英文:
Terraform iterate through list within a map of objects
问题
我正在寻求关于如何在对象映射中迭代列表的帮助。
这是我的当前映射:
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
}
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
}
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
}
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
我的最终目标是在每个列表的每个端口上使用 for each。
我在一个 Terraform 模板文件中使用 Go 模板,并且这是我目前的代码,它可以在索引位置为 0 的情况下工作:
%{ for key , value in tunnels }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.ports[0]} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}
非常感谢您的帮助。我一直在研究合并函数,看它是否适用于这种情况。
最终目标是为每个端口创建单独的 dport 规则。
英文:
I am seeking help with iterating through lists within a map of objects.
This is my current map:
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
}
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
}
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
}
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
My end goal is to use a for each over each port in each lists.
I am using go templating in a terraform template file and this is what I currenlty have and it works for the index position of 0
%{ for key , value in tunnels }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.ports[0]} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}
any help would be greatly appreciated. I have been researching the merge function to see if its a good use case for this.
The end goal would be to have a separate dport rule for each port.
答案1
得分: 2
你需要展开 tunnles,可以使用 merge 函数来实现:
variable "tunnels" {
default = {
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
},
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
},
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
},
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
}
locals {
tunnels_flat = merge([
for tunnel_name, tunnel_details in var.tunnels:
{
for idx, port in tunnel_details.ports:
"${tunnel_name}-${port}" => merge({
port = port
}, tunnel_details)
}
]...)
}
然后你可以进行迭代(伪代码):
%{ for key , value in local.tunnels_flat }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.port} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}
英文:
You have to flatten the tunnles, and merge can be used for that:
variable "tunnels" {
default = {
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
},
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
},
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
},
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
}
locals {
tunnels_flat = merge([
for tunnel_name, tunnel_details in var.tunnels:
{
for idx, port in tunnel_details.ports:
"${tunnel_name}-${port}" => merge({
port = port
}, tunnel_details)
}
]...)
}
Then you will iterate (psudo-code):
%{ for key , value in local.tunnels_flat }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.port} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论