我有这样的变量映射:
用户.tfvars
users = {
"testterform" = {
path = "/"
force_destroy = true
email_address = "testterform@example.com"
group_memberships = [ "test1" ]
tags = { department : "test" }
ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAA4l7"
}
"testterform2" = {
path = "/"
force_destroy = true
email_address = "testterform2@example.com"
group_memberships = [ "test1" ]
tags = { department : "test" }
ssh_public_key = ""
}
只有当ssh_public_key用户不为空时,我才想上传 ssh 密钥。但不明白如何检查这个
#main.tf
resource "aws_iam_user" "this" {
for_each = var.users
name = each.key
path = each.value["path"]
force_destroy = each.value["force_destroy"]
tags = merge(each.value["tags"], { Provisioner : var.provisioner, EmailAddress : each.value["email_address"] })
}
resource "aws_iam_user_group_membership" "this" {
for_each = var.users
user = each.key
groups = each.value["group_memberships"]
depends_on = [ aws_iam_user.this ]
}
resource "aws_iam_user_ssh_key" "this" {
for_each = var.users
username = each.key
encoding = "SSH"
public_key = each.value["ssh_public_key"]
depends_on = [ aws_iam_user.this ]
}
Mar*_*ins 11
听起来您在这里需要的是派生的“具有非空 SSH 密钥的用户”映射。您可以使用表达式的if子句从现有集合派生新集合,同时过滤掉一些元素:for
resource "aws_iam_user_ssh_key" "this" {
for_each = {
for name, user in var.users : name => user
if user.ssh_public_key != ""
}
username = each.key
encoding = "SSH"
public_key = each.value.ssh_public_key
depends_on = [aws_iam_user.this]
}
这里的派生映射使用与原始映射相同的键和值var.users,但只是缺少其中的一些。这意味着each.key结果将相关联,因此您仍将获得与username预期相同的值,并且您的实例将具有类似aws_iam_user_ssh_key.this["testterform"].
| 归档时间: |
|
| 查看次数: |
6656 次 |
| 最近记录: |