根據區域在terraform中創建角色分配-有解無憂

我正在 Terraform 上尋找解決方案，用于創建角色分配并根據區域選擇主體 ID。如果我將代碼運行到中國，變數應該是“local.principal_ids_cn”，如果是全域變數，則必須“local.principal_ids”..我確實有一個環境變數，其中geo將根據集群名稱設定..所以“如果geo = cn使用local.principal_ids_cn，否則使用local.principal_ids”如何將其合并到terraform中?

這是我的輸入檔案：


    "applications" : [
        {
            "principal_id" : "00000000-000000-global-000000000000", 
            "principal_id_cn" : "00000000-000000-china-000000000000",

        }
]
}

我的資源塊如下所示：

locals {
# get json
role_data = jsondecode(file(var.inputfile))
principal_ids = distinct([for principal in local.role_data.applications : principal.principal_id])
principal_ids_cn = distinct([for principal_cn in local.role_data.applications : principal.principal_id_cn])
}

data "azurerm_subscription" "primary" {}

resource "azurerm_role_assignment" "custom" {
  for_each = toset(local.principal_ids)
  scope = data.azurerm_subscription.primary.id
  role_definition_name = var.custom_role
  principal_id = each.key
}

resource "azurerm_role_assignment" "builtin" {
  for_each = toset(local.principal_ids)
  scope = data.azurerm_subscription.primary.id
  role_definition_name = var.builtin_role
  principal_id = each.key
}

變數.tf：

variable "custom_role" {
  type = string
  description = "custom role"
  default = "READER"
}

variable "builtin_role" {
  type = string
  description = "builtin role"
  default = "My_built_in_role"
}

是否有可能根據地區（中國和全球）切換區域變數？任何建議都包含如何實作這一目標的想法？

uj5u.com熱心網友回復：

您可以在 Terraform 中使用條件運算式來實作“if geo = cn 使用 local.principal_ids_cn，否則使用 local.principal_ids”的邏輯

資源塊的 Terraform 代碼：

locals {
# get json
  role_data = jsondecode(file(var.inputfile))
  principal_ids = distinct([for principal in local.role_data.applications : principal.principal_id])
  principal_ids_cn = distinct([for principal_cn in local.role_data.applications : principal.principal_id_cn])
  principal = (var.geo == "cn" ? local.principal_ids_cn : local.principal_ids)
}

data "azurerm_subscription" "primary" {}

resource "azurerm_role_assignment" "custom" {
  for_each = toset(local.principal_ids)
  scope = data.azurerm_subscription.primary.id
  role_definition_name = var.custom_role
  principal_id = each.key
}

resource "azurerm_role_assignment" "builtin" {
  for_each = toset(local.principal_ids)
  scope = data.azurerm_subscription.primary.id
  role_definition_name = var.builtin_role
  principal_id = each.key
}

https://www.terraform.io/docs/language/expressions/conditionals.html

轉載請註明出處，本文鏈接：https://www.uj5u.com/yidong/340928.html

標籤：天蓝色 Kubernetes 地形

上一篇：在KQL中是否有“strcat_if”函式？

下一篇：如何訪問直接放在kuduhome/site/wwwroot中的html頁面？