时间戳

首页 > 解决方案 > locals.tf 文件 - 解析 jsonencode 正文

terraform - locals.tf 文件 - 解析 jsonencode 正文

问题描述

想知道有没有人跑过解决它。因此,我需要能够生成当前可通过 API 列出的出口 CIDR 块列表。示例输出如下:

[
   {
      "description": "blahnet-public-acl",
      "metadata": {
        "broadcast": "192.168.1.191",
        "cidr": "192.168.1.128/26",
        "ip": "192.168.1.128",
        "ip_range": {
          "start": "192.168.1.128",
          "end": "192.168.1.191"
        },
        "netmask": "255.255.255.192",
        "network": "192.168.1.128",
        "prefix": "26",
        "size": "64"
      }
    },
    {
      "description": "blahnet-public-acl",
      "metadata": {
        "broadcast": "192.168.160.127",
        "cidr": "192.168.160.0/25",
        "ip": "192.168.160.0",
        "ip_range": {
          "start": "192.168.160.0",
          "end": "192.168.160.127"
        },
        "netmask": "255.255.255.128",
        "network": "192.168.160.0",
        "prefix": "25",
        "size": "128"
      }
    }
  ]

所以,我需要将其转换为 Azure 防火墙

###############################################################################
# Firewall Rules - Allow Access To TEST VMs
###############################################################################

resource "azurerm_firewall_network_rule_collection" "azure-firewall-azure-test-access" {
  for_each = local.egress_ips
  name                = "azure-firewall-azure-test-rule"
  azure_firewall_name = azurerm_firewall.public_to_test.name
  resource_group_name = var.resource_group_name
  priority            = 105
  action              = "Allow"

  rule {
    name = "test-access"
    source_addresses = local.egress_ips[each.key]
    destination_ports = ["43043"]
    destination_addresses = ["172.16.0.*"]
    protocols = [ "TCP"]
  }
}

因此,底线是允许的 IP 地址必须是“ source_addresses ”参数的字符串列表,例如:

["192.168.44.0/24","192.168.7.0/27","192.168.196.0/24","192.168.229.0/24","192.168.138.0/25",]

我配置了 data_sources.tf文件:

data "http" "allowed_networks_v1" {
  url = "https://testapiserver.com/api/allowed/networks/v1"
}

...在locals.tf中,我需要配置

locals {

  allowed_networks_json     = jsondecode(data.http.allowed_networks_v1.body)
  egress_ips = ...
}

...这就是我卡住的地方。如何解析locals.tf文件中的数据,以便我可以从 TF 中引用它?

谢谢一公吨!!

标签: terraformterraform-provider-azure

解决方案

我假设您所指的字符串列表是下面的对象:metadata.cidr我们可以在本地使用 for 循环提取它,并且还可以做一个不同的,以防万一我们得到重复。

这是一个示例代码

data "http" "allowed_networks_v1" {
  url = "https://raw.githack.com/heldersepu/hs-scripts/master/json/networks.json"
}

locals {
  allowed_networks_json = jsondecode(data.http.allowed_networks_v1.body)

  distinct_cidrs = distinct(flatten([
    for key, value in local.allowed_networks_json : [
      value.metadata.cidr
    ]
  ]))
}

output "data" {
  value = local.distinct_cidrs
}

这是一个计划的输出:

terraform plan

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:

Terraform will perform the following actions:

Plan: 0 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + data = [
      + "192.168.1.128/26",
      + "192.168.160.0/25",
    ]

这是您的第二个示例的代码:

data "http" "allowed_networks_v1" {
  url = "https://raw.githack.com/akamalov/testfile/master/networks.json"
}

locals {
  allowed_networks_json = jsondecode(data.http.allowed_networks_v1.body)

  distinct_cidrs = distinct(flatten([
    for key, value in local.allowed_networks_json.egress_nat_ranges : [
      value.metadata.cidr
    ]
  ]))
}

output "data" {
  value = local.distinct_cidrs
}

推荐阅读