Terraform - 动态安全规则在 Azure 中不起作用

tag-icon tag-icon azure terraform
Terraform - 动态安全规则在 Azure 中不起作用

我无法看到 Azure 网络安全组 (NSG) 中创建的动态规则。我的模板在验证检查中看起来没问题。但是,当我运行 terraform apply 时,NSG 创建的规则没有我放在动态规则部分下的自定义规则。由于这是模块的一部分,我必须使用一些逻辑进行迭代。

下面是来自 module.tf 文件中的代码

resource "azurerm_network_security_group" "nsg" {
for_each            = var.subnet_prefix
name                = lower("nsg_${each.key}_in")
resource_group_name = var.vnet_resourcegroup
location            = var.location
dynamic "security_rule" {
for_each = lookup (each.value, "nsg_rules", [])
content {
name                       = lookup(security_rule.value,"name",null)
description             =  lookup(security_rule.value, "description", null)
priority                   = lookup(security_rule.value,"priority",null)    
direction                  = lookup(security_rule.value,"direction",null)
access                     = lookup(security_rule.value,"access",null)
protocol                   = lookup(security_rule.value,"protocol",null)
source_port_range          = "*"
destination_port_range     = lookup(security_rule.value,"destination_port_range",null)
source_address_prefix      = lookup(security_rule.value,"source_address_prefix",null)
destination_address_prefix = lookup(security_rule.value,"destination_address_prefix",null)
}
}
}

这些值将来自 terraform.tfvars 文件,我已将其声明如下。为了符合要求,我已使用随机文本删除了原始值。

subnet_prefix = {
sa0 = {
prefix = "dc-subnet"
address_space = ["XXXXXX"]
nsg_name = "nsg0"
nsg_rules = [
{
        name                         = "rule1"
        description                  = "XXXXXX"
        priority                     = 220
        direction                    = "Outbound"
        access                       = "Allow"
        protocol                     = "*"
        source_port_range            = "*"
        source_port_ranges           = null
        destination_port_range       = *
        destination_port_ranges      = null
        source_address_prefix        = "*"
        source_address_prefixes      = null
        destination_address_prefix   = "X.X.X.X/26"
        destination_address_prefixes = null
        source_application_security_group_names      = []
        destination_application_security_group_names = []
      }
]
}
}

答案1

请尝试以下操作:

你试过吗<https://stackoverflow.com/questions/73322355/dynamic-block-is-able-to-add-nsg-rules-properly-but-unable-to-remove-all-the-rul?noredirect=1#comment129487832_73322355> 这是我的问题,但动态正在工作,只是无法删除所有安全规则。您可以删除直到剩下一个项目。但无法删除项目 0

相关内容