Terraform 依赖于模块 [英] Terraform depends_on with modules

问题描述

我是 terraform 的新手，我创建了一个关于模块结构的自定义 azure 策略.每个策略代表一个自定义模块.我创建的模块之一是为创建的任何新 Azure 资源启用诊断日志.但是，我需要一个存储帐户.(在启用诊断设置之前，我如何实施 "depends_on"?或任何其他方法?我想先创建存储帐户，然后再创建诊断设置模块.在 main.tf (调用所有其他模块的地方)还是资源(模块)内部?

I'm new at terraform and I created a custom azure policies on module structure. each policy represents a custom module. One of the modules that I have created is enabling diagnostics logs for any new azure resource created. but, I need a storage account for that. (before enabling the diagnostics settings how can I implement "depends_on"? or any other methods? I want to create first the storage account and then the module of diagnostics settings. on the main.tf (where calling all the other modules) or inside the resource (module)?

感谢您的帮助！！:)

Thanks for the help!! :)

以下代码代表 main.tf 文件:

//calling the create storage account name

module "createstorageaccount" {

source = "./modules/module_create_storage_account"
    depends_on = [
    "module_enable_diagnostics_logs"
  ]

}

这个代表创建存储账户模块

resource "azurerm_resource_group" "management" {


  name     = "management-rg"
  location = "West Europe"
}

resource "azurerm_storage_account" "test" {
  name                     = "diagnostics${azurerm_resource_group.management.name}"
  resource_group_name      = "${azurerm_resource_group.management.name}"
  location                 = "${azurerm_resource_group.management.location}"
  account_tier             = "Standard"
  account_replication_type = "LRS"

  tags = {
    environment = "diagnostics"
  }
}

    depends_on = [
    "module_enable_diagnostics_logs"
  ]

推荐答案

在大多数情况下，必要的依赖关系只是由于您的引用而自动发生.如果一个资源的配置直接或间接引用另一个资源，Terraform 会自动推断它们之间的依赖关系，而无需显式 depends_on.

In most cases, the necessary dependencies just occur automatically as a result of your references. If the configuration for one resource refers directly or indirectly to another, Terraform automatically infers the dependency between them without the need for explicit depends_on.

这是因为模块变量和输出也是依赖图中的节点:如果子模块资源引用 var.foo 那么它间接依赖于该变量的值所依赖的任何东西.

This works because module variables and outputs are also nodes in the dependency graph: if a child module resource refers to var.foo then it indirectly depends on anything that the value of that variable depends on.

对于自动依赖检测不足的罕见情况，您仍然可以利用模块变量和输出是依赖关系图中的节点这一事实来创建间接显式依赖关系，如下所示:

For the rare situation where automatic dependency detection is insufficient, you can still exploit the fact that module variables and outputs are nodes in the dependency graph to create indirect explicit dependencies, like this:

variable "storage_account_depends_on" {
  # the value doesn't matter; we're just using this variable
  # to propagate dependencies.
  type    = any
  default = []
}

resource "azurerm_storage_account" "test" {
  name                     = "diagnostics${azurerm_resource_group.management.name}"
  resource_group_name      = "${azurerm_resource_group.management.name}"
  location                 = "${azurerm_resource_group.management.location}"
  account_tier             = "Standard"
  account_replication_type = "LRS"

  tags = {
    environment = "diagnostics"
  }

  # This resource depends on whatever the variable
  # depends on, indirectly. This is the same
  # as using var.storage_account_depends_on in
  # an expression above, but for situations where
  # we don't actually need the value.
  depends_on = [var.storage_account_depends_on]
}

当您调用此模块时，您可以将 storage_account_depends_on 设置为包含要确保在存储帐户之前创建的对象的任何表达式:

When you call this module, you can set storage_account_depends_on to any expression that includes the objects you want to ensure are created before the storage account:

module "diagnostic_logs" {
  source = "./modules/diagnostic_logs"
}

module "storage_account" {
  source = "./modules/storage_account"

  storage_account_depends_on = [module.diagnostic_logs.logging]
}

然后在你的diagnostic_logs模块中你可以为logging输出配置间接依赖，完成模块之间的依赖链接:

Then in your diagnostic_logs module you can configure indirect dependencies for the logging output to complete the dependency links between the modules:

output "logging" {
  # Again, the value is not important because we're just
  # using this for its dependencies.
  value = {}

  # Anything that refers to this output must wait until
  # the actions for azurerm_monitor_diagnostic_setting.example
  # to have completed first.
  depends_on = [azurerm_monitor_diagnostic_setting.example]
}

如果您的关系可以通过传递实际的值来表达，例如通过包含 id 的输出，我建议首选这种方法，因为它会导致配置更容易跟随.但在资源之间存在无法建模为数据流的关系的极少数情况下，您也可以使用输出和变量来传播模块之间的显式依赖关系.

If your relationships can be expressed by passing actual values around, such as by having an output that includes the id, I'd recommend preferring that approach because it leads to a configuration that is easier to follow. But in rare situations where there are relationships between resources that cannot be modeled as data flow, you can use outputs and variables to propagate explicit dependencies between modules too.

这篇关于Terraform 依赖于模块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！