0

我有以下代码来创建私有端点,如果提供,也将与私有 dns 区域相关联,但是,私有端点被装箱忽略我输入的私有 dns 区域值,将其视为 Null 资源。我不确定动态块内出了什么问题

resource "azurerm_private_endpoint" "this" {
  name                = join("", [lookup(var.service_subresource_map, "name"), "-pvt-endpoint"])
  location            = var.location
  resource_group_name = var.resource_group_name
  subnet_id           = data.azurerm_subnet.endpoint_subnet.id
  tags                = var.tags

  private_service_connection {
    name                           = join("", [lookup(var.service_subresource_map, "name"), "-pvt-endpoint-conn"])
    private_connection_resource_id = lookup(var.service_subresource_map, "resource_id")
    subresource_names              = [lookup(var.service_subresource_map, "subresource_name")]
    is_manual_connection           = false
  }

  dynamic "private_dns_zone_group" {
    for_each = var.private_dns_zone_group[*]

    content {
      name                 = private_dns_zone_group.value.name
      private_dns_zone_ids = private_dns_zone_group.value.private_dns_zone_ids
    }
  }

我在 private_dns_zone_group 中提供的值是这个

private_dns_zone_group = {
    name = "private-dns-zone-group"
    private_dns_zone_ids = [
      "/subscriptions/xxx/resourceGroups/rogertest/providers/Microsoft.Network/privateDnsZones/example.com",
    ]
  }

变量如下

variable "private_dns_zone_group" {
 
  type = object({
    name                 = string
    private_dns_zone_ids = list(string)
  })
  default = null
}

除私有 dns 区域关联外,所有内容均已正确部署

如果我用这样的简单块替换动态块

private_dns_zone_group {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [
      "/subscriptions/xxx/resourceGroups/rogertest/providers/Microsoft.Network/privateDnsZones/example.com",
    ]
  }

然后它工作。

4

2 回答 2

0

根据您的服务,如果您想使用私有端点,那么您必须根据私有 DNS 区域的命名约定正确命名,这可以从这里引用Microsoft Documentation。例如,如果您正在为和创建私有端点App Service,那么您的私有 DNS 组将具有带名称的区域 ID:。 StorageSQL['privatelink.azurewebsites.net','privatelink.blob.core.windows.net','privatelink.database.windows.net']

我使用您的代码仅对应用程序服务进行了相同的测试:

.tfvars

private_dns_zone_group = {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [
      "/subscriptions/xxxxx/resourceGroups/xxxxx/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net"
    ]
}

Main.tf

provider "azurerm" {
  features{}
}

variable "private_dns_zone_group" {
 
  type = object({
    name                 = string
    private_dns_zone_ids = list(string)
  })
  default = null
}
data "azurerm_subnet" "endpoint_subnet" {
  name                 = "default"
  virtual_network_name = "ansuman-vnet"
  resource_group_name  = "xxxxxx"
}

resource "azurerm_private_endpoint" "this" {
  name                = "appservice-pvt-endpoint"
  location            = "west us 2"
  resource_group_name = data.azurerm_subnet.endpoint_subnet.resource_group_name
  subnet_id           = data.azurerm_subnet.endpoint_subnet.id

  private_service_connection {
    name                           =  "appservice-pvt-endpoint-conn"
    private_connection_resource_id = "/subscriptions/xxxxx/resourcegroups/xxxxx/providers/Microsoft.Web/sites/ansumantestapp"
    subresource_names              = ["sites"]
    is_manual_connection           = false
  }

  dynamic "private_dns_zone_group" {
    for_each = var.private_dns_zone_group[*]

    content {
      name                 = private_dns_zone_group.value.name
      private_dns_zone_ids = private_dns_zone_group.value.private_dns_zone_ids
    }
  }
}

输出:

在此处输入图像描述

在此处输入图像描述

笔记:

  • 请确保您拥有最新版本的Azurerm ProviderTerraform

  • 如果您仍然收到错误,请尝试从私有 DNS 组变量块中删除默认参数:

    variable "private_dns_zone_group" {

  type = object({
    name                 = string
    private_dns_zone_ids = list(string)
  })
  default = null ## remove this argument
}
于 2022-01-31T09:31:35.270 回答
0

终于找到原因了..我把资源“azurerm_private_endpoint”“this”作为一个模块,当我调用模块时,我忘记包含private_dns_zone_group = var.private_dns_zone_group

所以当然,它总是缺少 tfvar 值......总是那么简单......

于 2022-01-31T22:05:01.447 回答