Terraform遍历对象映射中的列表。

huangapple go评论75阅读模式
英文:

Terraform iterate through list within a map of objects

问题

我正在寻求关于如何在对象映射中迭代列表的帮助。

这是我的当前映射:


       test125231-test-tunnel   = {
           authby        = "secret"
           auto          = "ondemand"
           customer_name = "test125231"
           dh_ingress_ip = "10.0.1.71"
           esp           = "aes256-sha256-modp2048"
           ike           = "aes256-sha256-modp2048"
           ikelifetime   = 3600
           ikev2         = "no"
           keyexchange   = "ike"
           left          = "%defaultroute"
           leftid        = "10.10.10.10"
           leftsourceip  = "10.0.1.122"
           leftsubnet    = "10.0.0.0/16"
           peer_ip       = "10.10.10.10"
           ports         = [
               "7000",
               "7001",
            ]
           right         = "10.10.10.10"
           rightid       = "10.10.10.10"
           rightsourceip = "10.41.0.191"
           rightsubnet   = "10.41.0.0/16"
           salifetime    = 3600
           tunnel_name   = "test-tunnel"
        }
       test125231-test-tunnel-2 = {
           authby        = "secret"
           auto          = "ondemand"
           customer_name = "test125231"
           dh_ingress_ip = "10.0.1.71"
           esp           = "aes256-sha256-modp2048"
           ike           = "aes256-sha256-modp2048"
           ikelifetime   = 3600
           ikev2         = "no"
           keyexchange   = "ike"
           left          = "%defaultroute"
           leftid        = "3.229.37.95"
           leftsourceip  = "10.0.1.234"
           leftsubnet    = "184.72.223.116/32"
           peer_ip       = "10.10.10.10"
           ports         = [
               "7000",
            ]
           right         = "10.10.10.10"
           rightid       = "10.10.10.10"
           rightsourceip = "10.41.0.191"
           rightsubnet   = "10.41.0.0/16"
           salifetime    = 3600
           tunnel_name   = "test-tunnel-2"
        }
       test125231-test-tunnel-3 = {
           authby        = "secret"
           auto          = "ondemand"
           customer_name = "test125231"
           dh_ingress_ip = "10.0.1.71"
           esp           = "aes256-sha256-modp2048"
           ike           = "aes256-sha256-modp2048"
           ikelifetime   = 3600
           ikev2         = "no"
           keyexchange   = "ike"
           left          = "%defaultroute"
           leftid        = "10.10.10.10"
           leftsourceip  = "10.0.1.234"
           leftsubnet    = "190.72.224.115/32"
           peer_ip       = "10.10.10.10"
           ports         = [
               "7000",
            ]
           right         = "10.10.10.10"
           rightid       = "10.10.10.10"
           rightsourceip = "10.41.0.191"
           rightsubnet   = "10.41.0.0/16"
           salifetime    = 3600
           tunnel_name   = "test-tunnel-3"
        }
       test125231-test-tunnel-4 = {
           authby        = "secret"
           auto          = "ondemand"
           customer_name = "test125231"
           dh_ingress_ip = "10.0.1.71"
           esp           = "aes256-sha256-modp2048"
           ike           = "aes256-sha256-modp2048"
           ikelifetime   = 3600
           ikev2         = "no"
           keyexchange   = "ike"
           left          = "%defaultroute"
           leftid        = "10.10.10.10"
           leftsourceip  = "10.0.1.234"
           leftsubnet    = "10.10.10.10/32"
           peer_ip       = "10.10.10.10"
           ports         = [
               "7000",
            ]
           right         = "10.10.10.10"
           rightid       = "10.10.10.10"
           rightsourceip = "10.41.0.191"
           rightsubnet   = "10.41.0.0/16"
           salifetime    = 3600
           tunnel_name   = "test-tunnel-4"
        }
    }

我的最终目标是在每个列表的每个端口上使用 for each。

我在一个 Terraform 模板文件中使用 Go 模板,并且这是我目前的代码,它可以在索引位置为 0 的情况下工作:

%{ for key , value in tunnels }

-A PREROUTING  -s ${value.leftsourceip} -p tcp --dport ${value.ports[0]}  -j DNAT --to-destination  1.1.1.1:7000

%{ endfor ~}

非常感谢您的帮助。我一直在研究合并函数,看它是否适用于这种情况。

最终目标是为每个端口创建单独的 dport 规则。

英文:

I am seeking help with iterating through lists within a map of objects.

This is my current map:


test125231-test-tunnel   = {
authby        = "secret"
auto          = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp           = "aes256-sha256-modp2048"
ike           = "aes256-sha256-modp2048"
ikelifetime   = 3600
ikev2         = "no"
keyexchange   = "ike"
left          = "%defaultroute"
leftid        = "10.10.10.10"
leftsourceip  = "10.0.1.122"
leftsubnet    = "10.0.0.0/16"
peer_ip       = "10.10.10.10"
ports         = [
"7000",
"7001",
]
right         = "10.10.10.10"
rightid       = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet   = "10.41.0.0/16"
salifetime    = 3600
tunnel_name   = "test-tunnel"
}
test125231-test-tunnel-2 = {
authby        = "secret"
auto          = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp           = "aes256-sha256-modp2048"
ike           = "aes256-sha256-modp2048"
ikelifetime   = 3600
ikev2         = "no"
keyexchange   = "ike"
left          = "%defaultroute"
leftid        = "3.229.37.95"
leftsourceip  = "10.0.1.234"
leftsubnet    = "184.72.223.116/32"
peer_ip       = "10.10.10.10"
ports         = [
"7000",
]
right         = "10.10.10.10"
rightid       = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet   = "10.41.0.0/16"
salifetime    = 3600
tunnel_name   = "test-tunnel-2"
}
test125231-test-tunnel-3 = {
authby        = "secret"
auto          = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp           = "aes256-sha256-modp2048"
ike           = "aes256-sha256-modp2048"
ikelifetime   = 3600
ikev2         = "no"
keyexchange   = "ike"
left          = "%defaultroute"
leftid        = "10.10.10.10"
leftsourceip  = "10.0.1.234"
leftsubnet    = "190.72.224.115/32"
peer_ip       = "10.10.10.10"
ports         = [
"7000",
]
right         = "10.10.10.10"
rightid       = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet   = "10.41.0.0/16"
salifetime    = 3600
tunnel_name   = "test-tunnel-3"
}
test125231-test-tunnel-4 = {
authby        = "secret"
auto          = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp           = "aes256-sha256-modp2048"
ike           = "aes256-sha256-modp2048"
ikelifetime   = 3600
ikev2         = "no"
keyexchange   = "ike"
left          = "%defaultroute"
leftid        = "10.10.10.10"
leftsourceip  = "10.0.1.234"
leftsubnet    = "10.10.10.10/32"
peer_ip       = "10.10.10.10"
ports         = [
"7000",
]
right         = "10.10.10.10"
rightid       = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet   = "10.41.0.0/16"
salifetime    = 3600
tunnel_name   = "test-tunnel-4"
}
}

My end goal is to use a for each over each port in each lists.

I am using go templating in a terraform template file and this is what I currenlty have and it works for the index position of 0

%{ for key , value in tunnels }
-A PREROUTING  -s ${value.leftsourceip} -p tcp --dport ${value.ports[0]}  -j DNAT --to-destination  1.1.1.1:7000
%{ endfor ~}

any help would be greatly appreciated. I have been researching the merge function to see if its a good use case for this.

The end goal would be to have a separate dport rule for each port.

答案1

得分: 2

你需要展开 tunnles,可以使用 merge 函数来实现:


variable "tunnels" {
    default =   {
      test125231-test-tunnel   = {
           authby        = "secret"
           auto          = "ondemand"
           customer_name = "test125231"
           dh_ingress_ip = "10.0.1.71"
           esp           = "aes256-sha256-modp2048"
           ike           = "aes256-sha256-modp2048"
           ikelifetime   = 3600
           ikev2         = "no"
           keyexchange   = "ike"
           left          = "%defaultroute"
           leftid        = "10.10.10.10"
           leftsourceip  = "10.0.1.122"
           leftsubnet    = "10.0.0.0/16"
           peer_ip       = "10.10.10.10"
           ports         = [
               "7000",
               "7001",
            ]
           right         = "10.10.10.10"
           rightid       = "10.10.10.10"
           rightsourceip = "10.41.0.191"
           rightsubnet   = "10.41.0.0/16"
           salifetime    = 3600
           tunnel_name   = "test-tunnel"
        },
       test125231-test-tunnel-2 = {
           authby        = "secret"
           auto          = "ondemand"
           customer_name = "test125231"
           dh_ingress_ip = "10.0.1.71"
           esp           = "aes256-sha256-modp2048"
           ike           = "aes256-sha256-modp2048"
           ikelifetime   = 3600
           ikev2         = "no"
           keyexchange   = "ike"
           left          = "%defaultroute"
           leftid        = "3.229.37.95"
           leftsourceip  = "10.0.1.234"
           leftsubnet    = "184.72.223.116/32"
           peer_ip       = "10.10.10.10"
           ports         = [
               "7000",
            ]
           right         = "10.10.10.10"
           rightid       = "10.10.10.10"
           rightsourceip = "10.41.0.191"
           rightsubnet   = "10.41.0.0/16"
           salifetime    = 3600
           tunnel_name   = "test-tunnel-2"
        },
       test125231-test-tunnel-3 = {
           authby        = "secret"
           auto          = "ondemand"
           customer_name = "test125231"
           dh_ingress_ip = "10.0.1.71"
           esp           = "aes256-sha256-modp2048"
           ike           = "aes256-sha256-modp2048"
           ikelifetime   = 3600
           ikev2         = "no"
           keyexchange   = "ike"
           left          = "%defaultroute"
           leftid        = "10.10.10.10"
           leftsourceip  = "10.0.1.234"
           leftsubnet    = "190.72.224.115/32"
           peer_ip       = "10.10.10.10"
           ports         = [
               "7000",
            ]
           right         = "10.10.10.10"
           rightid       = "10.10.10.10"
           rightsourceip = "10.41.0.191"
           rightsubnet   = "10.41.0.0/16"
           salifetime    = 3600
           tunnel_name   = "test-tunnel-3"
        },
       test125231-test-tunnel-4 = {
           authby        = "secret"
           auto          = "ondemand"
           customer_name = "test125231"
           dh_ingress_ip = "10.0.1.71"
           esp           = "aes256-sha256-modp2048"
           ike           = "aes256-sha256-modp2048"
           ikelifetime   = 3600
           ikev2         = "no"
           keyexchange   = "ike"
           left          = "%defaultroute"
           leftid        = "10.10.10.10"
           leftsourceip  = "10.0.1.234"
           leftsubnet    = "10.10.10.10/32"
           peer_ip       = "10.10.10.10"
           ports         = [
               "7000",
            ]
           right         = "10.10.10.10"
           rightid       = "10.10.10.10"
           rightsourceip = "10.41.0.191"
           rightsubnet   = "10.41.0.0/16"
           salifetime    = 3600
           tunnel_name   = "test-tunnel-4"
        }
    }
}





locals {
    tunnels_flat = merge([
           for tunnel_name, tunnel_details in var.tunnels:
            {
                for idx, port in tunnel_details.ports: 
                    "${tunnel_name}-${port}" => merge({                       
                        port          = port
                    }, tunnel_details)
            }
        ]...)
}

然后你可以进行迭代(伪代码):

%{ for key , value in local.tunnels_flat }

-A PREROUTING  -s ${value.leftsourceip} -p tcp --dport ${value.port}  -j DNAT --to-destination  1.1.1.1:7000


%{ endfor ~}
英文:

You have to flatten the tunnles, and merge can be used for that:


variable "tunnels" {
default =   {
test125231-test-tunnel   = {
authby        = "secret"
auto          = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp           = "aes256-sha256-modp2048"
ike           = "aes256-sha256-modp2048"
ikelifetime   = 3600
ikev2         = "no"
keyexchange   = "ike"
left          = "%defaultroute"
leftid        = "10.10.10.10"
leftsourceip  = "10.0.1.122"
leftsubnet    = "10.0.0.0/16"
peer_ip       = "10.10.10.10"
ports         = [
"7000",
"7001",
]
right         = "10.10.10.10"
rightid       = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet   = "10.41.0.0/16"
salifetime    = 3600
tunnel_name   = "test-tunnel"
},
test125231-test-tunnel-2 = {
authby        = "secret"
auto          = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp           = "aes256-sha256-modp2048"
ike           = "aes256-sha256-modp2048"
ikelifetime   = 3600
ikev2         = "no"
keyexchange   = "ike"
left          = "%defaultroute"
leftid        = "3.229.37.95"
leftsourceip  = "10.0.1.234"
leftsubnet    = "184.72.223.116/32"
peer_ip       = "10.10.10.10"
ports         = [
"7000",
]
right         = "10.10.10.10"
rightid       = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet   = "10.41.0.0/16"
salifetime    = 3600
tunnel_name   = "test-tunnel-2"
},
test125231-test-tunnel-3 = {
authby        = "secret"
auto          = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp           = "aes256-sha256-modp2048"
ike           = "aes256-sha256-modp2048"
ikelifetime   = 3600
ikev2         = "no"
keyexchange   = "ike"
left          = "%defaultroute"
leftid        = "10.10.10.10"
leftsourceip  = "10.0.1.234"
leftsubnet    = "190.72.224.115/32"
peer_ip       = "10.10.10.10"
ports         = [
"7000",
]
right         = "10.10.10.10"
rightid       = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet   = "10.41.0.0/16"
salifetime    = 3600
tunnel_name   = "test-tunnel-3"
},
test125231-test-tunnel-4 = {
authby        = "secret"
auto          = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp           = "aes256-sha256-modp2048"
ike           = "aes256-sha256-modp2048"
ikelifetime   = 3600
ikev2         = "no"
keyexchange   = "ike"
left          = "%defaultroute"
leftid        = "10.10.10.10"
leftsourceip  = "10.0.1.234"
leftsubnet    = "10.10.10.10/32"
peer_ip       = "10.10.10.10"
ports         = [
"7000",
]
right         = "10.10.10.10"
rightid       = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet   = "10.41.0.0/16"
salifetime    = 3600
tunnel_name   = "test-tunnel-4"
}
}
}
locals {
tunnels_flat = merge([
for tunnel_name, tunnel_details in var.tunnels:
{
for idx, port in tunnel_details.ports: 
"${tunnel_name}-${port}" => merge({                       
port          = port
}, tunnel_details)
}
]...)
}

Then you will iterate (psudo-code):

%{ for key , value in local.tunnels_flat }
-A PREROUTING  -s ${value.leftsourceip} -p tcp --dport ${value.port}  -j DNAT --to-destination  1.1.1.1:7000
%{ endfor ~}

huangapple
  • 本文由 发表于 2021年11月18日 05:22:25
  • 转载请务必保留本文链接:https://go.coder-hub.com/70011708.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定