如何解决terraform如何在for_each中使用条件转换为地图对象
我有这样的变量映射:
users.tfvars
users = {
"testterform" = {
path = "/"
force_destroy = true
email_address = "testterform@example.com"
group_memberships = [ "test1" ]
tags = { department : "test" }
ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAA4l7"
}
"testterform2" = {
path = "/"
force_destroy = true
email_address = "testterform2@example.com"
group_memberships = [ "test1" ]
tags = { department : "test" }
ssh_public_key = ""
}
仅当ssh_public_key
用户不为空时,我才想上传ssh密钥。但是不知道如何检查
#main.tf
resource "aws_iam_user" "this" {
for_each = var.users
name = each.key
path = each.value["path"]
force_destroy = each.value["force_destroy"]
tags = merge(each.value["tags"],{ Provisioner : var.provisioner,EmailAddress : each.value["email_address"] })
}
resource "aws_iam_user_group_membership" "this" {
for_each = var.users
user = each.key
groups = each.value["group_memberships"]
depends_on = [ aws_iam_user.this ]
}
resource "aws_iam_user_ssh_key" "this" {
for_each = var.users
username = each.key
encoding = "SSH"
public_key = each.value["ssh_public_key"]
depends_on = [ aws_iam_user.this ]
}
解决方法
您可以使用for循环排除这些空格。
例如,您可以在本地执行此操作:
variable "users" {
default = {
"testterform" = {
path = "/"
force_destroy = true
tags = { department : "test" }
ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAA4l7"
}
"testterform2" = {
path = "/"
force_destroy = true
tags = { department : "test" }
ssh_public_key = ""
}
}
}
locals {
public_key = flatten([
for key,value in var.users :
value.ssh_public_key if ! contains([""],value.ssh_public_key)
])
}
output "myout" {
value = local.public_key
}
将输出:
myout = [
"ssh-rsa AAAAB3NzaC1yc2EAAA4l7",]
如您所见,空的已被删除,并且您可以添加要排除在包含数组的其他内容。
然后,您可以将local.public_key
中的for_each
用于ssh密钥
听起来您在这里需要的是派生的“具有非空SSH密钥的用户”映射。您可以使用for
expression的if
子句从现有集合中派生新集合,同时过滤掉某些元素:
resource "aws_iam_user_ssh_key" "this" {
for_each = {
for name,user in var.users : name => user
if user.ssh_public_key != ""
}
username = each.key
encoding = "SSH"
public_key = each.value.ssh_public_key
depends_on = [aws_iam_user.this]
}
此处的派生映射使用与原始var.users
相同的键和值,但只缺少其中一些。这意味着each.key
的结果将相互关联,因此您仍将获得与预期相同的username
值,并且您的实例将具有类似aws_iam_user_ssh_key.this["testterform"]
的地址。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。