在 Terraform 变量中使用 JSON 格式的字符串

Question

我正在 Terraform 版本 0.14.15 上使用 for_each 方法创建一些资源。该资源有一个属性 input_parameters，它采用 JSON 格式的字符串作为其值。我使用单独的对象在地图变量中定义这个值。我将值指定为 JSON 格式的字符串，但在执行时出现错误，提示我需要声明一个字符串。任何有关修复此错误的见解都会有所帮助。下面是我声明资源和变量的方式。

资源

resource "aws_config_config_rule" "managed_rules" {
  for_each         = var.managed_rules
  name             = each.value.name
  description      = each.value.description
  input_parameters = each.value.input_parameters

  source {
    owner             = each.value.owner
    source_identifier = each.value.source_identifier
  }

  depends_on = [aws_config_configuration_recorder.config_recorder]
}

多变的

variable "managed_rules" {
  type = map(object({
    name              = string
    description       = string
    owner             = string
    source_identifier = string
# Is there a variable for strings in JSON format?
    input_parameters  = string
  }))
  default = {
    "1" = {
      name              = "alb-http-to-https-redirection-check"
      description       = "Checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancers. The rule is NON_COMPLIANT if one or more HTTP listeners of Application Load Balancer do not have HTTP to HTTPS redirection configured."
      owner             = "AWS"
      source_identifier = "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK"
      input_parameters = {
        "MaximumExecutionFrequency" : "TwentyFour_Hours",
      }
  }

错误

This default value is not compatible with the variable's type constraint:
element "2": attribute "input_parameters": string required.

使用 jsonencode 函数更新代码并将 input_parameters 更改为 any 后，出现以下错误：

    This default value is not compatible with the variable's type constraint:
collection elements cannot be unified.

Answer 1

这里发生了一些事情：

1. 资源需要input_parameters是 JSON 编码的字符串
2. 您将变量类型设置为字符串
3. 您将对象类型传递到仅接受字符串类型的变量中

所以(2)和(3)是矛盾的。在某些时候，您必须将对象转换为 JSON 字符串。您可以在将其作为输入变量传递之前执行此操作，也可以更改输入变量以接受对象并将对象提供给资源时将其转换为 JSON。

我选择第二个选项，因为将对象而不是字符串传递到模块中更直观。所以，试试这个：

resource "aws_config_config_rule" "managed_rules" {
  for_each         = var.managed_rules
  name             = each.value.name
  description      = each.value.description
  input_parameters = jsonencode(each.value.input_parameters)

  source {
    owner             = each.value.owner
    source_identifier = each.value.source_identifier
  }

  depends_on = [aws_config_configuration_recorder.config_recorder]
}


variable "managed_rules" {
  type = map(object({
    name              = string
    description       = string
    owner             = string
    source_identifier = string
# Is there a variable for strings in JSON format?
    input_parameters  = any
  }))
  default = {
    "1" = {
      name              = "alb-http-to-https-redirection-check"
      description       = "Checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancers. The rule is NON_COMPLIANT if one or more HTTP listeners of Application Load Balancer do not have HTTP to HTTPS redirection configured."
      owner             = "AWS"
      source_identifier = "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK"
      input_parameters = {
        "MaximumExecutionFrequency" : "TwentyFour_Hours",
      }
  }

jsonencode请注意，我已在资源中使用input_parameters，并且已将该字段的变量类型更改为any（因此它将接受任何结构的对象）。

Answer 2

input_parameters = {
    "MaximumExecutionFrequency" : "TwentyFour_Hours",
  }

这必须是字符串而不是对象，因为您将其定义为字符串