Possible feature. I am managing secrets using SOPS and Terragrunt. I’d like to create a map in locals / inputs and pass this map to terraform with a bunch of account numbers and have look up pluck out the correct map for the templatefile function.
Is this something that might be possible for a future feature or just something not really possible.
Reasoning is I use maps and for_each for creating resources and make associations to dependencies using lookup and a key name that match outputs from modules. The arch makes it so I don’t have to redefine modules but without the possibility of lookup inside of the templatefile I am forced to redefine a module to pass it a variable with the secrets per instance. (i’d end of with 3 modules instead of 1 in my main.tf - wack)
policy = templatefile("../${path.root}/policies/bucketPolicies/${each.key}.json", lookup( var.accounts, each.value.accounts, "account not found") )
module "bucket-policies" {
source = "../modules/bucketPolicies"
globals = var.globals
bucket-policies = var.bucket-policies
}
variable "bu-bucket-policies" {
type = map
default = {
bu-policy = {
provider = "aws"
bucket = "cbsi-bu-dpt-sftp"
accounts = "bu" <-- look up would use bu to link to secret
}
}
}
(it’s ugly but it works)