如何解决Terraform:如何迭代通过json文件输入的地图的键值对
这是我输入的json文件:
{
"inputs": [
{
"acct_id": "foo-bar-15","display_name": "foo bar","project-role-pairs": {"test-1234": "roles/logging.logWriter","test-2345": "roles/storage.objectViewer"}
},{
"acct_id": "foo-bar-16","display_name": "john doe","project-role-pairs": {"test-3456": "roles/logging.logWriter","test-4567": "roles/storage.objectViewer"}
}
]
}
代码: 这是我的代码,基于输入在GCP中创建服务帐户(该部分工作正常)。它还尝试根据上面的json文件中的project-roles-pairs映射在2个项目中创建IAM角色。我无法浏览地图。我根本不知道为什么。就目前而言,代码只是将映射中的第一个键用于两者,就好像没有第二对键值一样。我一直在寻找“扁平化”的动态块和setproduct。它们似乎不适合用例,或者我无法有效使用它们。请帮忙。
locals {
json_data_7 = jsondecode(file("./data7.json"))
}
# Creates a Service Account for each top level in input
resource "google_service_account" "service_accounts_for_each_7" {
for_each = {for v in local.json_data_7.inputs: v.acct_id => v.display_name}
account_id = each.key
display_name = each.value
}
#
resource "google_project_iam_member" "rolebinding" {
for_each = { for v in local.json_data_7.inputs: v.acct_id => v }
project = element(keys(each.value.project-role-pairs),0) #ONLYfirst key in MAP,not what I want,I would like this part loop through map and create a role for each KV-pair in JSON input
role = lookup(each.value.project-role-pairs,element(keys(each.value.project-role-pairs),0))
member = "serviceAccount:${google_service_account.service_accounts_for_each_7[each.key].email}"
}
问题:
如何使我的代码遍历JSON文件中输入的两个键值对:project-roles-pairs?谢谢。
解决方法
如果我理解正确,则需要在inputs和project-role-pairs上进行两次迭代。因此,您可以首先创建一个helper_list,如下所示:
locals {
helper_list = flatten([ for v in local.json_data_7.inputs:
[ for project,role in v.project-role-pairs:
{ "project" = project
"role" = role
acct_id = v.acct_id
display_name = v.display_name}
]
])
}
以上将导致helper_list为:
[
{
"acct_id" = "foo-bar-15"
"display_name" = "foo bar"
"project" = "test-1234"
"role" = "roles/logging.logWriter"
},{
"acct_id" = "foo-bar-15"
"display_name" = "foo bar"
"project" = "test-2345"
"role" = "roles/storage.objectViewer"
},{
"acct_id" = "foo-bar-16"
"display_name" = "john doe"
"project" = "test-3456"
"role" = "roles/logging.logWriter"
},{
"acct_id" = "foo-bar-16"
"display_name" = "john doe"
"project" = "test-4567"
"role" = "roles/storage.objectViewer"
},]
随后,您的google_project_iam_member可能是:
resource "google_project_iam_member" "rolebinding" {
for_each = { for idx,v in local.helper_list: idx => v }
project = each.value.project
role = each.value.role
member = "serviceAccount:${google_service_account.service_accounts_for_each_7[each.value.acct_id].email}"
}
请注意,由于我通常不使用GCP,因此上述内容可能需要进行调整,因此无法验证google_project_iam_member的外观。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
