我正在尝试更新我现有的azurerm_subnet
地形代码被很多人吃掉了。所以我们不想破坏现有的tfvars
从2.0版本开始,network_security_group_id
的折旧字段从azurerm_subnet
变为新的资源azurerm_network_interface_security_group_association
。
现有代码
resource "azurerm_subnet" "generic_subnet" {
count = "${length(var.subnet_names)}"
name = "${element("${var.subnet_names}", count.index)}"
resource_group_name = "${var.resource_group_name}"
virtual_network_name = "${azurerm_virtual_network.generic_vnet.name}"
address_prefix = "${element("${var.subnet_address_ranges}", count.index)}"
service_endpoints = "${var.service_endpoints[count.index]}"
network_security_group_id = "${element(var.subnet_nsg_ids, count.index)}"
route_table_id = "${element(var.subnet_route_tables, count.index)}"
}
tfvars:
subnet_address_ranges = [
"10.102.40.0/22",
"10.102.44.0/24",
"10.102.45.0/25"
]
subnet_names = [
"private-subnet-01",
"public-subnet-01",
"protected-subnet-01"
]
service_endpoints = [
["Microsoft.AzureCosmosDB","Microsoft.KeyVault", "Microsoft.Storage","Microsoft.Sql","Microsoft.AzureActiveDirectory","Microsoft.ContainerRegistry","Microsoft.EventHub","Microsoft.ServiceBus","Microsoft.Web"],
[],
["Microsoft.KeyVault", "Microsoft.Storage"]
]
subnet_nsg_ids = [
"/subscriptions/yyyy/resourceGroups/yyy/providers/Microsoft.Network/networkSecurityGroups/nsg-01",
"",
"/subscriptions/yyyy/resourceGroups/yyy/providers/Microsoft.Network/networkSecurityGroups/nsg-02"
]
<<p>更新代码/strong>(通过引入azurerm_network_interface_security_group_association
资源)
resource "azurerm_subnet" "generic_subnet" {
count = "${length(var.subnet_names)}"
name = "${element("${var.subnet_names}", count.index)}"
resource_group_name = "${var.resource_group_name}"
virtual_network_name = "${azurerm_virtual_network.generic_vnet.name}"
address_prefix = "${element("${var.subnet_address_ranges}", count.index)}"
service_endpoints = "${var.service_endpoints[count.index]}"
network_security_group_id = "${element(var.subnet_nsg_ids, count.index)}"
route_table_id = "${element(var.subnet_route_tables, count.index)}"
}
resource "azurerm_subnet_network_security_group_association" "generic_nsg_association" {
count= "${length(var.subnet_nsg_ids)}"
subnet_id = "${element(azurerm_subnet.generic_subnet.*.id, count.index)}"
network_security_group_id = "${element(var.subnet_nsg_ids, count.index)}"
}
显然我的新资源会通过抛出类似
这样的错误来破坏所有的tfvar错误:cannot parse "network_security_group_id"作为资源id:无法解析Azure ID: parse ":空url
../../../主要。第41行,在资源"azurerm_subnet_network_security_group_association"generic_nsg_association"; 41; network_security_group_id = ."${元素(var。subnet_nsg_ids count.index)}">
原因是我们需要给network_security_group_id
参数。然而,我所有现有的tfvar都有一个结构支持subnet_nsg_ids
列表与一个空字符串。
所以我的问题是,是否有一种方法可以在我的azurerm_subnet_network_security_group_association
资源列表中只循环一个特定的索引。例如,只循环[0]和[2],但跳过[1](,因为[1]是空字符串)
我不需要只使用count
。如果这种跳过是可能的,我也很乐意使用for_each
。
我不确定我完全理解你的问题,但如果你想跳过你的network_security_group_id
时,有一个空字符串,你可以这样做:
network_security_group_id = element(var.subnet_nsg_ids, count.index) != "" ? element(var.subnet_nsg_ids, count.index) : null
如果你想过滤掉带有空字符串的条目,你可以这样做:
for_each = [for idx, val in var.subnet_names): val if var.subnet_nsg_ids[idx] != ""]