У меня есть CSV-файл, подобный приведенному ниже
nsg_name,nsg_rule_name,priority,direction,access,protocol,source_port_range,destination_port_range,source_address_prefix,destination_address_prefix,description
testinsg,testrule,100,Inbound,Allow,Tcp,*,*,*,*,test
testinsg2,testrule2,101,Outbound,Allow,Tcp,*,*,*,*,test
, и блок ресурсов, как показано ниже
resource "azurerm_network_security_group" "this" {
count = length(local.nsgs) > 0 && var.create ? length(local.nsgs) : 0
name = local.nsgs[count.index].nsg_name
location = var.location
resource_group_name = var.resource_group
dynamic "security_rule" {
for_each = [for n in local.nsgs : {
name = n.nsg_rule_name
priority = n.priority
direction = n.direction
access = n.access
protocol = n.protocol
source_port_range = n.source_port_range
destination_port_range = n.destination_port_range
source_address_prefix = n.source_address_prefix
destination_address_prefix = n.destination_address_prefix
description = n.description
}]
content {
name = security_rule.value.name
priority = security_rule.value.priority
direction = security_rule.value.direction
access = security_rule.value.access
protocol = security_rule.value.protocol
source_port_range = security_rule.value.source_port_range
destination_port_range = security_rule.value.destination_port_range
source_address_prefix = security_rule.value.source_address_prefix
destination_address_prefix = security_rule.value.destination_address_prefix
description = security_rule.value.description
}
}
}
Когда я выполняю планирование / применение, ресурс пытается создать правила, подобные ниже
# module.nsgs_with_rules.azurerm_network_security_group.this[0] will be created
+ resource "azurerm_network_security_group" "this" {
+ id = (known after apply)
+ location = "southeastasia"
+ name = "testinsg"
+ resource_group_name = "pub_testing_tf_mofule_env"
+ security_rule = [
+ {
+ access = "Allow"
+ description = "test"
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = "*"
+ destination_port_ranges = []
+ direction = "Inbound"
+ name = "testrule"
+ priority = 100
+ protocol = "Tcp"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
+ {
+ access = "Allow"
+ description = "test"
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = "*"
+ destination_port_ranges = []
+ direction = "Outbound"
+ name = "testrule2"
+ priority = 101
+ protocol = "Tcp"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
]
+ tags = (known after apply)
}
# module.nsgs_with_rules.azurerm_network_security_group.this[1] will be created
+ resource "azurerm_network_security_group" "this" {
+ id = (known after apply)
+ location = "southeastasia"
+ name = "testinsg2"
+ resource_group_name = "pub_testing_tf_mofule_env"
+ security_rule = [
+ {
+ access = "Allow"
+ description = "test"
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = "*"
+ destination_port_ranges = []
+ direction = "Inbound"
+ name = "testrule"
+ priority = 100
+ protocol = "Tcp"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
+ {
+ access = "Allow"
+ description = "test"
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = "*"
+ destination_port_ranges = []
+ direction = "Outbound"
+ name = "testrule2"
+ priority = 101
+ protocol = "Tcp"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
]
+ tags = (known after apply)
}
Но я ищу одно правило, которое я упомянул в CSV для каждого SG, и несколько правил должны применяться, когда я даю дублирующее имя nsg, как показано ниже в CSV
nsg_name,nsg_rule_name,priority,direction,access,protocol,source_port_range,destination_port_range,source_address_prefix,destination_address_prefix,description
testinsg,testrule,100,Inbound,Allow,Tcp,*,*,*,*,test
testinsg,testrule2,101,Outbound,Allow,Tcp,*,*,*,*,test
testinsg,testrule3,103,Outbound,Allow,Tcp,*,*,*,*,test
Я также пытался, как показано ниже, но не работал
dynamic "security_rule" {
for_each = [for n in local.nsgs[count.index] : {
Может, пожалуйста, помогите по этому вопросу?