Terraform 结合了查找和 splat 语法
Terraform combine lookup and splat syntax
我正在尝试使用 Terraform 预配多个 Azure 虚拟机,然后获取权利的 MSI 身份 ID。我从这个适用于我的 MSI 示例 (https://www.terraform.io/docs/providers/azurerm/authenticating_via_msi.html) 开始,并尝试添加计数,即
resource "azurerm_virtual_machine" "virtual_machine" {
count = "5"
name = "test"
....
identity = {
type = "SystemAssigned"
}
.....
}
resource "azurerm_virtual_machine_extension" "virtual_machine_extension" {
count = "5"
name = "test"
location = "${var.location}"
resource_group_name = "test"
virtual_machine_name = "${element(azurerm_virtual_machine.virtual_machine.*.name, count.index)}"
publisher = "Microsoft.ManagedIdentity"
type = "ManagedIdentityExtensionForWindows"
type_handler_version = "1.0"
settings = <<SETTINGS
{
"port": 50342
}
SETTINGS
}
output "vm_principals" {
# original had --- "${lookup(azurerm_virtual_machine.virtual_machine.identity[0], "principal_id"}"
value = ["${azurerm_virtual_machine.virtual_machine.*.identity[0]}"]
}
问题是我得到如下输出数组:
vm_principals = [
{
principal_id = xxxxxxxxxxxxx,
type = SystemAssigned
},
{
principal_id = yyyyyyyyyyyyy,
type = SystemAssigned
}
]
我想得到的是
vm_principals = [
xxxxxxxxxxxxxxxxx,
yyyyyyyyyyyyyyyyy
]
我尝试了明显的变体,但我怀疑这是 Terraform 的限制。
value = ["${lookup(azurerm_virtual_machine.virtual_machine.*.identity[0], "principal_id)}"]
有什么想法吗?
不幸的是,你是对的。我相信您正在点击 this issue. However, this will probably be solved in v0.12 of Terraform as it will introduce a revamped language (HCL). See this Hashicorp blog article 了解更多详情。
这是我处理这个问题的方式
resource "azurerm_virtual_machine" "kubenode" {
count = "3"
...
}
对于名为 kubenode 的 azurerm_virtual_machine 资源,您可以这样做:
${azurerm_virtual_machine.kubenode.*.identity.0.principal_id}
这将 return 主体 ID 列表。然后你可以这样做:
${azurerm_virtual_machine.kubenode.*.identity.0.principal_id[count.index]}
例如在角色分配场景中:
resource "azurerm_role_assignment" "kubenode-subscription-reader-role" {
count = "${azurerm_virtual_machine.kubenode.count}"
scope = "${data.azurerm_subscription.primary.id}"
role_definition_name = "Reader"
principal_id = "${azurerm_virtual_machine.kubenode.*.identity.0.principal_id[count.index]}"
}
我正在尝试使用 Terraform 预配多个 Azure 虚拟机,然后获取权利的 MSI 身份 ID。我从这个适用于我的 MSI 示例 (https://www.terraform.io/docs/providers/azurerm/authenticating_via_msi.html) 开始,并尝试添加计数,即
resource "azurerm_virtual_machine" "virtual_machine" {
count = "5"
name = "test"
....
identity = {
type = "SystemAssigned"
}
.....
}
resource "azurerm_virtual_machine_extension" "virtual_machine_extension" {
count = "5"
name = "test"
location = "${var.location}"
resource_group_name = "test"
virtual_machine_name = "${element(azurerm_virtual_machine.virtual_machine.*.name, count.index)}"
publisher = "Microsoft.ManagedIdentity"
type = "ManagedIdentityExtensionForWindows"
type_handler_version = "1.0"
settings = <<SETTINGS
{
"port": 50342
}
SETTINGS
}
output "vm_principals" {
# original had --- "${lookup(azurerm_virtual_machine.virtual_machine.identity[0], "principal_id"}"
value = ["${azurerm_virtual_machine.virtual_machine.*.identity[0]}"]
}
问题是我得到如下输出数组:
vm_principals = [
{
principal_id = xxxxxxxxxxxxx,
type = SystemAssigned
},
{
principal_id = yyyyyyyyyyyyy,
type = SystemAssigned
}
]
我想得到的是
vm_principals = [
xxxxxxxxxxxxxxxxx,
yyyyyyyyyyyyyyyyy
]
我尝试了明显的变体,但我怀疑这是 Terraform 的限制。
value = ["${lookup(azurerm_virtual_machine.virtual_machine.*.identity[0], "principal_id)}"]
有什么想法吗?
不幸的是,你是对的。我相信您正在点击 this issue. However, this will probably be solved in v0.12 of Terraform as it will introduce a revamped language (HCL). See this Hashicorp blog article 了解更多详情。
这是我处理这个问题的方式
resource "azurerm_virtual_machine" "kubenode" {
count = "3"
...
}
对于名为 kubenode 的 azurerm_virtual_machine 资源,您可以这样做:
${azurerm_virtual_machine.kubenode.*.identity.0.principal_id}
这将 return 主体 ID 列表。然后你可以这样做:
${azurerm_virtual_machine.kubenode.*.identity.0.principal_id[count.index]}
例如在角色分配场景中:
resource "azurerm_role_assignment" "kubenode-subscription-reader-role" {
count = "${azurerm_virtual_machine.kubenode.count}"
scope = "${data.azurerm_subscription.primary.id}"
role_definition_name = "Reader"
principal_id = "${azurerm_virtual_machine.kubenode.*.identity.0.principal_id[count.index]}"
}