Not able to pass inputs as array to Terraform
Using the below code, I am able to pass object id as array in terraform but not able to pass from Terragrunt input file and I have the following error .
cloud - Azure , service - Key vault
Main.tf
dynamic "access_policy" {
for_each = toset(flatten([
for policy in var.access_policies : [
for object_id in policy.object_id : {
object_id = object_id
secret_permissions = policy.secret_permissions
key_permissions = policy.key_permissions } ] ]))
content {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = access_policy.value.object_id
secret_permissions = access_policy.value.secret_permissions
key_permissions = access_policy.value.key_permissions } }
variable "access_policies" {
type = set(object({
object_id = set(string),
secret_permissions = set(string),
key_permissions = set(string) }))
terragrunt.hcl
inputs = {
access_policies = [ { object_id = ["xyz", "abc"], secret_permissions = ["Get", "Set"], key_permissions = ["Get"] }
{ object_id = include.env.locals.env_vars.locals.object_id1, secret_permissions = ["Get"], key_permissions = ["Get"] } ] }
env.hcl
locals
{ object_id1 = toset(["3db"]) }
current error:
Planning failed. Terraform encountered an error while generating this plan.
350│ Error: Invalid value for input variable
351│
352│ on variables.tf line 28:
353│ 28: variable "access_policies" {
354│
355│ Unsuitable value for var.access_policies set using the
356│ TF_VAR_access_policies environment variable: element 0: attribute
357│ "object_id": string required.
I have not defined TF_VAR_access_policies anywhere in my code..
Expected Behavior:
To Pass array value from input file of terragrunt to terraform .
Solution
Passing inputs as array to Terraform from Terragrunt file
The blocker you're facing is because of the way you define object_ids in each policy where it requires to be set of strings but the way you're defining is different i.e., the format or type of the input doesn't match what Terraform expects.
To overcome this I have a sample configuration which matches your requirement.
main.tf:
provider "azurerm" {
features {}
}
data "azurerm_client_config" "current" {}
resource "azurerm_key_vault" "example" {
name = "vksbbkeyvault"
location = "West US2"
resource_group_name = "vinay-rg"
tenant_id = data.azurerm_client_config.current.tenant_id
sku_name = "standard"
dynamic "access_policy" {
for_each = toset(flatten([
for policy in var.access_policies : [
for object_id in policy.object_id : {
object_id = object_id
secret_permissions = policy.secret_permissions
key_permissions = policy.key_permissions
}
]
]))
content {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = access_policy.value.object_id
secret_permissions = access_policy.value.secret_permissions
key_permissions = access_policy.value.key_permissions
}
}
}
variable "access_policies" {
type = set(object({
object_id = set(string)
secret_permissions = set(string)
key_permissions = set(string)
}))
}
terragrunt.hcl:
terraform {
source = "./"
}
inputs = {
access_policies = [
{
object_id = ["1xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx1", "2xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx2"]
secret_permissions = ["Get", "Set"]
key_permissions = ["Get"]
},
{
object_id = ["3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx3"]
secret_permissions = ["Get"]
key_permissions = ["Get"]
}
]
}
deployment:
Reference:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault
https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks
https://developer.hashicorp.com/terraform/tutorials/configuration-language/locals
- How to Start postgres.exe and Change Postgres Account on an Azure Virtual Machine Using Terraform
- AWS Terraform Multiple deployments to single apigateway stage
- AWS Batch: Activating Previous Revisions marked as inactive
- How can I invalidate AWS CloudFront Distribution cache using Terraform?
- Terraform version error when deploying to AWS through jenkins?
- Unable to push image to ACR from terraform - could not get auth config (the credentialhelper did not work or was not found):
- Create kubernetes secret for docker registry - Terraform
- Lambda layer's contents don’t match the S3 object after deploying with Terraform
- how to refer to resources created with for_each in terraform
- How can we create same resource in multiple terraform providers?
- what is the privilege of the Postgres user created by gcp
- Why does terraformer not find plugin?
- How are data sources used in Terraform?
- Terraform docker_image Resource Fails With "invalid response status 403"
- Terraform Deployment of ECS Targets Failing
- Terraform retrieve existing aws_vpc object by id
- How to create a module for gitlab_user_runner and use the token every time a new runner is created in root
- What is the meaning of "authoritative" and "Non-authoritative" for GCP IAM bindings/members
- Azurerm: KeyVault Nested Item should contain 2 or 3 segments, got 10
- How can we split a terraform module into multiple modules
- Automate express route circuit gateway based on express route circuit provision status
- How to subdivide CIDR subnet in Terraform with cidrsubnet Function?
- Terraform AWS EKS add or edit nodes user_data
- Tofu/Terraform Docker provider error: failed to read downloaded context: failed to load cache key: Get "http://build-context-xxx": context not found
- Terraform AWS OpenSearch using Cognito module circular problem
- With Terraform, when using resource `aws_iam_access_key` and output to retrieve the secret key the result retrieved is "tostring(null)"
- Invalid template interpolation value
- Create cloudwatch scheduled expression based on a variable - expected expression but found "*"
- Concatenate a string with a variable
- Variables within variables