如何使用 terraform 将多个 vnet 的多个子网动态添加到 azure servicebus 防火墙

How to add multiple subnets of multiple vnets to azure servicebus firewall dynamically using terraform

如何使用 terraform 将多个 VNET 的多个子网动态添加到 azure ServiceBus 防火墙?

下面是地形代码。 VNET 和子网在 tf 代码的本地部分可用。

所以我在 Azure 中有三个 VNET(vnet1、vnet2 和 vnet3),每个 VNET 都有多个子网。


locals {
 virtual_network_name1 = "vnet1"
 virtual_network_name2 = "vnet2"
 virtual_network_name3 = "vnet3"
 subnets = {
   sub1 : {
     subnet1 = "vnet1-subnet1",
     subnet2 = "vnet1-subnet2",
     subnet3 = "vnet1-subnet3"
   },
   sub2: {
     subnet1 = "vnet2-subnet1",
     subnet2 = "vnet2-subnet2",
     subnet3 = "vnet2-subnet3"
   }
sub3: {
     subnet1 = "vnet3-subnet1",
     subnet2 = "vnet3-subnet2",
     subnet3 = "vnet3-subnet3"
   }
 
}
}

data "azurerm_virtual_network" "vnet" {
 name                 = local.virtual_network_name
 resource_group_name  = "westy"
}

data "azurerm_subnet" "subnets" {
 for_each             = local.subnets
 name                 = each.value
 resource_group_name  = "westy"
 virtual_network_name = data.azurerm_virtual_network.vnet.name

}

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_servicebus_namespace" "example" {
  name                = "example-sb-namespace"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "Premium"

  capacity = 1
}


resource "azurerm_servicebus_namespace_network_rule_set" "example" {
  namespace_name      = azurerm_servicebus_namespace.example.name
  resource_group_name = azurerm_resource_group.example.name

  default_action = "Deny"

  trusted_services_allowed = true

  network_rules {
    subnet_id                            = data.azurerm_subnet.subnets
    ignore_missing_vnet_service_endpoint = false
  }


  ip_rules = ["125.123.142.174"]
 
 
}

实际上,这些是现有的 VNET,并且已经创建了子网

我想遍历这些 vnet,例如 vnet1 迭代第一组子网,vnet2 迭代第二组子网,vnet3 也一样。这就是各个子网如何与这些 vnet 相关联,并使用 terraform 动态地将它们添加到“azurerm_servicebus_namespace_network_rule_set”资源的网络块内?

是否可以实现?

您可以使用以下代码满足您的要求:

provider "azurerm"{
  features{}
}
locals {
 vnet_list = {    
  "vnet1" = [{"subnet_name"=[
                    "subnet1",
                    "subnet2",
                    "subnet3"
  ]
  }],
  "vnet2" = [{"subnet_name"=[
                    "subnet1",
                    "subnet2",
                    "subnet3"
  ]
                 }], 
  "vnet3" = [{"subnet_name"=[
                    "subnet1",
                    "subnet2",
                    "subnet3"
                  ]
  }]
}
vnet = merge([
    for vnet_name, vnet in local.vnet_list : {
      for subnet in vnet[0].subnet_name :
          "${vnet_name}-${subnet}" => {
            name               = vnet_name
            subnet_name  =  subnet
          }
    }
  ]...)
}
data "azurerm_resource_group" "example" {
  name     = "myresourcegroup"
}

resource "azurerm_servicebus_namespace" "example" {
  name                = "ansuman-sb-namespace"
  location            = data.azurerm_resource_group.example.location
  resource_group_name = data.azurerm_resource_group.example.name
  sku                 = "Premium"

  capacity = 1
}

data "azurerm_subnet" "example"{
  for_each = local.vnet
  name=each.value.subnet_name
  virtual_network_name=each.value.name
  resource_group_name=data.azurerm_resource_group.example.name
}

resource "azurerm_servicebus_namespace_network_rule_set" "example" {
  namespace_name      = azurerm_servicebus_namespace.example.name
  resource_group_name = data.azurerm_resource_group.example.name
  default_action = "Deny"
  trusted_services_allowed = true

  dynamic "network_rules" {
    for_each=data.azurerm_subnet.example
    content{
    subnet_id                            = network_rules.value["id"]
    ignore_missing_vnet_service_endpoint = false
  }
  }
  ip_rules = ["125.123.142.174"]
}

输出:

所有9个子网已添加到网络规则中:

传送门: