具有可变对象的 Terraform 条件动态块

Question

我正在尝试使用对象的变量列表来定义值的类型和默认值，并在动态块中使用它。我知道有一个实验性功能，但只是想知道如果没有实验性功能我将如何做到这一点？

variables.rf

variable "identity" {
  type = list(object({
    type = string
    identity_ids = list(string)
  }))
  default = [
    {
      type = null
      identity_ids = null
    }
  ]
}

ma​​in.tf

resource "azurerm_cognitive_account" "azure" {
  # Required
  name                = var.name
  location            = var.location
  resource_group_name = var.resource_group_name
  kind                = var.kind
  sku_name            = var.sku_name

  dynamic "identity" {
    for_each = var.identity
    content {
      type         = identity.value.type
      identity_ids = identity.value.identity_ids
    }
  }
}

作为模块使用

module "cognitive_account" {
  source                = "../modules/cognitive-account"
  name                  = "name"
  location              = "Australia East"
  resource_group_name   = module.rg.name
  kind                  = "TextAnalytics"
  sku_name              = "S"
  custom_subdomain_name = "unique-name"


  identity = [{
    type = "SystemAssigned"
  }]
}

使用该代码会给我一个错误：

│ Error: Invalid value for module argument
│
│   on main.tf line 66, in module "cognitive_account":
│   66:   identity = [{
│   67:     type = "SystemAssigned"
│   68:   }]
│
│ The given value is not suitable for child module variable "identity" defined at .terraform\modules\cognitive_account\variables.tf:123,1-20: element 0:
│ attribute "identity_ids" is required.

我不知道如何处理从对象块中省略identity_ids，我认为默认为null 会处理它。

Answer 1

@marcin，感谢您的提示，需要做更多工作才能使其正常工作：

variables.tf

variable "identity" {
  type = any
  description = <<EOT
    type = Specifies the type of Managed Service Identity that should be configured on the Cognitive Account. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned (to enable both).
    identity_ids = A list of IDs for User Assigned Managed Identity resources to be assigned.
  EOT
  default = null
}

ma​​in.tf

resource "azurerm_cognitive_account" "azure" {
  # Required
  name                = var.name
  location            = var.location
  resource_group_name = var.resource_group_name
  kind                = var.kind
  sku_name            = var.sku_name

  dynamic "identity" {
    for_each = var.identity == null ? [] : [true]
    content {
      type         = lookup(var.identity, "type", null)
      identity_ids = lookup(var.identity, "identity_ids", null)
    }
  }
}

使用模块

module "cognitive_account" {
  source                = "../modules/cognitive-account"
  name                  = "name"
  location              = "Australia East"
  resource_group_name   = module.rg.name
  kind                  = "TextAnalytics"
  sku_name              = "S"
  custom_subdomain_name = "unique-name"

  identity = {
    type = "SystemAssigned"
  }
}

现在标识块在没有提供的情况下被省略，标识变量中的每个对象都可以使用而不需要指定所有值。

Answer 2

错误不是因为动态块，而是因为你的identity是：

  type = list(object({
    type = string
    identity_ids = list(string)
  }))

这意味着identity_ids是必需的，但是当你使用你的模块时，你没有提供它：

  identity = [{
    type = "SystemAssigned"
  }]

您必须明确提供identity_ids：

  identity = [{
    type = "SystemAssigned"
    identity_ids = ["somevalue1", "somevalue2"]
  }]