我正在尝试开发一个模块,如果变量 DeployPrivateEndpoint == true 将部署专用端点,如果为 false,则不会部署。
我目前有以下代码:
resource "azurerm_container_registry" "ACR" {
count = length(var.ACR_Name)
name = var.ACR_Name[count.index]
resource_group_name = var.resourcegroup_name
location = var.location
sku = var.ACR_Sku
admin_enabled = var.ACR_AdminEnabled
georeplication_locations = var.ACR_GeoRepLocation
}
resource "azurerm_private_dns_zone" "PDZ" {
count = var.DeployPrivateEndpoint == true ? 1 : 0
name = "privatelink.azurecr.io"
resource_group_name = var.resourcegroup_name
}
resource "azurerm_private_endpoint" "PEP" {
count = var.DeployPrivateEndpoint == true ? length(var.PEP_Name) : 0
name = var.PEP_Name[count.index]
location = var.location
resource_group_name = var.resourcegroup_name
subnet_id = element(concat(var.subnet_id[*], [""]), count.index)
private_dns_zone_group {
name = "private-dns-zone-group"
private_dns_zone_ids = element(concat(azurerm_private_dns_zone.PDZ.*.id, [""]), count.index)
}
private_service_connection {
name = var.PEP_Name[count.index]
private_connection_resource_id = element(concat(azurerm_container_registry.ACR.*.id, [""]), count.index)
subresource_names = [ "registry" ]
is_manual_connection = false
}
}
如果变量的值为 false,则此时代码仅在 private_dns_zone_group 部分崩溃。 Terraform 期望提供 private_dns_zone_ids,但由于该变量设置为 false,因此未创建它。我收到以下错误:
Error: Invalid index
on .terraform\modules\containerRegistry\outputs.tf line 10, in output "ACR_PDZID": 10: value = azurerm_private_dns_zone.PDZ.0.id |---------------- | azurerm_private_dns_zone.PDZ is empty tuple
感谢任何帮助!
编辑:
该模块通过如下所示的主程序调用:
terraform {
required_version = ">= 0.13"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "2.47.0"
}
}
}
provider "azurerm" {
subscription_id = "****"
client_id = "****"
client_secret = "*****"
tenant_id = "*****"
features {}
}
module "ResourceGroups" {
source = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/ResourceGroup"
location = var.location
RG_Name = var.RG_Name
}
module "VirtualNetwork" {
source = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/VirtualNetwork"
resourcegroup_name = module.ResourceGroups.RG_Name[0]
location = var.location
VNET_Name = var.vnet_name
VNET_Cidr = var.vnet_cidr
}
module "Subnet" {
source = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/Subnet"
resourcegroup_name = module.ResourceGroups.RG_Name[0]
location = var.location
VNET_name = module.VirtualNetwork.VNET_Name[0]
SNET_cidr = var.subnet_cidr
SNET_name = var.subnet_names
}
module "containerRegistry" {
source = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/ContainerRegistry"
resourcegroup_name = module.ResourceGroups.RG_Name[0]
location = var.location
subnet_id = module.Subnet.SNET_ID
PEP_Name = ["****", "*****"]
ACR_Name = ["****", "*****" ]
ACR_Sku = "Premium"
DeployPrivateEndpoint = false
}
模块的output.tf 文件如下所示:
output "ACR_ID" {
value = azurerm_container_registry.ACR.*.id
}
output "ACR_LoginServer" {
value = azurerm_container_registry.ACR.*.login_server
}
output "ACR_PDZID" {
value = azurerm_private_dns_zone.PDZ.0.id
}
output "ACR_PEPID" {
value = azurerm_private_endpoint.PEP.*.id
}
最佳答案
您应该稍微调整一下 ACR_PDZID 输出,将 0 更改为 *
输出“ACR_PDZID”应如下所示:
output "ACR_PDZID" {
value = azurerm_private_dns_zone.PDZ.*.id
}
关于azure - 动态部署私有(private)端点,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66256816/