terraform如何使用条件if in for_将每个对象映射到地图对象中

terraform如何使用条件if in for_将每个对象映射到地图对象中,terraform,Terraform,我有这样的变量映射: users.tfvars users = { "testterform" = { path = "/" force_destroy = true email_address = "testterform@example.com" group_memberships = [ "test1" ] tags = { department :

我有这样的变量映射:

users.tfvars

users = {
  "testterform" = {
    path          = "/"
    force_destroy = true
    email_address = "testterform@example.com"
    group_memberships = [ "test1" ]
    tags = { department : "test" }
    ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAA4l7"
  }

  "testterform2" = {
    path          = "/"
    force_destroy = true
    email_address = "testterform2@example.com"
    group_memberships = [ "test1" ]
    tags = { department : "test" }
    ssh_public_key = ""
  }

我只想在用户的
ssh\u public\u key
不为空时上载ssh密钥。但我不知道如何检查这个

#main.tf


您可以使用for循环排除这些空格。
例如,您可以在本地执行此操作:

variable "users" {
  default = {
    "testterform" = {
      path           = "/"
      force_destroy  = true
      tags           = { department : "test" }
      ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAA4l7"
    }
    "testterform2" = {
      path           = "/"
      force_destroy  = true
      tags           = { department : "test" }
      ssh_public_key = ""
    }
  }
}

locals {
  public_key = flatten([
    for key, value in var.users : 
      value.ssh_public_key if ! contains([""], value.ssh_public_key)
  ])
}

output "myout" {
  value = local.public_key
}
这将产生:

myout = [
  "ssh-rsa AAAAB3NzaC1yc2EAAA4l7",
]
如您所见,空的内容已被删除,您可以在包含数组的内容中添加其他要排除的内容。

然后您可以在
for_each
中为您的ssh密钥使用
local.public_密钥
,听起来您需要的是一个派生的“具有非空ssh密钥的用户”映射。可以使用的
if
子句从现有集合派生新集合,同时过滤掉一些元素:

resource "aws_iam_user_ssh_key" "this" {
  for_each = {
    for name, user in var.users : name => user
    if user.ssh_public_key != ""
  }

  username   = each.key
  encoding   = "SSH"
  public_key = each.value.ssh_public_key

  depends_on = [aws_iam_user.this]
}

这里的派生映射使用与原始
var.users
相同的键和值,但只是缺少其中一些。这意味着
each.key
结果将相互关联,因此您仍将获得与预期相同的
username
值,并且您的实例将具有类似
aws\u iam\u user\u ssh\u key的地址。这个[“testterform”]

不是我所需要的,但您给了我另一个案例的想法。谢谢。这个答案完全符合我的需要,谢谢。我们已经重新组织了表达式文档,使其不那么滚动。对于任何正在查看的人,表达式的新页面是。
resource "aws_iam_user_ssh_key" "this" {
  for_each = {
    for name, user in var.users : name => user
    if user.ssh_public_key != ""
  }

  username   = each.key
  encoding   = "SSH"
  public_key = each.value.ssh_public_key

  depends_on = [aws_iam_user.this]
}