0
heat_template_version: 2017-02-24
......
......
......
conditions:
    port_security_enabled:
        equals:
            - { get_param: port_security_enabled }
            - "true"

resources:
    port:
        type: OS::Neutron::Port
        properties:
            admin_state_up: true
            network_id: { get_param: internal_net }
            port_security_enabled: { get_param: port_security_enabled }
            security_groups: { get_param: security_group }

我想创建一个条件,所以如果我设置“port_security_enabled = false”,安全组将不会应用于 port.properties。如果我设置“port_security_enabled = true”,则将应用安全组。

请帮我

4

2 回答 2

0

我找到了解决方案。

我创建了两个端口 1 带有安全组,另一个没有安全组。


conditions:

    port_security_disable: {equals : [{get_param: port_security_enabled}, "disabled"]}

resources:
    port1:
        type: OS::Neutron::Port
        properties:
            admin_state_up: true
            network_id: { get_param: internal_net }
            security_groups:
                - { get_param: security_group }
    port2:
        type: OS::Neutron::Port
        properties:
            admin_state_up: true
            network_id: { get_param: internal_net }
            port_security_enabled: false

    instance_floatingip:
        type: OS::Neutron::FloatingIP
        properties:
            floating_network_id: { get_param: public_network_id }
            port_id: {if: ["port_security_disable", { get_resource: port2 }, { get_resource: port1 } ]}

    instance:
        properties:
            networks:
                - port: {if: ["port_security_disable", { get_resource: port2 }, { get_resource: port1 } ]}

我知道它变得越来越复杂。但我没有找到任何最简单的解决方案。

于 2020-11-01T07:25:30.387 回答
0

这可能工作正常:

security_groups: {if: [port_security_enabled, [{get_resource: security_group}], []]}
于 2020-10-26T10:24:38.963 回答