Loop for/for_each - Unsuitable value for right operand: a bool is required

Brownie9 · September 15, 2022, 7:44am

Hello,

I need to put Azure groups in other groups based on subscriptions.
I think the problem is because I have && on my local variable. But I don’t know what exactly is needed.

locals {
AssignRoleMember = {for x in csvdecode(file("${path.module}/_AssignRoleMember.csv")) : x.RightGroups_Name => x.Role_Definition_Name && x.Subscription }
 }

resource "azurerm_role_assignment" "Terra-Aad-Role-Assignment-Dev-Con" {
    for_each = local.AssignRoleMember

  scope                = "/subscriptions/${each.value.Subscription}"
  role_definition_name = each.value.Role_Definition_Name
  principal_id         = azuread_group.Terra-Aad-Group-Right[each.key].object_id 
}

The error is as follows:
The subscription ID is not the correct ID. I have hidden it.

│ Error: Invalid operand
│
│   on Variables.tf line 12, in locals:
│   12:   AssignRoleMember = {for x in csvdecode(file("${path.module}/_AssignRoleMember.csv")) : x.RightGroups_Name => x.Role_Definition_Name && x.Subscription }
│     ├────────────────
│     │ x.Subscription is "x0x000xx-0x00-0xxx-0000-0x0xxx00x000"
│
│ Unsuitable value for right operand: a bool is required.

My CSV is like this:
It’s the same subscription ID but it will change in the future for each group type.

RightGroups_Name,Role_Definition_Name,Subscription

con-ins-dev01,Log Analytics Contributor,x0x000xx-0x00-0xxx-0000-0x0xxx00x000

con-ins-rec01,Log Analytics Contributor,x0x000xx-0x00-0xxx-0000-0x0xxx00x000

con-ins-dem01,Log Analytics Contributor,x0x000xx-0x00-0xxx-0000-0x0xxx00x000

con-ins-pre04,Log Analytics Contributor,x0x000xx-0x00-0xxx-0000-0x0xxx00x000

con-ins-pro02,Log Analytics Contributor,x0x000xx-0x00-0xxx-0000-0x0xxx00x000

Thank you.

apparentlymart · September 15, 2022, 10:30pm

Hi @Brownie9,

Terraform is reporting that x.Subscription is not a valid operand for the && operator, because it is "x0x000xx-0x00-0xxx-0000-0x0xxx00x000". The && operator requires either true or false.

To make this work you’ll need to write an expression which evaluates to a boolean result. I can’t make a concrete suggestion because I’m not sure what condition you are trying to implement, but if you can describe in words what you are intending to create, or to give an example of input and expected output, I may be able to show you an expression that can produce that result.

Brownie9 · September 16, 2022, 7:29am

Hello @apparentlymart,

For example, I need to add the Azure role ‘Log Analytics Contributor’ on the first group ‘con-ins-rec01’ on the Azure subscription defined just to the right, on the same line.

The goal is to have all groups with its Azure role as well as the corresponding subscription.
The subscription ID will not be the same depending on the targeted group.

Topic		Replies	Views
Inappropriate value for attribute "members": element 0: string required Terraform hcp-terraform	2	3106	June 28, 2022
Assign Azure AD group to Azure AD role in multiple subscriptions Azure	7	1301	December 30, 2022
For_each & for not tracking resource dependency (0.12.7) Terraform	2	957	September 3, 2019
AD Group Management Example: The "for_each" value depends on resource attributes that cannot be determined until apply Terraform	1	558	September 9, 2022
Error: Inconsistent conditional result types Terraform azure	1	1763	December 25, 2022

Loop for/for_each - Unsuitable value for right operand: a bool is required

Related topics