使用 csv 地形化多个 NSG
terraform multiple NSG using csv
我正在尝试遵循此处给出的解决方案
这是我的模块:Module-Azure-Nsg-V3/main.tf
locals {
# read csv file
list_of_csv_lines = csvdecode(file(var.csv_file_name))
# collect all nsg names , (Unique)
all_nsg_names = distinct([for item in local.list_of_csv_lines : item.nsg_name])
# collect all nsg names other syntax , (Unique)
all_nsg_names_again = distinct(local.list_of_csv_lines[*].nsg_name)
# Loop over all unique names ---> for item in local.all_nsg_names :
# create a key of nsg name item ----> "${item}" =>
# And to now fill value in that dictionary item key,
# Loop over list of csv lines
# pick the line
# if nsg_name matches item
combine = {
for item in local.all_nsg_names :
"${item}" => [
for line in local.list_of_csv_lines : line
if item == line.nsg_name
]
}
}
resource "azurerm_network_security_group" "this" {
for_each = local.combine
name = each.key
location = var.location
resource_group_name = var.resource_group_name
dynamic "security_rule" {
for_each = each.value
content {
name = security_rule.value["nsg_name"]
priority = security_rule.value["priority"]
direction = security_rule.value["direction"]
access = security_rule.value["access"]
protocol = security_rule.value["protocol"]
source_port_range = security_rule.value["source_port_range"]
destination_port_range = security_rule.value["destination_port_range"]
source_address_prefix = security_rule.value["source_address_prefix"]
destination_address_prefix = security_rule.value["destination_address_prefix"]
}
}
}
output "all-nsg-names-in-output" {
value = local.all_nsg_names
}
output "all-nsg-names-in-output-again" {
value = local.all_nsg_names_again
}
output "combine-output"{
value = local.combine
}
这是我的模块:Module-Azure-Nsg-V3/variables.tf
variable "csv_file_name" {
type = string
default = null
}
variable "resource_group_name" {
description = "Name of the resource Group"
type = string
default = null
}
variable "location" {
description = "enviroment in which you are working"
type = string
default = null
}
现在我正在使用上面提到的模块来创建 NSG。
这是我的 nsg_rules.csv
nsg_name,rulename,priority,direction,access,protocol,source_port_range,destination_port_range,source_address_prefix,destination_address_prefix
nsg01,Rule01,100,Inbound,Allow,Tcp,80,*,*,*
nsg01,Rule02,110,Inbound,Allow,Tcp,443,*,*,*
nsg02,Rule01,100,Inbound,Allow,Tcp,80,*,*,*
nsg02,Rule02,110,Inbound,Allow,Tcp,443,*,*,*
nsg03,Rule01,100,Inbound,Allow,Tcp,80,*,*,*
这是variables.tf文件
variable "csv_file_name" {
type = string
default = "nsg_rules.csv"
}
variable "location" {
description = "enviroment in which you are working"
type = string
default = "eastus"
}
variable "resource_group_name" {
description = "Name of the resource Group"
type = string
default = "terraform_rg"
}
和main.tf
module "Module-Azure-Nsg-V3" {
source = "./Module-Azure-Nsg-V3"
csv_file_name = var.csv_file_name
location = var.location
resource_group_name = var.resource_group_name
}
output "display_this" {
value = module.Module-Azure-Nsg-V3.all-nsg-names-in-output
}
output "display_this_again" {
value = module.Module-Azure-Nsg-V3.all-nsg-names-in-output-again
}
output "all-nsg-rules" {
value = module.Module-Azure-Nsg-V3.combine-output
}
但我收到错误。
╷
│ Error: Invalid index
│
│ on Module-Azure-Nsg-V3/main.tf line 46, in resource "azurerm_network_security_group" "this":
│ 46: destination_address_prefix = security_rule.value["destination_address_prefix"]
│ ├────────────────
│ │ security_rule.value is object with 10 attributes
│
│ The given key does not identify an element in this collection value.
destination_address_prefix 实际上是 "destination_address_prefix " - 在 destination_address_prefix.[=13 之后,您的 csv 文件中有 额外的 space =]
我正在尝试遵循此处给出的解决方案
这是我的模块:Module-Azure-Nsg-V3/main.tf
locals {
# read csv file
list_of_csv_lines = csvdecode(file(var.csv_file_name))
# collect all nsg names , (Unique)
all_nsg_names = distinct([for item in local.list_of_csv_lines : item.nsg_name])
# collect all nsg names other syntax , (Unique)
all_nsg_names_again = distinct(local.list_of_csv_lines[*].nsg_name)
# Loop over all unique names ---> for item in local.all_nsg_names :
# create a key of nsg name item ----> "${item}" =>
# And to now fill value in that dictionary item key,
# Loop over list of csv lines
# pick the line
# if nsg_name matches item
combine = {
for item in local.all_nsg_names :
"${item}" => [
for line in local.list_of_csv_lines : line
if item == line.nsg_name
]
}
}
resource "azurerm_network_security_group" "this" {
for_each = local.combine
name = each.key
location = var.location
resource_group_name = var.resource_group_name
dynamic "security_rule" {
for_each = each.value
content {
name = security_rule.value["nsg_name"]
priority = security_rule.value["priority"]
direction = security_rule.value["direction"]
access = security_rule.value["access"]
protocol = security_rule.value["protocol"]
source_port_range = security_rule.value["source_port_range"]
destination_port_range = security_rule.value["destination_port_range"]
source_address_prefix = security_rule.value["source_address_prefix"]
destination_address_prefix = security_rule.value["destination_address_prefix"]
}
}
}
output "all-nsg-names-in-output" {
value = local.all_nsg_names
}
output "all-nsg-names-in-output-again" {
value = local.all_nsg_names_again
}
output "combine-output"{
value = local.combine
}
这是我的模块:Module-Azure-Nsg-V3/variables.tf
variable "csv_file_name" {
type = string
default = null
}
variable "resource_group_name" {
description = "Name of the resource Group"
type = string
default = null
}
variable "location" {
description = "enviroment in which you are working"
type = string
default = null
}
现在我正在使用上面提到的模块来创建 NSG。
这是我的 nsg_rules.csv
nsg_name,rulename,priority,direction,access,protocol,source_port_range,destination_port_range,source_address_prefix,destination_address_prefix
nsg01,Rule01,100,Inbound,Allow,Tcp,80,*,*,*
nsg01,Rule02,110,Inbound,Allow,Tcp,443,*,*,*
nsg02,Rule01,100,Inbound,Allow,Tcp,80,*,*,*
nsg02,Rule02,110,Inbound,Allow,Tcp,443,*,*,*
nsg03,Rule01,100,Inbound,Allow,Tcp,80,*,*,*
这是variables.tf文件
variable "csv_file_name" {
type = string
default = "nsg_rules.csv"
}
variable "location" {
description = "enviroment in which you are working"
type = string
default = "eastus"
}
variable "resource_group_name" {
description = "Name of the resource Group"
type = string
default = "terraform_rg"
}
和main.tf
module "Module-Azure-Nsg-V3" {
source = "./Module-Azure-Nsg-V3"
csv_file_name = var.csv_file_name
location = var.location
resource_group_name = var.resource_group_name
}
output "display_this" {
value = module.Module-Azure-Nsg-V3.all-nsg-names-in-output
}
output "display_this_again" {
value = module.Module-Azure-Nsg-V3.all-nsg-names-in-output-again
}
output "all-nsg-rules" {
value = module.Module-Azure-Nsg-V3.combine-output
}
但我收到错误。
╷
│ Error: Invalid index
│
│ on Module-Azure-Nsg-V3/main.tf line 46, in resource "azurerm_network_security_group" "this":
│ 46: destination_address_prefix = security_rule.value["destination_address_prefix"]
│ ├────────────────
│ │ security_rule.value is object with 10 attributes
│
│ The given key does not identify an element in this collection value.
destination_address_prefix 实际上是 "destination_address_prefix " - 在 destination_address_prefix.[=13 之后,您的 csv 文件中有 额外的 space =]