Terraform:如何通过 json 文件迭代地图输入的键值对
Terraform: how to iterate over key-value pairs of map input via json file
这是我输入的json文件:
{
"inputs": [
{
"acct_id": "foo-bar-15",
"display_name": "foo bar",
"project-role-pairs": {"test-1234": "roles/logging.logWriter", "test-2345": "roles/storage.objectViewer"}
},
{
"acct_id": "foo-bar-16",
"display_name": "john doe",
"project-role-pairs": {"test-3456": "roles/logging.logWriter", "test-4567": "roles/storage.objectViewer"}
}
]
}
代码:
这是我根据输入在 GCP 中创建服务帐户的代码(该部分工作正常)。它还尝试根据上面 json 文件中的项目角色对映射在 2 个项目中创建 IAM 角色。我无法在地图上进行交互。我只是不知道为什么。就目前而言,代码只是将映射中的第一个键用于两者,就好像没有第二对键值一样。我已经看过“展平”和动态块和 setproduct。它们似乎不适合用例,或者我无法有效地使用它们。请帮忙。
locals {
json_data_7 = jsondecode(file("./data7.json"))
}
# Creates a Service Account for each top level in input
resource "google_service_account" "service_accounts_for_each_7" {
for_each = {for v in local.json_data_7.inputs: v.acct_id => v.display_name}
account_id = each.key
display_name = each.value
}
#
resource "google_project_iam_member" "rolebinding" {
for_each = { for v in local.json_data_7.inputs: v.acct_id => v }
project = element(keys(each.value.project-role-pairs),0) #ONLYfirst key in MAP , not what I want, I would like this part loop through map and create a role for each KV-pair in JSON input
role = lookup(each.value.project-role-pairs,element(keys(each.value.project-role-pairs),0))
member = "serviceAccount:${google_service_account.service_accounts_for_each_7[each.key].email}"
}
问题:
如何让我的代码遍历 JSON 文件中输入的 2 个键值对:project-roles-pairs?谢谢。
如果我没理解错的话,你需要在 inputs 和 project-role-pairs 上迭代两次。因此,您可以先创建一个 helper_list,如下所示:
locals {
helper_list = flatten([ for v in local.json_data_7.inputs:
[ for project, role in v.project-role-pairs:
{ "project" = project
"role" = role
acct_id = v.acct_id
display_name = v.display_name}
]
])
}
以上将导致 helper_list 为:
[
{
"acct_id" = "foo-bar-15"
"display_name" = "foo bar"
"project" = "test-1234"
"role" = "roles/logging.logWriter"
},
{
"acct_id" = "foo-bar-15"
"display_name" = "foo bar"
"project" = "test-2345"
"role" = "roles/storage.objectViewer"
},
{
"acct_id" = "foo-bar-16"
"display_name" = "john doe"
"project" = "test-3456"
"role" = "roles/logging.logWriter"
},
{
"acct_id" = "foo-bar-16"
"display_name" = "john doe"
"project" = "test-4567"
"role" = "roles/storage.objectViewer"
},
]
随后,您的 google_project_iam_member 可能是:
resource "google_project_iam_member" "rolebinding" {
for_each = { for idx, v in local.helper_list: idx => v }
project = each.value.project
role = each.value.role
member = "serviceAccount:${google_service_account.service_accounts_for_each_7[each.value.acct_id].email}"
}
请注意,以上可能需要调整,因为我通常不使用 GCP,因此我无法验证 google_project_iam_member 应该是什么样子。
这是我输入的json文件:
{
"inputs": [
{
"acct_id": "foo-bar-15",
"display_name": "foo bar",
"project-role-pairs": {"test-1234": "roles/logging.logWriter", "test-2345": "roles/storage.objectViewer"}
},
{
"acct_id": "foo-bar-16",
"display_name": "john doe",
"project-role-pairs": {"test-3456": "roles/logging.logWriter", "test-4567": "roles/storage.objectViewer"}
}
]
}
代码: 这是我根据输入在 GCP 中创建服务帐户的代码(该部分工作正常)。它还尝试根据上面 json 文件中的项目角色对映射在 2 个项目中创建 IAM 角色。我无法在地图上进行交互。我只是不知道为什么。就目前而言,代码只是将映射中的第一个键用于两者,就好像没有第二对键值一样。我已经看过“展平”和动态块和 setproduct。它们似乎不适合用例,或者我无法有效地使用它们。请帮忙。
locals {
json_data_7 = jsondecode(file("./data7.json"))
}
# Creates a Service Account for each top level in input
resource "google_service_account" "service_accounts_for_each_7" {
for_each = {for v in local.json_data_7.inputs: v.acct_id => v.display_name}
account_id = each.key
display_name = each.value
}
#
resource "google_project_iam_member" "rolebinding" {
for_each = { for v in local.json_data_7.inputs: v.acct_id => v }
project = element(keys(each.value.project-role-pairs),0) #ONLYfirst key in MAP , not what I want, I would like this part loop through map and create a role for each KV-pair in JSON input
role = lookup(each.value.project-role-pairs,element(keys(each.value.project-role-pairs),0))
member = "serviceAccount:${google_service_account.service_accounts_for_each_7[each.key].email}"
}
问题:
如何让我的代码遍历 JSON 文件中输入的 2 个键值对:project-roles-pairs?谢谢。
如果我没理解错的话,你需要在 inputs 和 project-role-pairs 上迭代两次。因此,您可以先创建一个 helper_list,如下所示:
locals {
helper_list = flatten([ for v in local.json_data_7.inputs:
[ for project, role in v.project-role-pairs:
{ "project" = project
"role" = role
acct_id = v.acct_id
display_name = v.display_name}
]
])
}
以上将导致 helper_list 为:
[
{
"acct_id" = "foo-bar-15"
"display_name" = "foo bar"
"project" = "test-1234"
"role" = "roles/logging.logWriter"
},
{
"acct_id" = "foo-bar-15"
"display_name" = "foo bar"
"project" = "test-2345"
"role" = "roles/storage.objectViewer"
},
{
"acct_id" = "foo-bar-16"
"display_name" = "john doe"
"project" = "test-3456"
"role" = "roles/logging.logWriter"
},
{
"acct_id" = "foo-bar-16"
"display_name" = "john doe"
"project" = "test-4567"
"role" = "roles/storage.objectViewer"
},
]
随后,您的 google_project_iam_member 可能是:
resource "google_project_iam_member" "rolebinding" {
for_each = { for idx, v in local.helper_list: idx => v }
project = each.value.project
role = each.value.role
member = "serviceAccount:${google_service_account.service_accounts_for_each_7[each.value.acct_id].email}"
}
请注意,以上可能需要调整,因为我通常不使用 GCP,因此我无法验证 google_project_iam_member 应该是什么样子。