For Each with conditions, and referencing

unity-unity · January 14, 2021, 6:00am

Hello, I’ve a resource kms I moved from count to for_each however I can not manage some moments:

toset function doesn’t working, the types should be identical, I don’t know how to convert

Could someone please assist on this

Here is the main.tf

resource "aws_kms_key"   "global"    {
   for_each                  = toset( var.create_keys ?  { for keys in var.parameters : keys.name => keys } : [] ) < Problem
   is_enabled                = var.create_keys
   
   policy                    = data.template_file.key_service.rendered
   key_usage                 = lookup(each.value, "usage",       "" )
   description               = lookup(each.value, "description", "" )
   enable_key_rotation       = lookup(each.value, "rotation", false )
   deletion_window_in_days   = lookup(each.value, "lifetime",    "" )
   customer_master_key_spec  = lookup(each.value, "customer",    "" )

   lifecycle { 
       create_before_destroy  = false
       ignore_changes         = [ policy ]
   }

   tags = var.tags
}

Variables as well

variable "parameters"                {
   description = "The parameters of key(s)"
   type        = list(map(string))
   default     = null
}

variable "create_keys"               {
   description = "Condition to create key"
   type        = bool
   default     = true
}

tbugfinder · January 14, 2021, 7:13pm

I’m wondering if a simple if could do it.

for_each = { for keys in var.parameters : keys.name => keys  if var.create_keys == true }

unity-unity · January 14, 2021, 7:47pm

@tbugfinder, You’re my saviour, thank you so much, I really really appreciated again your help.
I’m sorry, but is it possible to ask one more question, if you don’t mind? Or it is better to create another topic?

tbugfinder · January 14, 2021, 7:55pm

well, if it’s different then a new topic might make sense.

unity-unity · January 14, 2021, 8:23pm

@tbugfinder, Actually is not a different, I’ve moved also my vpc from count to for_each with you help. But now I can not grep the main_route_table_id to tag it with aws_ec2_tag resource.

tbugfinder · January 14, 2021, 9:02pm

Hm, would need a code snippet.

unity-unity · January 15, 2021, 8:12am

Hello, @tbugfinder Sorry for late response, let me show you

resource "aws_ec2_tag" "local_route_table"         {
   for_each                  = local.tags
   depends_on                = [ aws_vpc.network ]
   resource_id               = data.aws_route_table.selected.id
   key                       = each.key
   value                     = each.value

   lifecycle {
       create_before_destroy = true
       ignore_changes        = [ resource_id ]
   }
}

Before, I moved from count to for_each the resource_id were working with:

aws_vpc.network[0].main_route_table_id

After when it starts to complain I tried with data source

data "aws_route_table" "selected" {
  route_table_id = aws_vpc.network[0].main_route_table_id
}

data "aws_route_table" "selected" {
  vpc_id = aws_vpc.network[0].id
}

Nothing is working, it says that my network is empty tuple

unity-unity · January 15, 2021, 8:59am

@tbugfinder I’ve found a solution, thank you again