如果您能提供有关此任务的帮助或任何想法,我将不胜感激。正如您在locals.var中看到的,Application和Environment键具有不同的值。但是作为JSON文件的结果,这两个键的值是相似的。如何设置正确的对应值?
我想value_tag应该是动态设置的。for_each-创建了很多文件。Dynamically block看起来对此不起作用。此外,我需要将所有内容放在一个JSON文件中。
错误结果
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"Application",
"Environment"
]
},
"StringEqualsIfExists": {
"aws:RequestTag/Application": [
"development",
"production"
],
"aws:RequestTag/Environment": [
"development",
"production"
]
}
}
}
]
}
正确的结果应该是这样
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"Application",
"Environment"
]
},
"StringEqualsIfExists": {
"aws:RequestTag/Application": [
"app-01",
"app-02"
],
"aws:RequestTag/Environment": [
"development",
"production"
]
}
}
}
]
}
locals {
enforce_tag = {
Environment = {
env01 = "development"
env02 = "production"
}
Application = {
app01 = "app-01"
app02 = "app-02"
}
}
}
data "template_file" "enforcetags" {
template = templatefile("${path.module}/enforcetags.tpl",
{
key_tag = [for key, value in local.enforce_tag : key]
value_tag = local.enforce_tag.Environment
}
)
}
模板文件:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": ${jsonencode([for key in key_tag : "${key}"
])
}
},
"StringEqualsIfExists": ${jsonencode(
{for key in key_tag: "aws:RequestTag/${key}" => value_tag
})
}
}
}
]
}
您很接近,但缺少一些东西。首先是一些解释,下面你可以找到我认为是解决你问题的方法。
有了这个:
value_tag = local.enforce_tag.Environment
你只接触过Environment地图,没有参考Application地图。相反,你可以使用它来传递这两张地图(一张由2张地图组成的地图(:
value_tag = local.enforce_tag
为了避免混淆,我们称之为:
- 称为
enforce_tag的大地图由以下内容组成: - 第一个小地图(用于环境(
- 第二个小地图(用于应用程序(
然后,为了在模板中正确使用它,在迭代标签(Application、Environment(时,您需要为相关标签获取相应的小映射:
value_tag[key]
最后一件事是,您似乎从未使用过小映射中的键(即,在您想要的输出中,我看不到env01或app02(。尽管如此,也许你出于其他原因需要这样做。如果是这样,您只对小地图的值感兴趣。不是整个地图,即
values(value_tag[key])
简而言之,以下内容应该有效:
Terraform
data "template_file" "enforcetags" {
template = templatefile("${path.module}/enforcetags.tpl",
{
key_tag = [for key, value in local.enforce_tag : key]
value_tag = local.enforce_tag
}
)
}
模板片段
"StringEqualsIfExists": ${jsonencode(
{for key in key_tag: "aws:RequestTag/${key}" => values(value_tag[key])}
)
}