I am trying to use for_each iterate through couple of list in a conditional manner.
If environment is dev => loop through listA and assign role to all management groups in listA
If environment is production => loop through listB and assign role to all management groups in listB
variable "environment" {
default = "dev"
}
locals {
management_groups = [
"/providers/Microsoft.Management/managementGroups/one",
"/providers/Microsoft.Management/managementGroups/two"
]
management_groups_aux = [
"/providers/Microsoft.Management/managementGroups/three",
"/providers/Microsoft.Management/managementGroups/four"
]
}
resource "azurerm_resource_group" "this" {
name = "myrg"
location = "West Europe"
}
resource "azurerm_user_assigned_identity" "this" {
name = "myuai"
resource_group_name = azurerm_resource_group.this.name
location = azurerm_resource_group.this.location
}
resource "azurerm_role_assignment" "dev" {
for_each = lower(var.environment) == "dev" ? toset(local.management_groups) : {}
scope = each.value
role_definition_name = "Reader"
principal_id = resource.azurerm_user_assigned_identity.this.principal_id
}
resource "azurerm_role_assignment" "production" {
for_each = lower(var.environment) == "production" ? toset(local.management_groups_aux) : {}
scope = each.value
role_definition_name = "Reader"
principal_id = resource.azurerm_user_assigned_identity.this.principal_id
}
Error: Inconsistent conditional result types
on main.tf line 327, in resource "azurerm_role_assignment" "production":
327: for_each = lower(var.environment) == "production" ? toset(local.management_groups_aux) : {}
>! >! │ ├────────────────
local.management_groups_aux is tuple with 2 elements
var.environment will be known only after apply
The true and false result expressions must have consistent types. The given expressions are set of string and object, respectively.