Terraform 0.12.31 ...操作员问题
Terraform 0.12.31 ... Operator issues
我有两个 Terraform 项目,一个在 1.x 中,一个在 0.12.31 中。我最近写了一段代码来将一个复杂的配置对象处理成一个对象映射,以便在 for_each 资源中使用以应用 RBAC:
lz_container_rbac_list = merge([
for container, rbacs in var.platform_rbac.storage_account.landing_zone.container : {
for rbac in rbacs :
"${container}-${rbac.principal_id}" => {
"container" = container
"role" = rbac.role
"principal_id" = rbac.principal_id
}
}
]...)
此代码在 Terraform 1.x 中有效,但在 0.12.31 中会抛出错误。它似乎在两个版本之间以不同方式处理 merge 的输出,但我无法弄清楚为什么,或者如何在 Terraform 0 中获得相同的结果。12.x
错误输出:
Error: Invalid expanding argument value
on locals.tf line 21, in locals:
21: lz_container_rbac_list = merge([
22: for container, rbacs in var.platform_rbac.storage_account.landing_zone.container : {
23: for rbac in rbacs :
24: "${container}-${rbac.principal_id}" => {
25: "container" = container
26: "role" = rbac.role
27: "principal_id" = rbac.principal_id
28: }
29: }
30: ]...)
The expanding argument (indicated by ...) must be of a tuple, list, or set
type.
任何帮助将不胜感激
-- 编辑
此处查看的输入 (var.platform_rbac.storage_account) 是 object:
storage_account = object({
landing_zone = object({
rbac_permission = list(object({
role = string
principal_id = string
})),
container = map(list(object({
role = string
principal_id = string
})))
}),
<snip>
})
代码的预期输出将是 map(object())。例子:
{
"container1-asdjijw-a2123-asd-2e2" : {
"container" : "container1",
"role" : "Storage Blob Data Contributor",
"principal_id" : "asdjijw-a2123-asd-2e2"
},
"container1-1234-5678-1234-9876" : {
"container" : "container1",
"role" : "Storage Blob Data Contributor",
"principal_id" : "1234-5678-1234-9876"
},
<etc>
}
-- 编辑
示例输入:
platform_rbac = {
"storage_account" : {
"landing_zone" : {
"rbac_permission" : [<snip>],
"container" : {
"metadata" : [
{
"role" : "Storage Blob Data Contributor",
"principal_id" : "1234567-1234567-12345678-12345678" # AD Group
},
{
"role" : "Storage Blob Data Contributor",
"principal_id" : "0987657-9876543-987654-98765" # AD Group
}
],
"container1" : [
{
"role" : "Storage Blob Data Contributor",
"principal_id" : "1234567-1234567-12345678-12345678" # AD Group
},
{
"role" : "Storage Blob Data Contributor",
"principal_id" : "0987657-9876543-987654-98765" # AD Group
}
],
}
}
}
}
您的 merge 非常适合新版本的 TF。但 0.12 中的等效代码是:
locals {
lz_container_rbac_list = flatten([
for container, rbacs in var.platform_rbac.storage_account.landing_zone.container: [
for rbac in rbacs: {
"${container}-${rbac.principal_id}" = merge(rbac, {"container" = container})
}
]
])
}
我最终分两步解决了这个问题,而不是一步。首先 for 循环到列表中:
lz_container_rbac_list_prestep = [
for container, rbacs in var.platform_rbac.storage_account.landing_zone.container : {
for rbac in rbacs :
"${container}-${rbac.principal_id}" => {
"container" = container
"role" = rbac.role
"principal_id" = rbac.principal_id
}
}
]
其次,我得到那个输出 merge/flatten 它
lz_container_rbac_list = merge(flatten([local.lz_container_rbac_list_prestep])...)
这给了我正确/相同的输出
我有两个 Terraform 项目,一个在 1.x 中,一个在 0.12.31 中。我最近写了一段代码来将一个复杂的配置对象处理成一个对象映射,以便在 for_each 资源中使用以应用 RBAC:
lz_container_rbac_list = merge([
for container, rbacs in var.platform_rbac.storage_account.landing_zone.container : {
for rbac in rbacs :
"${container}-${rbac.principal_id}" => {
"container" = container
"role" = rbac.role
"principal_id" = rbac.principal_id
}
}
]...)
此代码在 Terraform 1.x 中有效,但在 0.12.31 中会抛出错误。它似乎在两个版本之间以不同方式处理 merge 的输出,但我无法弄清楚为什么,或者如何在 Terraform 0 中获得相同的结果。12.x
错误输出:
Error: Invalid expanding argument value
on locals.tf line 21, in locals:
21: lz_container_rbac_list = merge([
22: for container, rbacs in var.platform_rbac.storage_account.landing_zone.container : {
23: for rbac in rbacs :
24: "${container}-${rbac.principal_id}" => {
25: "container" = container
26: "role" = rbac.role
27: "principal_id" = rbac.principal_id
28: }
29: }
30: ]...)
The expanding argument (indicated by ...) must be of a tuple, list, or set
type.
任何帮助将不胜感激
-- 编辑
此处查看的输入 (var.platform_rbac.storage_account) 是 object:
storage_account = object({
landing_zone = object({
rbac_permission = list(object({
role = string
principal_id = string
})),
container = map(list(object({
role = string
principal_id = string
})))
}),
<snip>
})
代码的预期输出将是 map(object())。例子:
{
"container1-asdjijw-a2123-asd-2e2" : {
"container" : "container1",
"role" : "Storage Blob Data Contributor",
"principal_id" : "asdjijw-a2123-asd-2e2"
},
"container1-1234-5678-1234-9876" : {
"container" : "container1",
"role" : "Storage Blob Data Contributor",
"principal_id" : "1234-5678-1234-9876"
},
<etc>
}
-- 编辑
示例输入:
platform_rbac = {
"storage_account" : {
"landing_zone" : {
"rbac_permission" : [<snip>],
"container" : {
"metadata" : [
{
"role" : "Storage Blob Data Contributor",
"principal_id" : "1234567-1234567-12345678-12345678" # AD Group
},
{
"role" : "Storage Blob Data Contributor",
"principal_id" : "0987657-9876543-987654-98765" # AD Group
}
],
"container1" : [
{
"role" : "Storage Blob Data Contributor",
"principal_id" : "1234567-1234567-12345678-12345678" # AD Group
},
{
"role" : "Storage Blob Data Contributor",
"principal_id" : "0987657-9876543-987654-98765" # AD Group
}
],
}
}
}
}
您的 merge 非常适合新版本的 TF。但 0.12 中的等效代码是:
locals {
lz_container_rbac_list = flatten([
for container, rbacs in var.platform_rbac.storage_account.landing_zone.container: [
for rbac in rbacs: {
"${container}-${rbac.principal_id}" = merge(rbac, {"container" = container})
}
]
])
}
我最终分两步解决了这个问题,而不是一步。首先 for 循环到列表中:
lz_container_rbac_list_prestep = [
for container, rbacs in var.platform_rbac.storage_account.landing_zone.container : {
for rbac in rbacs :
"${container}-${rbac.principal_id}" => {
"container" = container
"role" = rbac.role
"principal_id" = rbac.principal_id
}
}
]
其次,我得到那个输出 merge/flatten 它
lz_container_rbac_list = merge(flatten([local.lz_container_rbac_list_prestep])...)
这给了我正确/相同的输出