I am creating an Azure App service using Terraform. I need to set app_settings while creating app service where I get key and value as input.
I have the below input variable for app_settings.
variable:
app_settings = toset([“cpe-china-tenant-id”, “cpe-automation-tenant-id”, “test”])
TF module:
data "azurerm_key_vault" "cpe_akv" {
name = "cpe"
resource_group_name = "cpe-secrets"
}
data "azurerm_key_vault_secret" "cpe_akv" {
name = each.value
key_vault_id = data.azurerm_key_vault.cpe_akv.id
for_each = var.app_settings
}
resource "azurerm_app_service" "app_service" {
name = "${var.name}-${var.env}-app-service"
location = var.region
resource_group_name = var.rg_name
app_service_plan_id = azurerm_app_service_plan.app_service_plan.id
site_config {
linux_fx_version = "Docker|${var.docker_registry_server_url}/${var.docker_image_name}:${var.docker_image_tag}"
always_on = "true"
}
enabled = true
app_settings = {
test = data.azurerm_key_vault_secret.cpe_akv["test"].value
AZURE_CHINA_TENANT = data.azurerm_key_vault_secret.cpe_akv["cpe-china-tenant-id"].value
AZURE_GLOBAL_TENANT = data.azurerm_key_vault_secret.cpe_akv["cpe-automation-tenant-id"].value
}
identity {
type = "SystemAssigned"
}
tags = var.tags
}
This works, but when I use for each to set app_settings in app_service as below. But I don’t want to hard-code keys under app_settings. so my input changes to
variable:
app_settings = {
"test" = "test"
"AZURE_CHINA_TENANT" = "cpe-china-tenant-id"
"AZURE_GLOBAL_TENANT" = "cpe-automation-tenant-id"
}
TF module:
resource "azurerm_app_service" "app_service" {
name = "${var.name}-${var.env}-app-service"
location = var.region
resource_group_name = var.rg_name
app_service_plan_id = azurerm_app_service_plan.app_service_plan.id
site_config {
linux_fx_version = "Docker|${var.docker_registry_server_url}/${var.docker_image_name}:${var.docker_image_tag}"
always_on = "true"
}
enabled = true
for_each = var.app_settings
app_settings = {
(each.key) = data.azurerm_key_vault_secret.cpe_akv[each.value].value
}
identity {
type = "SystemAssigned"
}
tags = var.tags
}
When I run terraform plan, I get the below error.
│ Error: Invalid index
│
│ on app-service/app-service.tf line 60, in resource "azurerm_app_service" "app_service":
│ 60: (each.key) = data.azurerm_key_vault_secret.cpe_akv[each.value].value
│ ├────────────────
│ │ data.azurerm_key_vault_secret.cpe_akv is object with 3 attributes
│ │ each.value is "cpe-automation-tenant-id"
│
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│
│ on app-service/app-service.tf line 60, in resource "azurerm_app_service" "app_service":
│ 60: (each.key) = data.azurerm_key_vault_secret.cpe_akv[each.value].value
│ ├────────────────
│ │ data.azurerm_key_vault_secret.cpe_akv is object with 3 attributes
│ │ each.value is "cpe-china-tenant-id"
│
│ The given key does not identify an element in this collection value.
╵
It only fails for two though, I have 3 key-values pairs because for one I have same value for both key and value. So it works. I want it work with different values for key and value.
I have tried something like this as well.
(each.key) = data.azurerm_key_vault_secret.cpe_akv[each.key][each.value].value
but then I get this error.
on app-service/app-service.tf line 60, in resource "azurerm_app_service" "app_service":
│ 60: (each.key) = data.azurerm_key_vault_secret.cpe_akv[each.key][each.value].value
│ ├────────────────
│ │ data.azurerm_key_vault_secret.cpe_akv is object with 3 attributes
│ │ each.key is "test"
│ │ each.value is "test"
│
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
When I move for_each block inside app_settings, it throws an error saying “The “each” object can be used only in “module” or “resource” blocks, and only when the “for_each” argument is set.” because for_each is treated as a key-value pair inside app_settings.
app_settings = {
ENABLE_CORS = true
for_each = var.app_settings
(each.key) = data.azurerm_key_vault_secret.cpe_akv[each.value].value