我有一个 yaml 文件,如下所示
sites:
- name: site1
counter: "001"
keyvaults:
- name: "KV1"
role_id: "0023"
access_policies:
SP1:
object_id: "0000-0000-0000-00000"
tenant_id: "xxxx-xxxx-xxxx-xxxx"
certificate_permissions: ["Get"]
key_permissions: []
storage_permissions: []
secret_permissions: ["Get"]
但是阅读此内容的 terraform 代码是
locals {
sites = yamldecode(file("${path.module}/sites.yaml"))["sites"]
keyvaults = merge(flatten([
for site in local.sites : {
for keyvault in site.keyvaults : "${site.name}-${keyvault.name}" => {
keyvault_name = keyvault.name
keyvault_role_id = keyvault.role_id
counter = site.counter
access_policies = keyvault.access_policies
}
}
])...)
}
但是,当我执行“terraform plan”时,它失败了:
Error: Unsupported attribute
│
│ on appservice_env.tf line 66, in locals:
│ 66: for policy_name, policy in tomap(keyvault.access_policies) :
policy_name => {
│
│ This object does not have an attribute named "access_policies".
TL;DR 您的问题可能是由 yaml 文件中没有
access_policies代替:
for policy_name, policy in keyvault.access_policies
尝试:
for policy_name, policy in try(keyvault.access_policies, [])
考虑以下文件 -sites.yaml:
sites:
- name: site1
counter: "001"
keyvaults:
- name: "KV1"
role_id: "0023"
access_policies:
SP1:
object_id: "0000-0000-0000-00000"
tenant_id: "xxxx-xxxx-xxxx-xxxx"
certificate_permissions: ["Get"]
key_permissions: []
storage_permissions: []
secret_permissions: ["Get"]
- name: site2
counter: "002"
keyvaults:
- name: "KV2"
role_id: "0024"
将输出变量添加到原始代码中:
locals {
sites = yamldecode(file("${path.module}/sites.yaml"))["sites"]
keyvaults = merge(flatten([
for site in local.sites : {
for keyvault in site.keyvaults : "${site.name}-${keyvault.name}" => {
keyvault_name = keyvault.name
keyvault_role_id = keyvault.role_id
counter = site.counter
access_policies = {
for policy_name, policy in keyvault.access_policies == null : policy_name => {
tenant_id = policy.tenant_id
object_id = policy.object_id
key_permissions = policy.key_permissions
secret_permissions = policy.secret_permissions
certificate_permissions = policy.certificate_permissions
storage_permissions = policy.storage_permissions
}
}
}
}
])...)
}
output "keyvaults" {
value = local.keyvaults
}
terraform planError: Unsupported attribute
on main.tf line 11, in locals:
11: for policy_name, policy in keyvault.access_policies : policy_name => {
This object does not have an attribute named "access_policies".
locals {
sites = yamldecode(file("${path.module}/sites.yaml"))["sites"]
keyvaults = merge(flatten([
for site in local.sites : {
for keyvault in site.keyvaults : "${site.name}-${keyvault.name}" => {
keyvault_name = keyvault.name
keyvault_role_id = keyvault.role_id
counter = site.counter
access_policies = {
for policy_name, policy in try(keyvault.access_policies, []) : policy_name => {
tenant_id = policy.tenant_id
object_id = policy.object_id
key_permissions = policy.key_permissions
secret_permissions = policy.secret_permissions
certificate_permissions = policy.certificate_permissions
storage_permissions = policy.storage_permissions
}
}
}
}
])...)
}
output "keyvaults" { value = local.keyvaults }
terraform planChanges to Outputs:
+ keyvaults = {
+ site1-KV1 = {
+ access_policies = {
+ SP1 = {
+ certificate_permissions = [
+ "Get",
]
+ key_permissions = []
+ object_id = "0000-0000-0000-00000"
+ secret_permissions = [
+ "Get",
]
+ storage_permissions = []
+ tenant_id = "xxxx-xxxx-xxxx-xxxx"
}
}
+ counter = "001"
+ keyvault_name = "KV1"
+ keyvault_role_id = "0023"
}
+ site2-KV2 = {
+ access_policies = {}
+ counter = "002"
+ keyvault_name = "KV2"
+ keyvault_role_id = "0024"
}
}