Terraform を使用した構成の生成
Terraform は、構成にまだ存在していない import ブロックに定義するリソースのコードを生成できます。
Experimental 構成生成は、Terraform v1.5 で試験的フィーチャーとして使用可能です。
Terraform を使用して構成を生成するには、以下の手順を実行します。
-
importブロックを追加します。import { to = ibm_cis_ruleset.test id = "dcdec3fe0cbe41edac08619503da8de5:601b728b86e630c744c81740f72570c3:crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::" }ここで、
to: 状態ファイル内でリソースが持つアドレスを指します。 この例では、リソース・モジュールの後に、追加されるリソース名が続きます。id: リソースのインポート ID のリテラル・ストリング、またはストリングに評価される式にすることができます。 この例では、ドメイン ID と CRN はコロンで区切られています。 CIS Terraform インポートの例を参照してください。
-
構成を計画して生成します。
$ terraform plan -generate-config-out=generated.tf ibm_cis_ruleset.test: Preparing import... [id=dcdec3fe0cbe41edac08619503da8de5:601b728b86e630c744c81740f72570c3:crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::] ibm_cis_ruleset.test: Refreshing state... [id=dcdec3fe0cbe41edac08619503da8de5:601b728b86e630c744c81740f72570c3:crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::] Terraform will perform the following actions: # ibm_cis_ruleset.test will be imported # (config will be generated) resource "ibm_cis_ruleset" "test" { cis_id = "crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::" domain_id = "601b728b86e630c744c81740f72570c3" id = "dcdec3fe0cbe41edac08619503da8de5" ruleset_id = "dcdec3fe0cbe41edac08619503da8de5" rulesets_obj { description = "Updating a zone ruleset" kind = "zone" last_updated = "2024-04-29T06:04:06.58962Z" name = "default" phase = "http_request_firewall_managed" version = "2" rules { categories = [] description = "deploying a managed rule" enabled = true expression = "ip.src ne 1.1.1.2" id = "7787447241554207a18404a1b020fe50" rule_action = "execute" rule_last_updated_at = "2024-04-29T06:04:06.58962Z" rule_logging = {} rule_ref = "efb7b8c949ac4650a09736fc376e9aee" rule_version = "1" action_parameters { id = "efb7b8c949ac4650a09736fc376e9aee" rulesets = [] version = "latest" overrides { action = "block" enabled = true categories { action = "block" category = "wordpress" enabled = true } rules { action = "block" enabled = true ruleset_id = "5de7edfa648c4d6891dc3e7f84534ffa" } } } } } } Plan: 1 to import, 0 to add, 0 to change, 0 to destroy. ╷ │ Warning: Config generation is experimental │ │ Generating configuration during import is currently experimental, and the generated configuration format might change in future versions. ╵ ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Terraform has generated configuration and written it to generated.tf. Please review the configuration and edit it as necessary before adding it to version control. Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.- コマンド
terraform plan -generate-config-out=generated.tfを使用して、リソース構成を生成します。 これらの構成は、generated.tfファイルに追加されます。
- コマンド
-
構成を適用します。
$ terraform apply ibm_cis_ruleset.test: Preparing import... [id=dcdec3fe0cbe41edac08619503da8de5:601b728b86e630c744c81740f72570c3:crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::] ibm_cis_ruleset.test: Refreshing state... [id=dcdec3fe0cbe41edac08619503da8de5:601b728b86e630c744c81740f72570c3:crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::] Terraform will perform the following actions: # ibm_cis_ruleset.test will be imported resource "ibm_cis_ruleset" "test" { cis_id = "crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::" domain_id = "601b728b86e630c744c81740f72570c3" id = "dcdec3fe0cbe41edac08619503da8de5" ruleset_id = "dcdec3fe0cbe41edac08619503da8de5" rulesets_obj { description = "Updating a zone ruleset" kind = "zone" last_updated = "2024-04-29T06:04:06.58962Z" name = "default" phase = "http_request_firewall_managed" version = "2" rules { categories = [] description = "deploying a managed rule" enabled = true expression = "ip.src ne 1.1.1.2" id = "7787447241554207a18404a1b020fe50" rule_action = "execute" rule_last_updated_at = "2024-04-29T06:04:06.58962Z" rule_logging = {} rule_ref = "efb7b8c949ac4650a09736fc376e9aee" rule_version = "1" action_parameters { id = "efb7b8c949ac4650a09736fc376e9aee" rulesets = [] version = "latest" overrides { action = "block" enabled = true categories { action = "block" category = "wordpress" enabled = true } rules { action = "block" enabled = true ruleset_id = "5de7edfa648c4d6891dc3e7f84534ffa" } } } } } } Plan: 1 to import, 0 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes ibm_cis_ruleset.test: Importing... [id=dcdec3fe0cbe41edac08619503da8de5:601b728b86e630c744c81740f72570c3:crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::] ibm_cis_ruleset.test: Import complete [id=dcdec3fe0cbe41edac08619503da8de5:601b728b86e630c744c81740f72570c3:crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::] Apply complete! Resources: 1 imported, 0 added, 0 changed, 0 destroyed. -
生成されたファイルを確認します。以下の例のようになります。
# __generated__ by Terraform # Review these resources and move them into your main configuration files. # __generated__ by Terraform from "dcdec3fe0cbe41edac08619503da8de5:601b728b86e630c744c81740f72570c3:crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::" resource "ibm_cis_ruleset" "test" { cis_id = "crn:v1:staging:public:internet-svcs-ci:global:a/01652b251c3ae2787110a995d8db0135:1a9174b6-0106-417a-844b-c8eb43a72f63::" domain_id = "601b728b86e630c744c81740f72570c3" ruleset_id = "dcdec3fe0cbe41edac08619503da8de5" rulesets_obj { description = "Updating a zone ruleset" kind = "zone" last_updated = "2024-04-29T06:04:06.58962Z" name = "default" phase = "http_request_firewall_managed" ruleset_id = null version = "2" rules { categories = [] description = "deploying a managed rule" enabled = true expression = "ip.src ne 1.1.1.2" id = "7787447241554207a18404a1b020fe50" rule_action = "execute" rule_last_updated_at = "2024-04-29T06:04:06.58962Z" rule_logging = {} rule_ref = "efb7b8c949ac4650a09736fc376e9aee" rule_version = "1" action_parameters { id = "efb7b8c949ac4650a09736fc376e9aee" ruleset = null rulesets = [] version = "latest" overrides { action = "block" enabled = true sensitivity_level = null categories { action = "block" category = "wordpress" enabled = true } rules { action = "block" enabled = true ruleset_id = "5de7edfa648c4d6891dc3e7f84534ffa" sensitivity_level = null } } } } } }