terraform - locals.tf 文件 - 解析 jsonencode 正文
问题描述
想知道有没有人跑过解决它。因此,我需要能够生成当前可通过 API 列出的出口 CIDR 块列表。示例输出如下:
[
{
"description": "blahnet-public-acl",
"metadata": {
"broadcast": "192.168.1.191",
"cidr": "192.168.1.128/26",
"ip": "192.168.1.128",
"ip_range": {
"start": "192.168.1.128",
"end": "192.168.1.191"
},
"netmask": "255.255.255.192",
"network": "192.168.1.128",
"prefix": "26",
"size": "64"
}
},
{
"description": "blahnet-public-acl",
"metadata": {
"broadcast": "192.168.160.127",
"cidr": "192.168.160.0/25",
"ip": "192.168.160.0",
"ip_range": {
"start": "192.168.160.0",
"end": "192.168.160.127"
},
"netmask": "255.255.255.128",
"network": "192.168.160.0",
"prefix": "25",
"size": "128"
}
}
]
所以,我需要将其转换为 Azure 防火墙
###############################################################################
# Firewall Rules - Allow Access To TEST VMs
###############################################################################
resource "azurerm_firewall_network_rule_collection" "azure-firewall-azure-test-access" {
for_each = local.egress_ips
name = "azure-firewall-azure-test-rule"
azure_firewall_name = azurerm_firewall.public_to_test.name
resource_group_name = var.resource_group_name
priority = 105
action = "Allow"
rule {
name = "test-access"
source_addresses = local.egress_ips[each.key]
destination_ports = ["43043"]
destination_addresses = ["172.16.0.*"]
protocols = [ "TCP"]
}
}
因此,底线是允许的 IP 地址必须是“ source_addresses ”参数的字符串列表,例如:
["192.168.44.0/24","192.168.7.0/27","192.168.196.0/24","192.168.229.0/24","192.168.138.0/25",]
我配置了 data_sources.tf文件:
data "http" "allowed_networks_v1" {
url = "https://testapiserver.com/api/allowed/networks/v1"
}
...在locals.tf中,我需要配置
locals {
allowed_networks_json = jsondecode(data.http.allowed_networks_v1.body)
egress_ips = ...
}
...这就是我卡住的地方。如何解析locals.tf文件中的数据,以便我可以从 TF 中引用它?
谢谢一公吨!!
解决方案
我假设您所指的字符串列表是下面的对象:metadata.cidr
我们可以在本地使用 for 循环提取它,并且还可以做一个不同的,以防万一我们得到重复。
这是一个示例代码
data "http" "allowed_networks_v1" {
url = "https://raw.githack.com/heldersepu/hs-scripts/master/json/networks.json"
}
locals {
allowed_networks_json = jsondecode(data.http.allowed_networks_v1.body)
distinct_cidrs = distinct(flatten([
for key, value in local.allowed_networks_json : [
value.metadata.cidr
]
]))
}
output "data" {
value = local.distinct_cidrs
}
这是一个计划的输出:
terraform plan
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
Terraform will perform the following actions:
Plan: 0 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ data = [
+ "192.168.1.128/26",
+ "192.168.160.0/25",
]
这是您的第二个示例的代码:
data "http" "allowed_networks_v1" {
url = "https://raw.githack.com/akamalov/testfile/master/networks.json"
}
locals {
allowed_networks_json = jsondecode(data.http.allowed_networks_v1.body)
distinct_cidrs = distinct(flatten([
for key, value in local.allowed_networks_json.egress_nat_ranges : [
value.metadata.cidr
]
]))
}
output "data" {
value = local.distinct_cidrs
}
推荐阅读
- django - 没有名为设置错误的模块 django elastic beanstalk
- javascript - Wickedpicker 总是显示当前时间
- ios - 在应用程序无限期处于后台状态时调用 RESTful API
- react-native - 如何在 react native + asp core web api 和身份服务器上设置登录为 Google 帐户作为中间件
- python - 使用 Eigen 库计算 C++ 中多项式的根
- r - 如何使用 R 将一个向量中的多个数据组合成一个数据?
- sql - 基于朋友去的事件的数据库查询
- javascript - React 功能组件 - 说它不是功能
- javascript - 如果找不到元素,将变量设置为 getElementById 的值或默认值的最简洁方法是什么?
- python - 从python中的类访问布尔值