我是 Terraform 和學習的新手。我必須在資源塊中提供兩個角色(內置和自定義),這在 terraform 中支持嗎?
variable "role_definition_id" {
type = list(string)
description = "Role definition id"
default = ["READER", "Custom_role"]
}
resource "azurerm_role_assignment" "example" {
for_each = toset(local.principal_ids)
scope = data.azurerm_subscription.primary.id
role_definition_name = var.role_definition_id
principal_id = each.key
}
錯誤:
Error: Incorrect attribute value type
│
│ on namespace/main.tf line 109, in resource "azurerm_role_assignment" "example":
│ 109: role_definition_name = var.role_definition_id
│ ├────────────────
│ │ var.role_definition_id is a list of dynamic, known only after apply
│
│ Inappropriate value for attribute "role_definition_name": string required.
我已經在使用 for_each 來拉入資源塊中的 principal_id 串列,所以我想知道是否有辦法在回圈中設定它,所以這兩個角色都適用于相關的 principal_id。
我看不到在資源塊中有多個角色的任何好的例子..有什么建議嗎?
uj5u.com熱心網友回復:
role_definition_name應該是字串,而不是串列。您可以嘗試以下操作:
resource "azurerm_role_assignment" "example" {
for_each = {for idx, value in toset(local.principal_ids): idx=>value}
scope = data.azurerm_subscription.primary.id
role_definition_name = element(var.role_definition_id, each.key)
principal_id = each.value.id
}
確切的形式取決于如何local.principal_ids定義,但遺憾的是您沒有在問題中提供此類資訊。
uj5u.com熱心網友回復:
role_definition_name 不能是一個串列,所以你必須更新你的代碼:
resource "azurerm_role_assignment" "example" {
for_each = toset(local.principal_ids)
scope = data.azurerm_subscription.primary.id
role_definition_name = "READER"
principal_id = each.key
}
resource "azurerm_role_assignment" "example" {
for_each = toset(local.principal_ids)
scope = data.azurerm_subscription.primary.id
role_definition_name = "Custom_role"
principal_id = each.key
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/317627.html
標籤:天蓝色 Kubernetes 地形 azure-rm