gcp 中的 Terraform 动态块和列表(对象)错误
Terraform dynamic block and list(object) error in gcp
我有一个根模块、变量模块和子模块。我收到:给定值不适合定义在 .. .. 元素 0 的子模块变量“规则”:属性“匹配” •
属性“expr”:元素 0:属性“表达式”:
元素 0:需要的对象。
元素 0:
根模块:
resource "google_compute_security_policy" "policy" {
project = var.gcp_project_id
name = var.waf_name
#creating a dynamic rule
dynamic "rule" {
for_each = var.rule
content {
action = rule.value.action
priority = rule.value.priority
dynamic "match" {
for_each = rule.value.match
content {
dynamic "expr" {
for_each = match.value.expr
content{
dynamic "expression" {
for_each = expr.value.expression
content{
evaluatePreconfiguredExpr = expression.value.evaluatePreconfiguredExpr
}
}
}
}
}
}
}
}
变量模块(variable.tf):
variable "rule" {
description = "WAF rule 1"
type = list(object(
{
action = list(string)
priority = list(string)
match = list(object(
{
expr = list(object(
{
expression = list(object(
{
evaluatePreconfiguredExpr= list(string)
}
))
}
))
}
))
}
))
}
子模块(main.tf 或输入模块)
rule =[{
action = ["deny(403)"]
priority = ["1000"]
match = [{
expr = [{
expression = [<<EOF
evaluatePreconfiguredExpr('xss-stable', ['owasp-crs-v030001-id941340-xss',
'owasp-crs-v030001-id941130-xss',
'owasp-crs-v030001-id941170-xss',
'owasp-crs-v030001-id941330-xss',
]
)
EOF
]
}]
}]
这个的参考站点是:https://github.com/DeimosCloud/terraform-google-waf/blob/master/main.tf
扩展的 rule 参数与提供商规范不匹配 here 因此被拒绝。
例如,您正在为 match 参数传递对象列表,但规范需要单个对象。
调整文件对我有用:
root.tf:
resource "google_compute_security_policy" "policy" {
project = var.gcp_project_id
name = var.waf_name
#creating a dynamic rule
dynamic "rule" {
for_each = var.rule
content {
action = rule.value.action
priority = rule.value.priority
dynamic "match" {
for_each = rule.value.match
content {
dynamic "expr" {
for_each = rule.value.match
content {
expression = expr.value.expression
}
}
}
}
}
}
}
variable.tf:
variable "rule" {
description = "WAF rule 1"
type = list(object(
{
action = string
priority = string
match = object(
{
expr = object(
{
expression = string
}
)
}
)
}
)
)
}
child.tf:
rule = [{
action = "deny(403)"
priority = "1000"
match = {
expr = {
expression = <<EOF
evaluatePreconfiguredExpr('xss-stable', ['owasp-crs-v030001-id941340-xss',
'owasp-crs-v030001-id941130-xss',
'owasp-crs-v030001-id941170-xss',
'owasp-crs-v030001-id941330-xss',
]
)
EOF
}
}
}]
这会产生以下计划:
+ resource "google_compute_security_policy" "policy" {
+ fingerprint = (known after apply)
+ id = (known after apply)
+ name = "test"
+ project = "something"
+ self_link = (known after apply)
+ rule {
+ action = "deny(403)"
+ preview = (known after apply)
+ priority = 1000
+ match {
+ expr {
+ expression = <<-EOT
evaluatePreconfiguredExpr('xss-stable', ['owasp-crs-v030001-id941340-xss',
'owasp-crs-v030001-id941130-xss',
'owasp-crs-v030001-id941170-xss',
'owasp-crs-v030001-id941330-xss',
]
)
EOT
}
}
}
}
我有一个根模块、变量模块和子模块。我收到:给定值不适合定义在 .. .. 元素 0 的子模块变量“规则”:属性“匹配” • 属性“expr”:元素 0:属性“表达式”: 元素 0:需要的对象。 元素 0:
根模块:
resource "google_compute_security_policy" "policy" {
project = var.gcp_project_id
name = var.waf_name
#creating a dynamic rule
dynamic "rule" {
for_each = var.rule
content {
action = rule.value.action
priority = rule.value.priority
dynamic "match" {
for_each = rule.value.match
content {
dynamic "expr" {
for_each = match.value.expr
content{
dynamic "expression" {
for_each = expr.value.expression
content{
evaluatePreconfiguredExpr = expression.value.evaluatePreconfiguredExpr
}
}
}
}
}
}
}
}
变量模块(variable.tf):
variable "rule" {
description = "WAF rule 1"
type = list(object(
{
action = list(string)
priority = list(string)
match = list(object(
{
expr = list(object(
{
expression = list(object(
{
evaluatePreconfiguredExpr= list(string)
}
))
}
))
}
))
}
))
}
子模块(main.tf 或输入模块)
rule =[{
action = ["deny(403)"]
priority = ["1000"]
match = [{
expr = [{
expression = [<<EOF
evaluatePreconfiguredExpr('xss-stable', ['owasp-crs-v030001-id941340-xss',
'owasp-crs-v030001-id941130-xss',
'owasp-crs-v030001-id941170-xss',
'owasp-crs-v030001-id941330-xss',
]
)
EOF
]
}]
}] 这个的参考站点是:https://github.com/DeimosCloud/terraform-google-waf/blob/master/main.tf
扩展的 rule 参数与提供商规范不匹配 here 因此被拒绝。
例如,您正在为 match 参数传递对象列表,但规范需要单个对象。
调整文件对我有用:
root.tf:
resource "google_compute_security_policy" "policy" {
project = var.gcp_project_id
name = var.waf_name
#creating a dynamic rule
dynamic "rule" {
for_each = var.rule
content {
action = rule.value.action
priority = rule.value.priority
dynamic "match" {
for_each = rule.value.match
content {
dynamic "expr" {
for_each = rule.value.match
content {
expression = expr.value.expression
}
}
}
}
}
}
}
variable.tf:
variable "rule" {
description = "WAF rule 1"
type = list(object(
{
action = string
priority = string
match = object(
{
expr = object(
{
expression = string
}
)
}
)
}
)
)
}
child.tf:
rule = [{
action = "deny(403)"
priority = "1000"
match = {
expr = {
expression = <<EOF
evaluatePreconfiguredExpr('xss-stable', ['owasp-crs-v030001-id941340-xss',
'owasp-crs-v030001-id941130-xss',
'owasp-crs-v030001-id941170-xss',
'owasp-crs-v030001-id941330-xss',
]
)
EOF
}
}
}]
这会产生以下计划:
+ resource "google_compute_security_policy" "policy" {
+ fingerprint = (known after apply)
+ id = (known after apply)
+ name = "test"
+ project = "something"
+ self_link = (known after apply)
+ rule {
+ action = "deny(403)"
+ preview = (known after apply)
+ priority = 1000
+ match {
+ expr {
+ expression = <<-EOT
evaluatePreconfiguredExpr('xss-stable', ['owasp-crs-v030001-id941340-xss',
'owasp-crs-v030001-id941130-xss',
'owasp-crs-v030001-id941170-xss',
'owasp-crs-v030001-id941330-xss',
]
)
EOT
}
}
}
}