = azurerm_app_service_managed_certificate._service_manage_cert[each.key].id      
    ssl_state           = "SniEnabled"
}