如何使用Azure中的Terraform创建包含多个协议的安全规则？

x759pob2 于 2022-11-25 发布在其他

关注(0)|答案(3)|浏览(93)

我的计划是在同一安全规则上允许ICMP和TCP协议，但我遇到了与“属性值类型”相关的问题
我的地形代码：

resource "azurerm_network_security_group" "example" {
  name                = "01-tf-SG"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name

  security_rule {
    name                       = "test123"
    priority                   = 100
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = **["Icmp", "Tcp"]**  ---> iT FAILS!!! 
    source_port_range          = "*"
    destination_port_range     = "*"
    source_address_prefix      = "172.16.25.10/32"
    destination_address_prefix = "10.0.1.10/32"
  }

我没有在terraform repo中找到任何例子：https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule
能够在同一安全规则协议字段上使用多个协议。

Azure

来源：https://stackoverflow.com/questions/74494380/how-do-i-create-a-security-rules-with-multiple-protocols-using-terraform-in-azur

3条答案

按热度按时间

hfsqlsce1#

由于Mark B在他的回答中列出，您无法为protocol提供一个列表。

resource "azurerm_network_security_group" "example" {
  name                = "01-tf-SG"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name

  dynamic "security_rule" {
    for_each = toset(["Icmp", "Tcp"])
    content {
      name                       = "test123"
      priority                   = 100
      direction                  = "Inbound"
      access                     = "Allow"
      protocol                   = security_rule.value
      source_port_range          = "*"
      destination_port_range     = "*"
      source_address_prefix      = "172.16.25.10/32"
      destination_address_prefix = "10.0.1.10/32"
    }
  }
}

赞(0）回复(0）举报 2022-11-25

xurqigkl2#

谢谢@chris Doyle。你的解决方案是最有效的。
注意，你忘记了toset函数中的**[ ]**，所以最终的代码应该是：

resource "azurerm_network_security_group" "example" {
  name                = "01-tf-SG"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name

  dynamic "security_rule" {
    for_each = toset(["Icmp", "Tcp"])
    content {
      name                       = "test123"
      priority                   = 100
      direction                  = "Inbound"
      access                     = "Allow"
      protocol                   = security_rule.value
      source_port_range          = "*"
      destination_port_range     = "*"
      source_address_prefix      = "172.16.25.10/32"
      destination_address_prefix = "10.0.1.10/32"
    }
  }
}

结果：

# azurerm_network_security_group.example will be created
  + resource "azurerm_network_security_group" "example" {
      + id                  = (known after apply)
      + location            = "westeurope"
      + name                = "01-tf-SG"
      + resource_group_name = "RG_AZ_Terraform"
      + security_rule       = [
          + {
              + access                                     = "Allow"
              + description                                = ""
              + destination_address_prefix                 = "10.0.1.10/32"
              + destination_address_prefixes               = []
              + destination_application_security_group_ids = []
              + destination_port_range                     = "*"
              + destination_port_ranges                    = []
              + direction                                  = "Inbound"
              + name                                       = "test123"
              + priority                                   = 100
              + protocol                                   = "Icmp"
              + source_address_prefix                      = "172.16.25.10/32"
              + source_address_prefixes                    = []
              + source_application_security_group_ids      = []
              + source_port_range                          = "*"
              + source_port_ranges                         = []
            },
          + {
              + access                                     = "Allow"
              + description                                = ""
              + destination_address_prefix                 = "10.0.1.10/32"
              + destination_address_prefixes               = []
              + destination_application_security_group_ids = []
              + destination_port_range                     = "*"
              + destination_port_ranges                    = []
              + direction                                  = "Inbound"
              + name                                       = "test123"
              + priority                                   = 100
              + protocol                                   = "Tcp"
              + source_address_prefix                      = "172.16.25.10/32"
              + source_address_prefixes                    = []
              + source_application_security_group_ids      = []
              + source_port_range                          = "*"
              + source_port_ranges                         = []
            },
        ]
    }

赞(0）回复(0）举报 2022-11-25

kd3sttzy3#

协议属性doesn't accept a list。您可能需要创建两个安全规则，或者使用*作为协议。

赞(0）回复(0）举报 2022-11-25