在terraform中,如何在多个源组合的资源组ID上运行_?
我首先从以下代码开始:在terraform中,如何在多个源组合的资源组ID上运行_?,terraform,Terraform,我首先从以下代码开始: resource "azurerm_role_assignment" "pod_sp" { for_each = toset(concat( [for component in local.components: tostring(azurerm_resource_group.setup[component].id)], [tostring(module.component_remote_state.rg_id)]
resource "azurerm_role_assignment" "pod_sp" {
for_each = toset(concat(
[for component in local.components: tostring(azurerm_resource_group.setup[component].id)],
[tostring(module.component_remote_state.rg_id)]
))
scope = each.value
role_definition_id = data.azurerm_role_definition.contributor.id
principal_id = azuread_service_principal.pod_sp.id
}
Error: Invalid for_each set argument
on ..\..\modules\bootstrap\to_inject.tf line 58, in resource "azurerm_role_assignment" "pod_sp":
58: for_each = toset(concat(
59: [for component in local.components: tostring(azurerm_resource_group.setup[component].id)],
60: [tostring(module.component_remote_state.rg_id)]
61: ))
The given "for_each" argument value is unsuitable: "for_each" supports maps
and sets of strings, but you have provided a set containing type dynamic.
Error: Invalid for_each argument
on ..\..\modules\bootstrap\to_inject.tf line 59, in resource "azurerm_role_assignment" "pod_sp":
59: for_each = {for k in concat(
60: [for component in local.components: tostring(azurerm_resource_group.setup[component].id)],
61: [tostring(module.component_remote_state.rg_id)]
62: ): k => k}
The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.
resource "azurerm_role_assignment" "pod_sp" {
for_each = {for k in concat(
[for component in local.components: tostring(azurerm_resource_group.setup[component].id)],
[tostring(module.component_remote_state.rg_id)]
): k => k}
scope = each.value
role_definition_id = data.azurerm_role_definition.contributor.id
principal_id = azuread_service_principal.pod_sp.id
}
Error: Invalid for_each set argument
on ..\..\modules\bootstrap\to_inject.tf line 58, in resource "azurerm_role_assignment" "pod_sp":
58: for_each = toset(concat(
59: [for component in local.components: tostring(azurerm_resource_group.setup[component].id)],
60: [tostring(module.component_remote_state.rg_id)]
61: ))
The given "for_each" argument value is unsuitable: "for_each" supports maps
and sets of strings, but you have provided a set containing type dynamic.
Error: Invalid for_each argument
on ..\..\modules\bootstrap\to_inject.tf line 59, in resource "azurerm_role_assignment" "pod_sp":
59: for_each = {for k in concat(
60: [for component in local.components: tostring(azurerm_resource_group.setup[component].id)],
61: [tostring(module.component_remote_state.rg_id)]
62: ): k => k}
The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.
本地时说“无法预测”。组件是众所周知的:
locals {
components = toset(["web", "data"])
}
是否可以在不需要首先对目标运行apply的情况下使其工作?此处不可预测的部分是来自azurerm\u资源组的id
属性值。安装程序
。因为您将这些元素用作地图中的一些关键点,结果是一个关键点集不完全已知的地图,因此Terraform无法确定该地图中最终会有多少元素以及它们的所有关键点是什么
为了实现这一点,我建议使用local.components
中的字符串作为键,因为您注意到这些是配置中的常量,因此保证在规划期间已知:
for_each = merge(
{ for component in local.components : component => azurerm_resource_group.setup[component].id },
{ "from_remote_state" = module.component_remote_state.rg_id },
)
以上假设local.components
永远不会包含来自_remote_state
的字符串,因此可以安全地使用它作为特殊组件名称来处理与其他组件工作方式不同的额外值。由于您比我更了解这方面的要求,因此您可能会发现一个不同的名称更合适,但这里的总体思路是生成一个键都已知的映射,即使某些值不已知:
{
"web": (known after apply),
"data": (known after apply),
"from_remote_state": "<your known rg id from the remote state>",
}
{
“网络”:(应用后已知),
“数据”:(应用后已知),
“从远程状态”:“,
}
由此,Terraform可以看到您打算创建多少资源实例,以及它们的地址必须是什么:
azurerm\u角色分配。pod\u sp[“web”]
azurerm\u角色分配。pod\u sp[“数据”]
azurerm\u角色分配。pod\u sp[“来自远程状态”]
我将测试它。