Not sure why for loop is being evaluated

Hello ,

i have a template file policy.tpl with below content

%{ if metadata.emr_runtimerole_arn != "" }
    {
      "Sid": "EmrRuntimeroleEc2InstanceProfile",
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole",
        "sts:TagSession",
        "sts:SetSourceIdentity"
      ],
      "Resource": [
          %{ for index,runtime_role in  metadata.emr_runtimerole_arn ~}
            "${runtime_role}"
            %{ if index+1 != length(metadata.emr_runtimerole_arn)}
            ,
            %{ endif }
          %{ endfor ~}
      ]
    },
%{ endif }

#with below variables.tf

variable "metadata" {
  description = "metadata provides an entry point for users to further restrict policies"
  type        = any
  default = {
    "emr_runtimerole_arn"        = []
  }
}

#For some reason the resource block is returning empty value. for loop in resource block is not evaluating. Below is snippet from tf plan

                  + {
                      + Action   = [
                          + "sts:AssumeRole",
                          + "sts:TagSession",
                          + "sts:SetSourceIdentity",
                        ]
                      + Effect   = "Allow"
                      + Resource = [ ]
                      + Sid      = "roleprofile"
                    }

any chance you can help ?

Hi - Welcome to the forum - please reformat your message

thanks , i have formatted as needed. Please let me know if you need anything else.

To me, the output looks as expected - the variable has an empty value:

So it is expected that the for loop looping over it, loops zero times:

All seems in order?

One slightly weird thing, not directly related to your problem - it is really odd that at

you are treating this value as if you expect it to be a string, whereas everywhere else, it is a list to iterate over.

Sorry i may not have been clear. Below is how variables.tf looks

variable "metadata" {
  description = "metadata provides an entry point for users to further restrict policies"
  type        = any
  default = {
    "emr_runtimerole_arn"        = ["arn:aws:iam::account_number:role/abcd/abcd3/rolename"]
  }
}

for below i am trying to evaluate a list with for like above , since its not working i had to use this hack.

%{ if metadata.emr_runtimerole_arn != "" }

hope this clarifies your questions. thanks for helping out.

Sorry, I still don’t understand what you’re trying to do with that.

Also, I think I need to see the bit of Terraform code where you load and make use of the template file.

My sincere apologies @maxb , i wouldn’t be able to share terraform code due to ownership issue. But let me ask a different request. Would you be able to provide me sample code “for loop” in template(similar to policy.tpl) which works for a below variable?

variable "metadata" {
  type        = any
  default = {
    "runtimerole_arn"        = ["arn:aws:iam::account_number:role/abcd/abcd3/rolename"]
  }
}

I don’t think it’ll be possible to help further then.

Totally understand. Would you be able to provide me sample code “for loop” in template(similar to policy.tpl) which works for a below variable?

variable "metadata" {
  type        = any
  default = {
    "runtimerole_arn"        = ["arn:aws:iam::account_number:role/abcd/abcd3/rolename"]
  }
}

@apparentlymart , any chance you can help here ?