"for_each" argument value is unsuitable "for_each" argument must be a map, or set of strings and provided a value of type tuple

Krishg · May 26, 2023, 9:17pm

here is my code

variables

variable "definition_list" {
  type = map(object({
    policy_number  = string
    policy_file    = string
    display_effect = string
    severity       = string
    env            = string
  }))
}

Terragrunt inputs section will relace the values in the map

  inputs = {
    definition_list = [
    = {
      policy_number = "Policy1"
      policy_file = "policy1.definition.json"
      display_effect = "Deny"
      env = "B"
      severity = "Critical"
    }
 {
      policy_number = "Policy2"
      policy_file = "policy2.json"
      display_effect = "Allow"
      env = "B"
      severity = "Critical"
    }
]
  }

locals {
  policy_list= flatten([
    for key, value in var.definition_list : {
      policy_number  = value.policy_number
      policy_file    = jsondecode(file(value.policy_file)) #json file input from the terragrunt inputs
      display_effect = value.display_effect 
      severity       = value.severity       
      env            = value.env
    }
  ])
}

in my policy definition, i added the values like this

resource "azurerm_policy_definition" "definition" {
  for_each     = local.policy_list
  name         = each.value.policy_number
  display_name = each.value.policy_file.properties.displayName
  policy_type  = each.value.policy_file.properties.policyType
  mode         = each.value.policy_file.properties.mode
  metadata     = jsonencode(each.value.policy_file.properties.metadata)
  parameters   = jsonencode(each.value.policy_file.properties.parameters)
  policy_rule  = jsonencode(each.value.policy_file.properties.policyRule)
}

My requirement is, get the inputs from policy_def.hcl file, apply the values in the policy definition, in the HCL list of inputs, there is a json file, which i will load from the code and parse the data along with terragrunt HCL file inputs.

While i am running the terragrunt run, getting the below error.

   on definitions.tf line 7, in resource "azurerm_policy_definition" "definition":
│    7:   for_each     = local.policy_definitions
│     ├────────────────
│     │ local.policy_definitions is tuple with 2 elements
│
│ The given "for_each" argument value is unsuitable: the "for_each" argument
│ must be a map, or set of strings, and you have provided a value of type
│ tuple.

can some one help me to fix this problem.

maxb · May 26, 2023, 9:22pm

Welcome to the forum - please reformat your message … and also, the code you have pasted, seems to not match the line of code visible in the error message you pasted?

Krishg · May 26, 2023, 9:23pm

Thanks for quick response, but that is the code currently i am having.

Since it is through terragrunt, common values are replaced by terragrunt hcl file

maxb · May 26, 2023, 9:24pm

Doesn’t look terragrunt related to me?

Krishg · May 26, 2023, 9:26pm

local.policy_definitions is the correct work, i used it at both local and for_each sections. Updated the code accordingly. in the Terragrunt hcl file we will manually upload the policies which will be loaded to definition_list variables

maxb · May 27, 2023, 8:14am

Your problem is that you’re trying to feed a data structure that looks something like this to for_each:

[
    {
      policy_number = "Policy1"
      policy_file = "... file contents ..."
      display_effect = "Deny"
      env = "B"
      severity = "Critical"
    },
    ... more items ...
]

and this is in no way the right shape for for_each.

As the error message says:

Ironically, your input variable:

Krishg:

variable "definition_list" {
  type = map(object({
    policy_number  = string
    policy_file    = string
    display_effect = string
    severity       = string
    env            = string
  }))
}

is already suitable for for_each, being a map.

For clarity, it’s not a good idea to name variables something_list when they’re not actually lists!

You simply need to keep it as a map when you load the policy file contents:

locals {
  definitions = {
    for key, value in var.definition_list : key => {
      policy_number  = value.policy_number
      policy_file    = jsondecode(file(value.policy_file))
      display_effect = value.display_effect 
      severity       = value.severity       
      env            = value.env
    }
  }
}

Krishg · May 27, 2023, 1:11pm

Thanks for your response,

I got the following error “Key expression is not valid when building a tuple” when i have added key to locals.

maxb · May 27, 2023, 1:15pm

Copy what I wrote exactly, without changing some of the { } to [ ].