How to use array as input in terragrunt which accepts only as string in terraform
Describe the bug
we have terraform code for key vault (Azure) in which object Id is string for access policies . but wanted to give as array i.e multiple user id (object id) in single object id.
Steps To Reproduce the issue.
main.tf :
resource "azurerm_key_vault" "example" {
name = "examplekeyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
dynamic "access_policy" {
for_each = var.access_policies
content {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = access_policy.value["object_id"]
secret_permissions = access_policy.value["secret_permissions"]
key_permissions = access_policy.value["key_permissions"]
}
}
}
variables.tf:
variable "access_policies" {
type = set(
object({
object_id = string,
secret_permissions = set(string),
key_permissions = set(string)
})
)
}
keyvault > terragrunt.hcl :
input ={
access_policies = [
{ object_id = "xyz", secret_permissions = ["Get","Set"], key_permissions = ["Get"] },
{ object_id = "abc", secret_permissions = ["Get"], key_permissions = ["Get"] } ]
above code is working fine
Expecting behavior as below ...
i want to keep object id as array and secret permission and key permission in 1 line ...something like below which is not working even if keep object_id = set(string) in variables.tf
{ object_id = ["xyz","abc"], secret_permissions = ["Get","Set"], key_permissions = ["Get"] },
in fact i wanted to keep this object ids as common in global_var.hcl file so that all environment can use have same object_id rather than local terragrunt file.
===================================================================
i tried with set(string) for object id in varaibles.tf file as below , but still issue exist.
ERROR - object_id must be string
variables.tf:
variable "access_policies" {
type = set(
object({
object_id = set(string),
secret_permissions = set(string),
key_permissions = set(string)
})
)
}
I have already tried that , it shows "ERROR - object_id must be string " , it is not accepting in array for object_ID.. i have edited that in question body
To handle multiple object_ids within the constraints of Terraform, you need to use a nested loop approach.
- Thanks @Marko_E, nested loop involves creating a dynamic block for each access policy and then another dynamic block for each
object_idwithin that policy.
Terraform Configuration
variables.tf:
variable "access_policies" {
type = list(
object({
object_ids = list(string),
secret_permissions = list(string),
key_permissions = list(string)
})
)
}
main.tf:
resource "azurerm_key_vault" "example" {
name = "examplekeyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
dynamic "access_policy" {
for_each = flatten([for policy in var.access_policies : [
for object_id in policy.object_ids : {
object_id = object_id
secret_permissions = policy.secret_permissions
key_permissions = policy.key_permissions
}
]])
content {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = access_policy.value["object_id"]
secret_permissions = access_policy.value["secret_permissions"]
key_permissions = access_policy.value["key_permissions"]
}
}
}
global_var.hcl:
access_policies = [
{ object_ids = ["xyz", "abc"], secret_permissions = ["Get", "Set"], key_permissions = ["Get"] }
]
The outer
dynamicblock iterates each policy invar.access_policies. For each policy, the innerdynamicblock iterates eachobject_idin the policy'sobject_ids.This nested structure works on each
object_idindividually within its policy.
Result:
- Ec2 instance creation using terraform assigns public IP
- Load variable values from the given .tfvars file got an error to many arguments
- Can we create a data source through a file or local variables?
- Error in assigning diff types of maps in a conditional evaluation
- How Errors can be handled in Terraform?
- The provider hashicorp/azurerm does not support resource type "azurerm_resource_group_policy_assignment"
- Terraform Plan Error: Unable to Build Authorizer for Azure Resource Manager API
- Terraform 1.9.8: Variable Validation Condition Always Evaluates True When Referencing Another Variable
- adding extra element to a list in terraform if condition is met
- Springboot lambda on localstack with terraform, docker: Error loading class StreamLambdaHandler: Metaspace","errorType":"java.lang.OutOfMemoryError
- How to organize Terraform modules for multiple environments?
- azurerm_virtual_machine doesn't remove managed storage_os_disk on destroy
- terraform use a dynamic count to get value from a list
- How to compare a variable against two strings?
- Is there an AND/OR conditional operator?
- How to output an input variable?
- In GitHub Actions, how can I run a terraform plan when a PR is opened, and run an apply after the PR is merged?
- Heredoc vs indented heredoc
- How to reuse variable *definitions* in Terraform?
- How to define global variables in terraform?
- Invalid characters in heredoc anchor
- Terraform: Using versioned modules stored in AWS CodeCommit
- Terraform: Error: retrieving static website properties for Storage Account (Subscription: *** : context deadline exceeded
- Terraform Amazon Machine Image script
- Merging maps with variables
- How can I pass credentials in Terraform?
- Access Kudu CLI via Terraform
- Unable to access variables inside a module
- Difference between var="${local.var}" and var=local.var in the context of invoking a module
- How can I remove a resource from terraform state?