3

目前我正在尝试在 Terraform 中创建一个通用的 sql_database 模块。我想控制要包含在此资源中的参数。例如,一次我需要必需的参数,但下一次在另一个项目中我需要它们加上带有所有嵌套参数的威胁检测策略块。

modules/sql_database.tf

resource "azurerm_sql_database" "sql-db" {
  name                             = var.sql-db-name
  resource_group_name              = data.azurerm_resource_group.rg-name.name
  location                         = var.location
  server_name                      = var.server-name
  edition                          = var.sql-db-edition
  collation                        = var.collation
  create_mode                      = var.create-mode
  requested_service_objective_name = var.sql-requested-service-objective-name
  read_scale                       = var.read-scale
  zone_redundant                   = var.zone-redundant

  extended_auditing_policy {
    storage_endpoint                        = var.eap-storage-endpoint
    storage_account_access_key              = var.eap-storage-account-access-key
    storage_account_access_key_is_secondary = var.eap-storage-account-access-key-is-secondary
    retention_in_days                       = var.eap-retention-days
  }

  import = {
    storage_uri                  = var.storage-uri
    storage_key                  = var.storage-key
    storage_key_type             = var.storage-key-type
    administrator_login          = var.administrator-login
    administrator_login_password = var.administrator-login-password
    authentication_type          = var.authentication-type
    operation_mode               = var.operation-mode
  }

  threat_detection_policy = {
    state                      = var.state
    disabled_alerts            = var.disabled-alerts
    email_account_admins       = var.email-account-admins
    email_addresses            = var.email-addresses
    retention_days             = var.retention-days
    storage_account_access_key = var.storage-account-access-key
    storage_endpoint           = var.storage-endpoint
    use_server_default         = var.use-server-default
  }
}

modules/variables.tf(少数 sql_database 变量)

variable "sql-db-edition" {
  type        = string
}
...

variable "state" { #for example this should be optional
  type        = string
}
...

main.tf

module "sql_database" {
  source = "./modules/sql_database"

  sql-db-name = "sqldbs-example"
  location    = "westus"
  server-name = "sqlsrv-example"

    storage-uri                        = "" #some values 
    storage-key                        = ""
    storage-key_type                   = ""
    administrator-login                = ""
    administrator-login-password       = ""
    authentication-type                = ""
    operation-mode                     = ""

  sql-db-edition                       = "Standard"
  collation                            = "SQL_LATIN1_GENERAL_CP1_CI_AS"
  create-mode                          = "Default"
  sql-requested_service_objective_name = "S0"
  requested_service_objective_id       = ""
  read-scale = "false"
  zone_redundant                       = ""
  source_database_id                   = ""
  restore_point_in_time                = ""
  max_size_bytes                       = ""
  source_database_deletion_date        = ""
  elastic_pool_name                    = ""

#variables below should be all optional
    state                              = ""
    disabled_alerts                    = ""  
    email_account_admins               = ""
    email_addresses                    = ""
    retention_days                     = 6
    storage_account_access_key         = ""
    storage_endpoint                   = ""
    use_server_default                 = ""

  storage_endpoint                        = ""
  storage_account_access_key              = ""
  storage_account_access_key_is_secondary = "false"
  retention_in_days                       = 6
}

提前感谢您的帮助!

4

1 回答 1

1

对于您的要求,我认为一种可能的方法是在模块内设置默认值,并使默认值像您没有设置它们一样。比如threat_detection_policyblock中的property use_server_default,不设置时,默认值为Disabled。当你想设置它们时,只需在模块块中输入值。

于 2020-05-07T02:20:51.557 回答