We run a wacky distributed resource environment here that generally doesn’t let us use our LDAP as an input. As such, I get to do most of this provisioning via a module that creates the requisite team objects, etc. in various services.
In previous iterations, I had the module vars set up as a series of List variables for each role type containing Github repository ids. That worked okay, but was kinda ugly as it also resulted in a count() based set of github_team_repositories per role. In trying to make things more “elegant”, I attempted to convert the set of arrays to a map of arrays and then use a combination of a local variable and a single foreach based github_team_repository.
But it fails with the dreaded “for_each” value error, which baffles me.
Given a variable like:
internal-github-repositories = {
developer = [
module.a_github-repository.id,
]
view = [
module.a_github-repository.id,
]
admin = [
module.a-repository.id,
]
}
my supporting locals
project-roles = [
"admin",
"developer",
"release",
"view",
"deployment",
]
internal-github-repos = toset(distinct(flatten([
for role in local.project-roles: [
for repo in lookup(var.internal-github-repositories, role,[]): "${var.project-name}-internal-${role}:${repo}"
]
])))
and my github_team_repository resource…
resource "github_team_repository" "internal-team" {
for_each = local.internal-github-repos
team_id = lookup(github_team.internal-team, element(split(":", each.key), 0), "" ).id
repository = element(split(":", each.key), 1)
permission = lookup(local.role-to-github-permission,
element(split("-", element(split(":", each.key), 0)), length(split( "-",element(split(":", each.key), 0)))-1),"pull" )
}
The error is tossed against local.pass-internal-github-repos which if you look at it, is a all populated by a module input or a local lookup.
Is this just broken or is there something insanely simple I have missed.
