一千萬個為什麽

搜索

Terraform:僅應用一個tf文件



我在 securitygroup.tf 文件中有我的安全組。

在同一個目錄中有很多其他資源描述(rds,ec2等)。

有沒有辦法為我的 securitygroups.tf 執行 terraform apply --auto-approve only

轉載註明原文: Terraform:僅應用一個tf文件

一共有 2 個回答:

不是真的。解決這個問題的標準方法是使用例如:

terraform apply -target=aws_security_group.my_sg

但是這只會一次應用一個安全組,所以如果你有很多安全組會很繁瑣(不,你不能在一個命令中定位多個資源)。

但是,可能有幾種解決方法:

  • The -target parameter respects dependencies.

    This means if you were to eg. -target=aws_instance.my_server and that instance had, say, five security groups attached to it via interpolation, changes to those security groups should be included in the plan (I haven't thoroughly tested this, but I believe this is how it works).

    That is a bit messy though, as you probably don't want to touch an instance. A safer alternative might be using something like a null_resource to provide a target for the security groups, but again I haven't tried this (there might be another 'safe' resource you could rely on, though?).

  • Use a script to temporarily isolate the file.

    Given you're using --auto-approve I'm guessing you might be running this in automation. So, you could potentially do something like this in your CI script:

    ls *.tf | grep -v security-groups.tf | xargs -I % mv % %.bak
    terraform apply --auto-approve
    

    That would make all of your *.tf files, except for the security groups, 'invisible' to Terraform for that run, as they'll have the .bak extension. Of course, you might also need to exclude your config.tf (or wherever you have your provider configured) and any other files that the security groups rely on.

看起來不可能。 這是加載配置文件的代碼,它加載所有* .tf文件來自當前目錄(或指定的文件),並且沒有任何內容可以將配置限制為單個文件。