Inappropriate value for attribute "members": element 0: string required

omkarsrcm · June 27, 2022, 2:24pm

Hello Everyone,
I am facing following issue.
Below is are my main.tf,variable.tf,terraform.tfvars.json

main.tf

resource "azuredevops_group" "azuredevops_group_creation" {
  for_each = toset(var.azureGroupName)
  display_name = each.value
  scope = "455a47fd-9688-409d-b6f7"
  description = "These group managed by terraform"
}
resource "azuredevops_group_membership" "membership" {
  group = azuredevops_group.azuredevops_group_creation[each.key].descriptor
  for_each = var.azureUsrDetails
  members = [each.value]
}

variable.tf

variable "azureGroupName" {
  type = list
}
variable "azureUsrDetails" {
  type = map
}

terraform.tfvars.json

{
  "azureGroupName": [
    "keystone",
    "waf",
    "cs"
  ],
  "azureUsrDetails": {
    "keystone": {
      "aad.YjI4MTE1ZGEtN2Y1Mi03ZWNlLWIxY": "om.k@testing",
      "aad.ZWYwODk4MzItZThjMS03MmJkLTg": "kal.v@testing"
    },
    "waf": {
      "aad.ZWYwODk4MzItZThjMS03MmJkaa": "kal.v@testing"
    }
  }
}

When i do terraform apply i get following error

MacBook-Pro testing-2 % terraform plan
│ Error: Incorrect attribute value type
│ on main.tf line 10, in resource "azuredevops_group_membership" "membership":
│ 10: members = [each.value]
│ ├───────────────
│ │ each.value is map of string with 1 element
│ Inappropriate value for attribute "members": element 0: string required.
│ Error: Incorrect attribute value type
│ on main.tf line 10, in resource "azuredevops_group_membership" "membership":

│ 10: members = [each.value]

│ ├────────────────

│ │ each.value is map of string with 2 elements
│ Inappropriate value for attribute "members": element 0: string required

I know i am making a mistake,I am not able to properly fetch map values
In terraform.tfvars.json…azureUsrDetails is list–under it we have dir and then maps.Some how i am not sure, how to fetch it correctly.

{
  "azureGroupName": [
    "keystone",
    "waf",
    "cs"
  ],
  "azureUsrDetails": {
    "keystone": {
      "aad.YjI4MTE1ZGEtN2Y1Mi03ZWNlLWIxY": "om.k@testing",
      "aad.ZWYwODk4MzItZThjMS03MmJkLTg": "kal.v@testing"
    },
    "waf": {
      "aad.ZWYwODk4MzItZThjMS03MmJkaa": "kal.v@testing"
    }
  }
}

Requesting for help

maxb · June 27, 2022, 6:20pm

I think you mean something more like

  members = [for a, b in each.value: a]

perhaps?

But I don’t know much at all about Azure, so that might not be entirely right. Hopefully a nudge in the right direction, anyway.

cregkly · June 28, 2022, 4:51am

You need to do a little bit of map manipulation to get it into a form the resource can use.

So I just took everything from this as it has all the information already, assuming you have users in all the groups. I am also assuming you want a list of the aad entries, not the user principal names.

locals {
  groups = {
    for groupname, details in var.azureUsrDetails :
    groupname => [for user_id, users in details : user_id]
  }
}

Checking in the terraform console gives this:

> local.groups
{
  "keystone" = [
    "aad.YjI4MTE1ZGEtN2Y1Mi03ZWNlLWIxY",
    "aad.ZWYwODk4MzItZThjMS03MmJkLTg",
  ]
  "waf" = [
    "aad.ZWYwODk4MzItZThjMS03MmJkaa",
  ]
}

So you code will look something like this. I can’t actually test it so there might be something that needs tweaking.

resource "azuredevops_group" "azuredevops_group_creation" {
  for_each     = local.groups
  display_name = each.key
  scope        = "455a47fd-9688-409d-b6f7"
  description  = "These group managed by terraform"
}
resource "azuredevops_group_membership" "membership" {
  for_each   = local.groups
  group      = azuredevops_group.azuredevops_group_creation[each.key].descriptor
  members    = each.value
}

If you really want to use the azureGroupname you can, but it is essentially redundant so I would try to get rid of it and just use one map.