How to remove trailing comma in a for loop

First let me say that this may not be the best way to do this, if not, please let me know. I’ve tried “all the things” and seem to run into an issue with each one.
Here’s the current var.

variable "containerRepositories" {
  type = list(object({
    url = string
    username = string
    password = string
  }))
  default = []
  description = "A list of Docker container repositories"
}

With an example usage of

containerRepositories = [
    {
      url = "devops-docker-dev.artifactory.metro.ad.selinc.com"
      username = "svc_devops"
      password = "<redacted>"
    },
    {
      url = "devops-docker-prod.artifactory.metro.ad.selinc.com"
      username = "svc_devops"
      password = "<redacted>"
    }
  ]

and here’s the code to create a docker container registry secret

resource "rancher2_secret" "container-repositories" {
  name = "container-repositories"
  description = "List of container repository auths used to store Docker images, usually in Artifactory"
  project_id = var.rancherProject
  namespace_id = rancher2_namespace.jenkins-namespace.id
  # Using a heredoc becuase you can't pass a complex object to a template
  data = {
    "config.json" = base64encode(<<EOT
{
  "auths": {
    %{ for auth in var.containerRepositories }
    "${auth.url}": {
      "username": "${auth.username}",
      "password": "${auth.password}"
    },
    %{ endfor }
  }
}
EOT
      )
  }
}

The problem with the above code is that we end up with a trailing comma.
Example result:

{
  "auths": {
    
    "devops-docker-dev.artifactory.metro.ad.selinc.com": {
      "username": "svc_devops",
      "password": "RTZ68!8tWB/6xW:42wkV"
    },
    
    "devops-docker-prod.artifactory.metro.ad.selinc.com": {
      "username": "svc_devops",
      "password": "RTZ68!8tWB/6xW:42wkV"
    },
    
  }
}

See the last },
That trailing comma is causing Kaniko to fail logging into the docker registry with this error

error checking push permissions 
-- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: 
checking push permission for "devops-docker-dev.artifactory.metro.ad.selinc.com/performancetest/api:2aae9bf": 
resolving authorization for devops-docker-dev.artifactory.metro.ad.selinc.com failed: 
/kaniko/.docker/config.json: invalid character '}' looking for beginning of object key string

When I remove the trailing comma manually from the k8s secret it works.
So far no luck finding a solution.
Any help finding a solution would be greatly appreciated.

Hi @dsargent3220,

This seems like a good time to use the jsonencode function, so it can be Terraform’s job to generate valid JSON rather than trying to get it right using string concatenation.

  data = {
    "config.json" = base64encode(jsonencode({
      auths = {
        for auth in var.containerRepositories : auth.url => {
          username = auth.username
          password = auth.password
        }
      }
    }))
  }

jsonencode takes a Terraform language value and produces a JSON string based on it, so the above uses a normal for expression to generate the mapping from URLs to username/password objects, rather than a template for, and leaves the jsonencode function to turn the result into a valid JSON object.

Oh nice! The Jsonencode example in the docs makes a lot more sense now.
That works beautifully! Thank you again!