How to use array as input in terragrunt which accepts only as string in terraform
Describe the bug
we have terraform code for key vault (Azure) in which object Id is string for access policies . but wanted to give as array i.e multiple user id (object id) in single object id.
Steps To Reproduce the issue.
main.tf :
resource "azurerm_key_vault" "example" {
name = "examplekeyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
dynamic "access_policy" {
for_each = var.access_policies
content {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = access_policy.value["object_id"]
secret_permissions = access_policy.value["secret_permissions"]
key_permissions = access_policy.value["key_permissions"]
}
}
}
variables.tf:
variable "access_policies" {
type = set(
object({
object_id = string,
secret_permissions = set(string),
key_permissions = set(string)
})
)
}
keyvault > terragrunt.hcl :
input ={
access_policies = [
{ object_id = "xyz", secret_permissions = ["Get","Set"], key_permissions = ["Get"] },
{ object_id = "abc", secret_permissions = ["Get"], key_permissions = ["Get"] } ]
above code is working fine
Expecting behavior as below ...
i want to keep object id as array and secret permission and key permission in 1 line ...something like below which is not working even if keep object_id = set(string) in variables.tf
{ object_id = ["xyz","abc"], secret_permissions = ["Get","Set"], key_permissions = ["Get"] },
in fact i wanted to keep this object ids as common in global_var.hcl file so that all environment can use have same object_id rather than local terragrunt file.
===================================================================
i tried with set(string) for object id in varaibles.tf file as below , but still issue exist.
ERROR - object_id must be string
variables.tf:
variable "access_policies" {
type = set(
object({
object_id = set(string),
secret_permissions = set(string),
key_permissions = set(string)
})
)
}
I have already tried that , it shows "ERROR - object_id must be string " , it is not accepting in array for object_ID.. i have edited that in question body
To handle multiple object_ids within the constraints of Terraform, you need to use a nested loop approach.
- Thanks @Marko_E, nested loop involves creating a dynamic block for each access policy and then another dynamic block for each
object_idwithin that policy.
Terraform Configuration
variables.tf:
variable "access_policies" {
type = list(
object({
object_ids = list(string),
secret_permissions = list(string),
key_permissions = list(string)
})
)
}
main.tf:
resource "azurerm_key_vault" "example" {
name = "examplekeyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
dynamic "access_policy" {
for_each = flatten([for policy in var.access_policies : [
for object_id in policy.object_ids : {
object_id = object_id
secret_permissions = policy.secret_permissions
key_permissions = policy.key_permissions
}
]])
content {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = access_policy.value["object_id"]
secret_permissions = access_policy.value["secret_permissions"]
key_permissions = access_policy.value["key_permissions"]
}
}
}
global_var.hcl:
access_policies = [
{ object_ids = ["xyz", "abc"], secret_permissions = ["Get", "Set"], key_permissions = ["Get"] }
]
The outer
dynamicblock iterates each policy invar.access_policies. For each policy, the innerdynamicblock iterates eachobject_idin the policy'sobject_ids.This nested structure works on each
object_idindividually within its policy.
Result:
- Terraform unknown provider packages
- What does "~>" mean in terraform required_providers version?
- How to get IP address from of an RDS host?
- How to recreate EC2 instances of an autoscaling group with terraform?
- How to enable "Use for Hive table metadata" in "AWS Glue Data Catalog settings" using Terraform?
- How to use array as input in terragrunt which accepts only as string in terraform
- Unexpected JWT alg received, expected RS256, got: HS256
- terraform tags for list variable not working
- Terraform 13, Validate variable base on the value of another
- How do I reference a resource created from different module in my current module?
- Terraform - GCP - Import project IAM member
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Terraform: Merge two tuples/lists to create a map
- Terraform doesn't allow to use variable when creating resource. How to go around?
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- Terraform outputs 'Error: Variables not allowed' when doing a plan
- Issue with Azure key vault and Azure storage account deployment
- temporary_name_for_rotation must be specified when changing any of the following properties: pod_subnet_id
- Why is TF build failing with "Error refreshing state: HTTP remote state endpoint requires auth"?
- With Gitlab, in the CI/CD pipeline, how can I dynamically create and save SSH key pairs as CI/CD project variables?
- Conditionally add element to existing map
- Parse HCL block into Golang map
- Run an AWS ECS task
- Terraform Error: Error locking state: Error acquiring the state lock: 2 errors occurred:
- Terraform: Error: retrieving static website properties for Storage Account (Subscription: *** : context deadline exceeded
- How to add additional security groups to EKS cluster?
- How to use a blue/green deployment style with CodeDeploy and Auto Scaling Groups that allows for repetitive deployments in Terraform?
- Self referenced Security group inbound rule in AWS RDS terraform?
- How to run this terraform nested for loop?
- Error: Failure when executing a Terraform Resource creation request