Question

我正在尝试使用azuremrm资源storage_share实例化azure storage_share映射。通过设计，我需要能够实例化同一块的多个存储共享。这些股份中的每一个都可能有“ acl”部分。

我正在考虑使用for_each结合动态块来解决此问题，如相关的SE问题：

Main.tf

resource "azurerm_storage_share" "storage_share" {
  for_each             = var.storage_share_map
  name                 = each.key
  storage_account_name = azurerm_storage_account.sa.name
  quota                = each.value.quota

  dynamic "acl" {
    for_each = each.value.acl
    content {
      id = acl.value.id

      access_policy {
        permissions = acl.value.access_policy.permissions
        start       = acl.value.access_policy.start
        expiry      = acl.value.access_policy.expiry
      }
    }
  }

该变量将定义为：

variable "storage_share_map" {
  type = map(object({
    quota = number,
    acl = object({
      id = string,
      access_policy = object({
        expiry      = string,
        permissions = string,
        start       = string
      })
    }),
  }))
  default     = {}
}

，后来在我的测试中将其参数化为：

storage_share_map = { 
  my-share-2 = {
    quota = 123,
    acl = {
      id = "a-id",
      access_policy = {
        expiry      = "ISO8061 UTC TIME"
        permissions = "rwdl"
        start       = "ISO8601 UTC TIME"
      },
    },
  }

但是，在测试时，terraform返回以下输出：

Error: Unsupported attribute

  on .terraform\modules\sa\main.tf line 83, in resource "azurerm_storage_share" "storage_share":
  83:       id = acl.value.id
    |----------------
    | acl.value is object with 3 attributes

This object does not have an attribute named "id".


Error: Unsupported attribute

  on .terraform\modules\sa\main.tf line 83, in resource "azurerm_storage_share" "storage_share":
  83:       id = acl.value.id
    |----------------
    | acl.value is "a-id"

This value does not have any attributes.


Error: Unsupported attribute

  on .terraform\modules\sa\main.tf line 86, in resource "azurerm_storage_share" "storage_share":
  86:         permissions = acl.value.access_policy.permissions
    |----------------
    | acl.value is object with 3 attributes

This object does not have an attribute named "access_policy".


Error: Unsupported attribute

  on .terraform\modules\sa\main.tf line 86, in resource "azurerm_storage_share" "storage_share":
  86:         permissions = acl.value.access_policy.permissions
    |----------------
    | acl.value is "a-id"

This value does not have any attributes.

据我了解，这里的问题是动态块内的for_each格式不正确或行为不正确：acl.value似乎都被视为字符串“ a-id”，并带有三个属性（？）。 / p>

Terraform 版本0.12.26 Azurerm 版本2.26.0

任何见识都会受到赞赏。

相关问题： Dynamic block with for_each inside a resource created with a for_each

Answer 1

请为each.value.acl使用方括号。

Azure存储共享块应如下所示：

resource "azurerm_storage_share" "storage_share" {
  for_each             = var.storage_share_map
  name                 = each.key
  storage_account_name = azurerm_storage_account.sa.name
  quota                = each.value.quota

  dynamic "acl" {
    for_each = [each.value.acl]
    content {
      id = acl.value.id

      access_policy {
        permissions = acl.value.access_policy.permissions
        start       = acl.value.access_policy.start
        expiry      = acl.value.access_policy.expiry
      }
    }
  }
}

Answer 2

通过使用default_在动态块中进行迭代，可以迭代for_each = each.value.acl类型中的值。看来您确实想遍历object本身。您需要将类型调整为：

acl

您可以从错误消息中得知，当前它是在variable "storage_share_map" { type = map(object({ quota = number, acl = list(object({ ... })) })), }然后在id上进行迭代，并且找不到每个请求的两个属性，这就是为什么您有2 * 2 = 4的原因错误。

您可以相应地将输入调整为：

access_policy

这将实现您想要的行为。

请注意，Terraform 0.12有时在嵌套对象类型规范方面存在问题，因此在某些情况下将storage_share_map = { my-share-2 = { quota = 123, acl = [{ id = "a-id", access_policy = { expiry = "ISO8061 UTC TIME" permissions = "rwdl" start = "ISO8601 UTC TIME" }, }], }与acl省略可能会导致崩溃。

for_each

2 个答案: