如何在 Terraform 中的 azurerm_storage_account 或 azurerm_storage_account_network_rules 中传递多子网 ID
问题描述 投票:0回答:1
我正在尝试使用 Terraform 在 Azure 中创建存储帐户,但似乎无法将 virtual_network_subnet_ids 动态传递到 network_rules 块或 azurerm_storage_account_network_rules 资源块中。 它似乎不喜欢将动态块添加到 azurerm_storage_account 中,声明“不允许超过 1 个“network_rules”块”。 我有多个存储帐户,并尝试通过传递带有子网名称的变量来划分子网。
terraform.tfvars
sa = {
sta1 = {
name = "storageacct001"
resource_group_name = "rg1"
account_kind = "StorageV2"
account_tier = "Standard"
replication_type = "LRS"
access_tier = "Hot"
enable_hierarchical_ns = false
enable_sftp = false
enable_large_file_share = false
billingTag = "billing_project"
systemTag = "Azure"
componentTag = "Database Backup Files"
subnets = [
"subnet1",
"subnet2",
"subnet3",
"subnet4",
"subnet5",
"subnet6"
]
}
}
仅使用存储帐户资源块而不调用模块,我似乎每次构建此模块时都会遇到错误。
azurerm_storage_account
resource "azurerm_storage_account" "sa" {
name = var.sa.sta1.name
""
""
""
network_rules {
default_action = var.default_network_rule
bypass = var.traffic_bypass
ip_rules = var.aamva_vpn_ip_address
dynamic "virtual_network_subnet_ids" {
for_each = var.sa.sta1.subnets
content {
virtual_network_subnet_ids = [data.azurerm_subnet.vnet-subnets[virtual_network_subnet_ids.value].id]
}
}
}
}
Error: Unsupported block type
│
│ on sa.tf line 34, in resource "azurerm_storage_account" "sa":
│ 34: dynamic "virtual_network_subnet_ids" {
│
│ Blocks of type "virtual_network_subnet_ids" are not expected here.
resource "azurerm_storage_account" "sa" {
name = var.sa.sta1.name
""
""
""
dynamic "network_rules" {
for_each = var.sa.sta1.subnets
content {
default_action = var.default_network_rule
bypass = var.traffic_bypass
ip_rules = var.aamva_vpn_ip_address
virtual_network_subnet_ids = [data.azurerm_subnet.vnet-subnets[network_rules.value].id]
}
}
│ Error: Too many network_rules blocks
│
│ on sa.tf line 32, in resource "azurerm_storage_account" "sa":
│ 32: content {
│
│ No more than 1 "network_rules" blocks are allowed
azurerm_storage_account_network_rules
resource "azurerm_storage_account_network_rules" "sa" {
storage_account_id = azurerm_storage_account.sa.id
""
""
""
dynamic "virtual_network_subnet_ids" {
for_each = var.sa.sta1.subnets
content {
virtual_network_subnet_ids = [data.azurerm_subnet.vnet-subnets[virtual_network_subnet_ids.value].id]
}
}
}
│ Error: Unsupported block type
│
│ on sa.tf line 43, in resource "azurerm_storage_account_network_rules" "sa":
│ 43: dynamic "virtual_network_subnet_ids" {
│
│ Blocks of type "virtual_network_subnet_ids" are not expected here.
resource "azurerm_storage_account" "sa" {
name = var.sa.sta1.name
""
""
""
network_rules {
default_action = var.default_network_rule
bypass = var.traffic_bypass
ip_rules = var.aamva_vpn_ip_address
}
lifecycle {
ignore_changes = [
network_rules
]
}
}
resource "azurerm_storage_account_network_rules" "sa-subnet" {
for_each = toset(var.sa.sta1.subnets)
storage_account_id = azurerm_storage_account.sa.id
default_action = var.default_network_rule
bypass = var.traffic_bypass
virtual_network_subnet_ids = [data.azurerm_subnet.vnet-subnets[each.value].id]
}
Plan: 7 to add, 0 to change, 0 to destroy.
│ Error: A resource with the ID "/subscriptions/<tenant>/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/storageacct001" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_storage_account_network_rule" for more information.
│
│ with azurerm_storage_account_network_rules.sa-subnet["subnet1"],
│ on sa.tf line 43, in resource "azurerm_storage_account_network_rules" "sa-subnet":
│ 43: resource "azurerm_storage_account_network_rules" "sa-subnet" {
│
╵
╷
│ Error: A resource with the ID "/subscriptions/<tenant>/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/storageacct001" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_storage_account_network_rule" for more information.
│
│ with azurerm_storage_account_network_rules.sa-subnet["subnet2"],
│ on sa.tf line 43, in resource "azurerm_storage_account_network_rules" "sa-subnet":
│ 43: resource "azurerm_storage_account_network_rules" "sa-subnet" {
│
╵
╷
│ Error: A resource with the ID "/subscriptions/<tenant>/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/storageacct001" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_storage_account_network_rule" for more information.
│
│ with azurerm_storage_account_network_rules.sa-subnet["subnet3"],
│ on sa.tf line 43, in resource "azurerm_storage_account_network_rules" "sa-subnet":
│ 43: resource "azurerm_storage_account_network_rules" "sa-subnet" {
│
我不确定如何将子网名称列表中的subnet_ids 动态传递到存储帐户network_rule 中。 似乎我可以部署此功能的唯一方法是将subnet_ids 硬编码到 terraform.vars 文件中的子网块中。 非常感谢任何帮助!此外,sa 变量中会有更多存储帐户,我只列出了一个。
1个回答
0
投票
投票
在 Terraform 中的 azurerm_storage_account 或 azurerm_storage_account_network_rules 中传递多个子网 ID
问题似乎出在你通过的方式上 virtual_network_subnet_ids 当您尝试动态传递它们时。
要为
network_rules配置:
data "azurerm_virtual_network" "vnet" {
name = "testsamplevnet"
resource_group_name = data.azurerm_resource_group.rg.name
}
data "azurerm_subnet" "vnet_subnets" {
for_each = toset(var.sa.sta1.subnets)
name = each.key
virtual_network_name = data.azurerm_virtual_network.vnet.name
resource_group_name = data.azurerm_resource_group.rg.name
}
resource "azurerm_storage_account" "sa" {
name = var.sa.sta1.name
resource_group_name = data.azurerm_resource_group.rg.name
location = data.azurerm_resource_group.rg.location
account_tier = var.sa.sta1.account_tier
account_replication_type = var.sa.sta1.replication_type
account_kind = var.sa.sta1.account_kind
access_tier = var.sa.sta1.access_tier
network_rules {
default_action = var.default_network_rule
bypass = var.traffic_bypass
ip_rules = var.aamva_vpn_ip_address
virtual_network_subnet_ids = [for subnet in data.azurerm_subnet.vnet_subnets : subnet.id]
}
tags = {
Billing = var.sa.sta1.billingTag
System = var.sa.sta1.systemTag
Component = var.sa.sta1.componentTag
}
}
部署:
参考:
https://developer.hashicorp.com/terraform/language/expressions/for
https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks
最新问题
- 为什么我的 JavaScript 中的 setTimeout 函数无法正确执行多轮下载?
- 学习 Python:为什么在使用 try 和 except 时会发生这种情况以及如何修复它?
- 从 asm 返回一个 double 到 c
- 如何在没有thymeleaf的Spring Boot中返回html页面
- 在C++中使用memset作为结构体数组
- JPA 多对多,仅包含 id 列表
- 对事件做出反应本机播放声音
- 为什么函数模板的这种自定义类型特征检查不起作用?
- 在 Raspbian 上部署 .NET 项目
- 使用 shell 替换文件中变量的值
- AdMob 中介中的待处理事项
- 创建时是否可以将图像从 Google Sheets 获取到 Google Docs 模板
- MDUI 按钮无法在 Stencil Web 组件中正确渲染
- 如何在 SolidJS 中强制重新渲染引用
- 扩展`polars`中的结构列列表
- 这种情况下mysql为什么不使用索引呢?
- 如何使用 terraform 生成用于 Firebase 身份验证的 AdminSDK (ADC) 凭据?
- 实体框架:错误:无法从文件 [...]/appsettings.json 加载配置;无法创建类型为“DbContext”的
- 从 Excel 或 CSV 创建 Concept2 ErgRace 文件
- Astro 中的 React 组件无法工作,无法访问环境变量
© www.soinside.com 2019 - 2024. All rights reserved.