英文:
false/null value equivalent for source_policy_documents in terraform
问题
在Terraform中,我有一个名为aws_iam_policy_document的如下定义:
data "aws_iam_policy_document" "policydoc" {
statement {
sid = "denys3access"
effect = "Deny"
actions = [
"s3:*"
]
resources = ["*"]
}
}
我希望在另一个aws_iam_policy_document中使用它,但仅当var.env不等于staging时。我尝试了以下方式:
data "aws_iam_policy_document" "newpolicydoc" {
source_policy_documents = [
data.aws_iam_policy_document.commonpolicy.json,
var.env != "staging" ? data.aws_iam_policy_document.policydoc.json : {}
]
}
但我遇到了错误:
> 真和假的结果表达式必须具有一致的类型。给定的表达式分别是字符串和对象。
然后我尝试了以下方式:
data "aws_iam_policy_document" "newpolicydoc" {
source_policy_documents = [
data.aws_iam_policy_document.commonpolicy.json,
var.env != "staging" ? data.aws_iam_policy_document.policydoc.json : ""
]
}
但现在显示的错误是
> panic: 接口转换:接口 {} 是 nil,而不是字符串。
和
> 插件.(*GRPCProvider).UpgradeResourceState 请求被取消。
我知道我可以做类似以下的事情:
data "aws_iam_policy_document" "newpolicydoc" {
source_policy_documents = var.env != "staging" ? [
data.aws_iam_policy_document.commonpolicy.json,
data.aws_iam_policy_document.policydoc.json
] : [
data.aws_iam_policy_document.commonpolicy.json
]
}
但随着我引入更多依赖于某些变量值的资源,这可能会变得复杂。是否有人知道一种更简洁的方式(与我早期尝试一致),可以根据变量的值添加资源?
英文:
In terraform I have a aws_iam_policy_document as follows:
data "aws_iam_policy_document" "policydoc" {
statement {
sid = "denys3access"
effect = "Deny"
actions = [
"s3:*"
]
resources = ["*"]
}
}
I wish to use this in another aws_iam_policy_document but only if var.env is not staging. I have tried the following:
data "aws_iam_policy_document" "newpolicydoc" {
source_policy_documents = [
data.aws_iam_policy_document.commonpolicy.json,
var.env != "staging" ? data.aws_iam_policy_document.policydoc.json : {}
]
}
but I get the error
> The true and false result expressions must have consistent types. The given expressions are string and object, respectively.
Then I tried the following:
data "aws_iam_policy_document" "newpolicydoc" {
source_policy_documents = [
data.aws_iam_policy_document.commonpolicy.json,
var.env != "staging" ? data.aws_iam_policy_document.policydoc.json : ""
]
}
but now the errors shown are
> panic: interface conversion: interface {} is nil, not string
and
> The plugin.(*GRPCProvider).UpgradeResourceState request was cancelled.
I know I could do something like:
data "aws_iam_policy_document" "newpolicydoc" {
source_policy_documents = var.env != "staging" ? [
data.aws_iam_policy_document.commonpolicy.json,
data.aws_iam_policy_document.policydoc.json
] : [
data.aws_iam_policy_document.commonpolicy.json
]
}
but this could get convoluted as I introduce more resources that are dependent on the values of certain variables. Does anyone know a more concise way (in line with my earlier attempts) that would allow me to add resources based on the values of variables?
答案1
得分: 1
由于您正在使用数据源中的JSON数据,如果三元运算符中的结果为false,即如果变量env不等于staging以外的任何值,将空映射添加为值将无法正常工作,因为数据类型必须匹配。要解决此问题,您可以使用jsonencode内置函数将映射转换为JSON数据结构:
data "aws_iam_policy_document" "newpolicydoc" {
source_policy_documents = [
data.aws_iam_policy_document.commonpolicy.json,
var.env != "staging" ? data.aws_iam_policy_document.policydoc.json : jsonencode({})
]
}
<details>
<summary>英文:</summary>
Since you are using JSON data from the data source, adding an empty map as a value if the result in the ternary operator is `false`, i.e., if the variable `env` is equal to anything else than `staging`, will not work, as type of data has to match. To fix this, you can use [`jsonencode` built-in][1] function to convert the map to a JSON data structure:
```hcl
data "aws_iam_policy_document" "newpolicydoc" {
source_policy_documents = [
data.aws_iam_policy_document.commonpolicy.json,
var.env != "staging" ? data.aws_iam_policy_document.policydoc.json : jsonencode({})
]
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论