我的变量文件如下
team_namespace = {
namespace-team1 = [
{
group_name = "group1"
team_policy = "namespace-del.hcl"
},
{
group_name = "group2"
team_policy = "namespace-eng.hcl"
}
],
namespace-team2 = [
{
group_name = "group3"
team_policy = "namespace-del.hcl"
},
{
group_name = "group4"
team_policy = "namespace-eng.hcl"
}
]
}
module "vault_policies" {
for_each = var.team_namespace
source = "./../../modules/vault-policies"
team_name = each.value.group_name
team_namespace = each.key
team_policy = file(format("./policies/%s", each.value.team_policy))
depends_on = [module.vault_namespace]
}
我的输出仅显示组 1 资源,但不显示组 2,3,4
我该怎么做才能让它发挥作用?
我希望每个命名空间都可以向 AD 组分配多个策略
你必须展平你的变量:
locals {
flat_team_namespace = merge([
for namespace, teams in var.team_namespace: {
for team in teams:
"${namespace}-${team.group_name}" => {
namespace_name = namespace
group_name = team.group_name
team_policy = team.team_policy
}
}
]...) # do NOT remove the dots
}
然后
module "vault_policies" {
for_each = var.flat_team_namespace
source = "./../../modules/vault-policies"
team_name = each.value.group_name
team_namespace = each.value.namespace_name
team_policy = file(format("./policies/%s", each.value.team_policy))
depends_on = [module.vault_namespace]
}