如何在terraform中分割地圖的值以創建列表？

Question

我有一個具有許多值（NACL規則）的地圖變量。我想添加規則相應

variable "rules" { 
    default = { 
    a = "200,false,tcp,allow,0.0.0.0/0,23,23" 
    b = "100,true,tcp,allow,0.0.0.0/0,1024,65535" 
    } 
} 


resource "aws_network_acl_rule" "bar" { 
    network_acl_id = "<id>" 
    rule_number = "${split(",",element(values(var.rules),count.index))[0]}" 
    egress   = "${split(",",element(values(var.rules),count.index))[1]}" 
    protocol  = "${split(",",element(values(var.rules),count.index))[2]}" 
    rule_action = "${split(",",element(values(var.rules),count.index))[3]}" 
    cidr_block  = "${split(",",element(values(var.rules),count.index))[4]}" 
    from_port  = "${split(",",element(values(var.rules),count.index))[5]}" 
    to_port  = "${split(",",element(values(var.rules),count.index))[6]}" 
    count   = "${length(values(var.rules))}" 
} 

錯誤： expected "}" but found "["

由於具有列爲值映射不支持，我試圖分裂的價值觀和迭代

Answer 1

下面是一個簡單的的方式來處理與地圖rules

variable "rules" { 
    default = { 
    "0" = "200,false,tcp,allow,0.0.0.0/0,23,23" 
    "1" = "100,true,tcp,allow,0.0.0.0/0,1024,65535" 
    } 
} 

resource "aws_vpc" "main" { 
    cidr_block = "10.0.0.0/16" 
} 

resource "aws_network_acl" "bar" { 
    vpc_id = "${aws_vpc.main.id}" 
} 

resource "aws_network_acl_rule" "bar" { 
    count   = "${length(var.rules)}" 
    network_acl_id = "${aws_network_acl.bar.id}" 
    rule_number = "${element(split(",",var.rules[count.index]),0)}" 
    egress   = "${element(split(",",var.rules[count.index]),1)}" 
    protocol  = "${element(split(",",var.rules[count.index]),2)}" 
    rule_action = "${element(split(",",var.rules[count.index]),3)}" 
    cidr_block  = "${element(split(",",var.rules[count.index]),4)}" 
    from_port  = "${element(split(",",var.rules[count.index]),5)}" 
    to_port  = "${element(split(",",var.rules[count.index]),6)}" 
} 

如果你堅持使用舊地圖，關鍵是「A，b，...」，你需要調整資源

variable "rules" { 
    default = { 
    "a" = "200,false,tcp,allow,0.0.0.0/0,23,23" 
    "b" = "100,true,tcp,allow,0.0.0.0/0,1024,65535" 
    } 
} 

resource "aws_network_acl_rule" "bar" { 
    count   = "${length(var.rules)}" 
    network_acl_id = "${aws_network_acl.bar.id}" 
    rule_number = "${element(split(",",element(values(var.rules),count.index)),0)}" 
    egress   = "${element(split(",",element(values(var.rules),count.index)),1)}" 
    protocol  = "${element(split(",",element(values(var.rules),count.index)),2)}" 
    rule_action = "${element(split(",",element(values(var.rules),count.index)),3)}" 
    cidr_block  = "${element(split(",",element(values(var.rules),count.index)),4)}" 
    from_port  = "${element(split(",",element(values(var.rules),count.index)),5)}" 
    to_port  = "${element(split(",",element(values(var.rules),count.index)),6)}" 
} 

Answer 2

另一種選擇，更易於閱讀，是lookup()：

variable "rules" { 
    default = [ 
    { 
     rule_number = 200 
     egress = false 
     protocol = "tcp" 
     rule_action = "allow" 
     cidr_block = "0.0.0.0/0" 
     from_port= 23 
     to_port = 23 
    }, 
    { 
     rule_number = 100 
     egress = true 
     procotol = "tcp" 
     rule_action = "allow" 
     cidr_block = "0.0.0.0/0" 
     from_port = 1024 
     to_port = 65535 
    }, 
    ] 
} 

resource "aws_network_acl_rule" "bar" { 
    count   = "${length(var.rules)}" 
    network_acl_id = "<id>" 
    rule_number = "${lookup(var.rules[count.index], "rule_number")}" 
    egress   = "${lookup(var.rules[count.index], "egress")}" 
    protocol  = "${lookup(var.rules[count.index], "protocol")}" 
    rule_action = "${lookup(var.rules[count.index], "rule_action")}" 
    cidr_block  = "${lookup(var.rules[count.index], "cidr_block")}" 
    from_port  = "${lookup(var.rules[count.index], "from_port")}" 
    to_port  = "${lookup(var.rules[count.index], "to_port")}" 
}