小贝子编程

使用Terraform的Azure子网NSG关联



我正在尝试使用Terraform来自动设置VNet。这包括设置子网和nsg关联。下面是代码的部分作用。

代码示例: 

====== locals.tf ==================
locals {
subnets = {
private = var.allow_sub
public  = var.notallow_sub
admin    = var.admin_sub
}
}

====== variables.tf ====================
variable "allow_sub" {
description = "private"
type = object({
name                   = string
address_prefixes       = list(string)
network_security_group = string
route_table            = string
})
}
variable "notallow_sub" {
description = "public"
type = object({
name                   = string
address_prefixes       = list(string)
network_security_group = string
route_table            = string
})
}
variable "admin_sub" {
description = "management"
type = object({
name                   = string
address_prefixes       = list(string)
network_security_group = string
route_table            = string
})
}

==== input.tfvar ==============
notallow_sub = {
name                   = "test1"
address_prefixes       = ["10.100.1.0/24"]
network_security_group = "testnsg1" 
route_table            = "testrt3"    
}
allow_sub = {
name                   = "test2"
address_prefixes       = ["10.100.2.16/28"]
network_security_group = "testnsg2" 
route_table            = "testrt2"     
}
admin_sub = {
name                   = "test3"
address_prefixes       = ["10.100.3.0/28"]
network_security_group = "testnsg3" 
route_table            = "testrt21"   
}

=== main.tf ====
resource "azurerm_subnet" "mysubnet" {
for_each = var.subnets
name                 = each.key
resource_group_name  = var.rg_name
virtual_network_name = var.vnet_name
address_prefixes     = each.value.address_prefixes
}
.
.
.
resource "azurerm_subnet_network_security_group_association" "this" {
for_each = { for k, v in local.subnets : k => v if lookup(v, "network_security_group", "") != "" }
subnet_id                 = azurerm_subnet[each.value].id
network_security_group_id = azurerm_network_security_group[each.value].network_security_group.id
}
resource "azurerm_subnet_route_table_association" "this" {
for_each = { for k, v in local.subnets : k => v if lookup(v, "route_table", "") != "" }
subnet_id      = azurerm_subnet[each.value].id
route_table_id = azurerm_route_table[each.value].route_table.id
}

问题:

我得到了">错误:使引用无效。。。对资源类型的引用后面必须至少有一个属性访问,指定资源名称";在主.TF中的以下行进行TF验证期间:

  • subnet_id
  • rout_table_id

我认为我没有正确设置资源参考循环,需要一些指导。提前谢谢。

我假设您正在创建一个名为"的azurerm_subnet资源集合;mysubnet";(您没有在示例中显示该部分(。

因此,集合中的项目是资源本身,而不是资源类型。你应该这样做:

resource "azurerm_subnet_route_table_association" "this" {
for_each = { for k, v in local.subnets : k => v if lookup(v, "route_table", "") != "" }
subnet_id      = azurerm_subnet.mysubnet[each.key].id
route_table_id = azurerm_route_table.routetable[each.key].id
}

在引用mysubnet[each.key]元素时要特别注意。这里的each.key应该与您在azurerm_subnet定义中使用的密钥相同。

我现在无法测试,但我相信这是一条路要走。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium