How to make nested loops?

anthonhassel · August 29, 2023, 2:33pm

Hello!

Please see the following .tfvars file and resources.

resolver_config = {
  primary = {
    name             = "resolver-we",
    location         = "westeurope",
    vnetID           = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hub-rg/providers/Microsoft.Network/virtualNetworks/vnet1"
    inboundSubnetId  = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hub-rg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/dnsInboundSubnet",
    outboundSubnetId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hub-rg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/dnsOutboundSubnet"
  },
  secondary = {
    name             = "resolver-sc",
    location         = "swedencentral",
    vnetID           = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hub-rg/providers/Microsoft.Network/virtualNetworks/vnet2"
    inboundSubnetId  = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hub-rg/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/dnsInboundSubnet",
    outboundSubnetId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hub-rg/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/dnsOutboundSubnet"
  },
}

dnszones = [
  "privatelink.azure-automation.net",
  "privatelink.database.windows.net",
  "privatelink.sql.azuresynapse.net",
  "privatelink.dev.azuresynapse.net"
]

# Creating DNS zones from file 
resource "azurerm_private_dns_zone" "DNS_private_dns_zone" {
  for_each            = toset(var.dnszones)
  name                = each.key
  resource_group_name = azurerm_resource_group.dnszones_rg.name
}

# Creating virtual network link to DNS zones
resource "azurerm_private_dns_zone_virtual_network_link" "Vnet-dnszone-link" {
  for_each              = toset(var.dnszones)
  name                  = var.dns_zone_vnet_link_name
  resource_group_name   = azurerm_resource_group.dnszones_rg.name
  private_dns_zone_name = each.value
  virtual_network_id    = var.resolver_config.value.vnetID[each.key]
}

How can I make so that the Azure Private DNS Zones are deployed once and attached to each vnetID that is specified in the resolver_config variable?

mifalowo · December 5, 2023, 5:12am

Hi @anthonhassel, The first thing I would do here is a create a locals with a nested loop as shown below.

locals {
  dns_zone_virtual_network_links = flatten(
    [for val in var.dnszones :
      [for x, y in var.resolver_config :
        {
          dnszone        = val
          key                 = x
          name             = y.name
          location         = y.location
          vnetID           = y.vnetID
          inboundSubnetId  = y.inboundSubnetId
          outboundSubnetId = y.outboundSubnetId
        }
      ]
    ]
  )
}

Then rewrite the resource block for azurerm_private_dns_zone_virtual_network_link using the nested loop from the locals ‘’'for each dnszones, create a link to each of the vnet object in the resolver_config.

resource "azurerm_private_dns_zone_virtual_network_link" "Vnet-dnszone-link" {
  for_each = {
    for link in local.dns_zone_virtual_network_links : "${link.dnszone}|${link.name}" => link
  }
  name                  = var.dns_zone_vnet_link_name
  resource_group_name   = azurerm_resource_group.dnszones_rg.name
  private_dns_zone_name = each.value.dnszone
  virtual_network_id    = each.value.vnetID
}

I hope this helps.