Hello, community! Trying to minimize my tf code and using flatten function to be called from module.
# root module
locals {
key_vaults = [
{
kv_name = "my-super-key-vault-1"
secrets = [
{
s_name = "mysecret-key"
s_value = "mysecret-value"
}
]
},
...
{
kv_name = "my-super-key-vault-2"
secrets = []
}
]
group_policies = [
{
object_id = "some_guid"
key_permissions = []
secret_permissions = ["Get", "List"]
}
...
]
# "Combining" local.key_vaults and local.group_policies objects properties
# into complex object:
vaults_and_policies = distinct(flatten([
for vault in local.key_vaults : [
for team in local.group_policies : {
kv_name = vault.kv_name
object_id = team.object_id
key_permissions = team.key_permissions
secret_permissions = team.secret_permissions
}
]
]))
}
module "key_vaults" {
source = "./key_vaults"
location = data.azurerm_resource_group.my_rg.location
resource_group_name = data.azurerm_resource_group.my_rg.name
vaults_and_policies = local.vaults_and_policies
tenant_id = data.azurerm_subscription.current.tenant_id
}
# Output for troubleshotting:
output "vp" {
value = local.vaults_and_policies
}
Child module:
variable "vaults_and_policies" {
type = list(object({
kv_name = string
object_id = string
key_permissions = list(string)
secret_permissions = list(string)
}))
}
# the rest of variables
...
resource "azurerm_key_vault_access_policy" "this" {
for_each = { for i in var.vaults_and_policies :
"${i.kv_name}.${i.object_id}.${i.key_permissions}.${i.secret_permissions}" => i }
// referring to resourceIds. code ommitted for brevity.
key_vault_id = azurerm_key_vault.this[each.value.kv_name].id
object_id = each.value.object_id
tenant_id = var.tenant_id
certificate_permissions = each.value.certificate_permissions
key_permissions = each.value.key_permissions
secret_permissions = each.value.secret_permissions
storage_permissions = each.value.storage_permissions
}
It shows perfect thing I’d like to feed the module:
Changes to Outputs:
+ vp = [
+ {
+ key_permissions = []
+ kv_name = "my-super-key-vault-1"
+ object_id = "some_guid"
+ secret_permissions = [
+ "Get",
+ "List",
]
},
+ {
+ key_permissions = []
+ kv_name = "my-super-key-vault-2"
+ object_id = "some_guid"
+ secret_permissions = [
+ "Get",
+ "List",
]
},
]
terraform plan throws an error:
│ Error: Invalid template interpolation value
│
│ on key_vaults\kv.tf line 42, in resource "azurerm_key_vault_access_policy" "this":
│ 42: "${i.kv_name}.${i.object_id}.${i.key_permissions}.${i.secret_permissions}" => i... }
│ ├────────────────
│ │ i.secret_permissions is list of string with 2 elements
│
│ Cannot include the given value in a string template: string required.
│ Error: Invalid template interpolation value
│
│ on key_vaults\kv.tf line 42, in resource "azurerm_key_vault_access_policy" "this":
│ 42: "${i.kv_name}.${i.object_id}.${i.key_permissions}.${i.secret_permissions}" => i... }
│ ├────────────────
│ │ i.key_permissions is empty list of string
│
│ Cannot include the given value in a string template: string required.
What do I do wrong? Does for expects attributes of the same type?