我想使用该google-terraform-network
模块创建一个网络。另外,我想将我制定的防火墙规则作为参数传递给模块,以便创建的网络包含这两条规则。
当我直接通过防火墙规则时,即:
firewall_rules = [google_compute_firewall.allow_ssh, google_compute_firewall.allow_http]
我收到以下错误:The given value is not suitable for module.vpc.module.firewall_rules.var.rules declared at .terraform/modules/vpc/modules/firewall-rules/variables.tf:27,1-17: element 0: attribute "log_config": object required.
。
另一方面,当我传递时self_link
,即:
firewall_rules = [google_compute_firewall.allow_ssh.self_link, google_compute_firewall.allow_http.self_link]
我收到许多以下形式的错误:
Error: Invalid function argument
│
│ on .terraform/modules/vpc/main.tf line 70, in locals:
│ 70: deny = lookup(f, "deny", [])
│
│ Invalid value for "inputMap" parameter: lookup() requires a map as the first argument.
完整的内容如下main.tf
:
provider "google" {
project = var.project
region = var.region
zone = var.zone
}
// firewall rule to allow ssh
resource "google_compute_firewall" "allow_ssh" {
name = "allow-ssh"
network = var.network_name
allow {
protocol = "tcp"
ports = ["22"]
}
source_ranges = ["0.0.0.0/0"]
}
// firewall rule to allow http
resource "google_compute_firewall" "allow_http" {
name = "allow-http"
network = var.network_name
allow {
protocol = "tcp"
ports = ["80"]
}
source_ranges = [""]
}
module "vpc" {
source = "terraform-google-modules/network/google"
version = "~> 7.0"
project_id = var.project
network_name = var.network_name
routing_mode = "GLOBAL"
subnets = [
{
subnet_name = var.subnet_name
subnet_ip = var.subnet_ip
subnet_region = var.region
},
]
firewall_rules = [google_compute_firewall.allow_ssh.self_link, google_compute_firewall.allow_http.self_link]
}
答案1
好的,我找到了解决方案。该firewall_rules
参数要求遵循特定结构的对象列表。添加以下变量并将其分配给参数firewall_rules
可解决问题:
variable "rules" {
description = "List of rule definitions"
default = [
{
name = "allow-ssh-ingress"
direction = "INGRESS"
ranges = ["0.0.0.0/0"]
allow = [{
protocol = "tcp"
ports = ["22"]
}]
deny = []
log_config = {
metadata = "INCLUDE_ALL_METADATA"
}
},
{
name = "allow-http-ingress"
direction = "INGRESS"
ranges = ["0.0.0.0/0"]
allow = [{
protocol = "tcp"
ports = ["80"]
}]
deny = []
log_config = {
metadata = "INCLUDE_ALL_METADATA"
}
}
]
type = list(object({
name = string
description = optional(string)
direction = optional(string)
priority = optional(number)
ranges = optional(list(string))
source_tags = optional(list(string))
source_service_accounts = optional(list(string))
target_tags = optional(list(string))
target_service_accounts = optional(list(string))
allow = optional(list(object({
protocol = string
ports = optional(list(string))
})))
deny = optional(list(object({
protocol = string
ports = optional(list(string))
})))
log_config = optional(object({
metadata = string
}))
}))
}
然后:
firewall_rules = var.rules