El *_* so 18 azure terraform terraform-provider-azure
我是 terraform 的新手,我在模块结构上创建了一个自定义的 azure 策略。每个策略代表一个自定义模块。我创建的模块之一是为创建的任何新 azure 资源启用诊断日志。但是,我需要一个存储帐户。(在启用诊断设置之前,我如何实现“depends_on”?或任何其他方法?
我想首先创建存储帐户,然后创建诊断设置模块。在main.tf(调用所有其他模块的地方)或资源内部(模块)?
谢谢您的帮助!!:)
下面的代码代表 main.tf 文件:
//calling the create storage account name
module "createstorageaccount" {
source = "./modules/module_create_storage_account"
depends_on = [
"module_enable_diagnostics_logs"
]
}
这个代表创建存储帐户模块
resource "azurerm_resource_group" "management" {
name = "management-rg"
location = "West Europe"
}
resource "azurerm_storage_account" "test" {
name = "diagnostics${azurerm_resource_group.management.name}"
resource_group_name = "${azurerm_resource_group.management.name}"
location = "${azurerm_resource_group.management.location}"
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "diagnostics"
}
}
depends_on = [
"module_enable_diagnostics_logs"
]
Mar*_*ins 33
在大多数情况下,必要的依赖关系只是作为您引用的结果而自动出现。如果一个资源的配置直接或间接引用另一个资源,Terraform 会自动推断它们之间的依赖关系,而无需显式depends_on.
这是有效的,因为模块变量和输出也是依赖图中的节点:如果子模块资源引用,var.foo那么它间接依赖于该变量的值所依赖的任何东西。
对于自动依赖检测不足的罕见情况,您仍然可以利用模块变量和输出是依赖图中的节点这一事实来创建间接显式依赖,如下所示:
variable "storage_account_depends_on" {
# the value doesn't matter; we're just using this variable
# to propagate dependencies.
type = any
default = []
}
resource "azurerm_storage_account" "test" {
name = "diagnostics${azurerm_resource_group.management.name}"
resource_group_name = "${azurerm_resource_group.management.name}"
location = "${azurerm_resource_group.management.location}"
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "diagnostics"
}
# This resource depends on whatever the variable
# depends on, indirectly. This is the same
# as using var.storage_account_depends_on in
# an expression above, but for situations where
# we don't actually need the value.
depends_on = [var.storage_account_depends_on]
}
当您调用此模块时,您可以设置storage_account_depends_on为任何包含要确保在存储帐户之前创建的对象的表达式:
module "diagnostic_logs" {
source = "./modules/diagnostic_logs"
}
module "storage_account" {
source = "./modules/storage_account"
storage_account_depends_on = [module.diagnostic_logs.logging]
}
然后在你的diagnostic_logs模块中你可以为logging输出配置间接依赖来完成模块之间的依赖链接:
output "logging" {
# Again, the value is not important because we're just
# using this for its dependencies.
value = {}
# Anything that refers to this output must wait until
# the actions for azurerm_monitor_diagnostic_setting.example
# to have completed first.
depends_on = [azurerm_monitor_diagnostic_setting.example]
}
如果您的关系可以通过传递实际值来表达,例如通过包含 id 的输出,我建议您更喜欢这种方法,因为它会导致更易于遵循的配置。但在资源之间存在无法建模为数据流的关系的罕见情况下,您也可以使用输出和变量在模块之间传播显式依赖关系。
Tim*_*att 15
Terraform 13 现在支持模块依赖项,目前处于候选发布阶段。
resource "aws_iam_policy_attachment" "example" {
name = "example"
roles = [aws_iam_role.example.name]
policy_arn = aws_iam_policy.example.arn
}
module "uses-role" {
# ...
depends_on = [aws_iam_policy_attachment.example]
}
| 归档时间: |
|
| 查看次数: |
29709 次 |
| 最近记录: |