1

我正在尝试使用 Terraform 在 Azure 中创建 NSG。

Terraform 版本为v0.15.2,提供者版本为 azurerm v2.61.0

这是我的 TF 文件中的一段代码。

  resource "azurerm_network_security_group" "nsg" {
  name                = "SG"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name


  security_rule = [{
    access                                     = "Allow"
    description                                = "SSH Rule"
    destination_address_prefix                 = "*"
    destination_address_prefixes               = ["*"]
    destination_port_range                     = "*"
    destination_port_ranges                    = ["22"]
    direction                                  = "Inbound"
    name                                       = "SSH Rule"
    priority                                   = 100
    protocol                                   = "Tcp"
    source_address_prefix                      = "*"
    source_address_prefixes                    = ["*"]
    source_port_range                          = "22"
    source_port_ranges                         = ["22"]
    source_application_security_group_ids      = [""]
    destination_application_security_group_ids = [""]

  }]
}

现在,当我运行terraform plan&时terraform apply,我得到了预期的输出:

* only one of "source_port_range" and "source_port_ranges" can be used per security rule
* only one of "destination_port_range" and "destination_port_ranges" can be used per security rule
* only one of "source_address_prefix" and "source_address_prefixes" can be used per security rule
* only one of "destination_address_prefix" and "destination_address_prefixes" can be used per security rule

现在,当我只保留source_port_range, destination_port_range, source_address_prefix, destination_address_prefix字段并terraform plan再次运行时,它给了我以下错误:

Inappropriate value for attribute "security_rule": element 0: attributes "destination_address_prefixes",
│ "destination_port_ranges", "source_address_prefixes", and "source_port_ranges" are required.

如果我添加这些并删除早期的,我会得到:

│ Inappropriate value for attribute "security_rule": element 0: attributes "destination_address_prefix", "destination_port_range",  
│ "source_address_prefix", and "source_port_range" are required.

为什么会发生这种情况以及如何解决这个问题?

更新

考虑到评论中提到的观点并进行了一些更改以使其正常工作。

注意事项:

  • 即使在文档中提到 Optional,Terraform 也需要 security_rule 块中的所有密钥。
  • 此外,它不允许 Source/destination address_prefixes = ["*"] 像这样。Source/Destination address_prefix 完成了这项工作。
  • 在未提及值的情况下,应使用 [] 而不是 [""]
resource "azurerm_network_security_group" "nsg" {
  name                = "SG"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name


  security_rule = [{
    access                                     = "Allow"
    description                                = "SSH Rule"
    destination_address_prefix                 = "*"
    destination_address_prefixes               = []
    destination_port_range                     = ""
    destination_port_ranges                    = ["22"]
    direction                                  = "Inbound"
    name                                       = "SSH Rule"
    priority                                   = 100
    protocol                                   = "Tcp"
    source_address_prefix                      = "*"
    source_address_prefixes                    = []
    source_port_range                          = "*"
    source_port_ranges                         = []
    source_application_security_group_ids      = []
    destination_application_security_group_ids = []

  }]
}
4

1 回答 1

0

你可以试试这个:

  security_rule = [{
    access                                     = "Allow"
    description                                = "SSH Rule"
    destination_address_prefix                 = ""
    destination_address_prefixes               = ["*"]
    destination_port_range                     = ""
    destination_port_ranges                    = ["22"]
    direction                                  = "Inbound"
    name                                       = "SSH Rule"
    priority                                   = 100
    protocol                                   = "Tcp"
    source_address_prefix                      = ""
    source_address_prefixes                    = ["*"]
    source_port_range                          = ""
    source_port_ranges                         = ["22"]
    source_application_security_group_ids      = []
    destination_application_security_group_ids = []

  }]
}

您在两个字段中定义值 - 即 Terraform 将只接受其中一个destination_port_rangedestination_port_ranges不接受两者之一。其他属性也是如此。

于 2021-06-02T07:58:46.287 回答