Terraform -如何从YAML文件创建组和用户

Admins:
- michael
- jon
Developers:
- raheem
- kylian
Readers:
- john
- katy

locals {
user-group = yamldecode(file("${path.root}/groups-users.yaml"))["groups"]
#Flatten, which crates structure like this for every user:
#{
#  "group" = "Admins"
#  "user" = "michael"
#},
user-group-flt = flatten([
for k1,v_groups in local.user-group : [
for k2,v_group in v_groups : [
for k3,v_user in v_group : {
group = k2
user  = v_user
}
]
]
])
#List of groups
groups = [for d in local.user-group-flt: d.group]
#List of users
users  = [for d in local.user-group-flt: d.user]

}
module "aws_groups" {
source = "../modules/iam/group"
for_each = toset(local.groups)
name = each.value
}
module "aws_users" {
source = "../modules/iam/user"
for_each = toset(local.users)
name = each.value
}

我怀疑问题中的示例不是最新的，因为没有用于过滤的groups。然而，我想我已经达到了你想要的。为了获得包含用户和组的映射列表，您必须编辑for循环:

locals {
user-group-flt = flatten([
for g, members in local.user-group : [
for u in members : {
group = g
user  = u
}
]
])
}

创建如下列表:

> local.user-group-flt
[
{
"group" = "Admins"
"user" = "michael"
},
{
"group" = "Admins"
"user" = "jon"
},
{
"group" = "Developers"
"user" = "raheem"
},
{
"group" = "Developers"
"user" = "kylian"
},
{
"group" = "Readers"
"user" = "john"
},
{
"group" = "Readers"
"user" = "katy"
},
]

那么，随后的for循环也将工作。用户:

> [for user in local.user-group-flt: user.user ]
[
"michael",
"jon",
"raheem",
"kylian",
"john",
"katy",
]

对于组:

> [for group in local.user-group-flt: group.group ]
[
"Admins",
"Admins",
"Developers",
"Developers",
"Readers",
"Readers",
]

但是，由于您想要获取映射列表中的所有元素，因此可以使用一种速记语法来代替for循环:

groups = distinct(local.user-group-flt[*].group)
users  = local.user-group-flt[*].user

最后两个示例使用Terraform术语中的通配符或splat表达式[1]来获取列表的所有元素。此外，distinct内置函数[2]将从列表中删除任何重复项。

---

[1] https://developer.hashicorp.com/terraform/language/expressions/splat

[2] https://developer.hashicorp.com/terraform/language/functions/distinct