Team, I am stuck on how to access from a two tier object map in a for_each loop. Output works fine for me with the two tier object map. Here is my example:
Variable Map
variable "policy_local_users" {
default = {
default = {
description = ""
enforce_strong_password = true
force_send_password = false
grace_period = 0
users = {
default = {
enabled = true
password = 1
role = "admin"
}
}
notification_period = 15
organization = "default"
password_expiry = false
password_expiry_duration = 90
password_history = 5
tags = []
}
}
description = <<-EOT
key - Name of the Local User Policy.
1. description - Description to Assign to the Policy.
2. force_send_password - User password will always be sent to endpoint device. If the option is not selected, then user password will be sent to endpoint device for new users and if user password is changed for existing users.
3. grace_period - Time period until when you can use the existing password, after it expires.
4. users - Map of users to add to the local user policy.
key - Username
a. enabled - Enables the user account on the endpoint.
b. password - This is a key to signify the variable "local_user_password_[key]" to be used. i.e. 1 for variable "local_user_password_1".
d. role - The Role to Assign to the User. Valid Options are {admin|readonly|user}.
5. notification_period - The duration after which the password will expire.
6. organization - Name of the Intersight Organization to assign this Policy to.
- https://intersight.com/an/settings/organizations/
7. password_expiry - Enables password expiry on the endpoint.
7. password_expiry_duration - Set time period for password expiration. Value should be greater than notification period and grace period.
8. password_history - Tracks password change history. Specifies in number of instances, that the new password was already used.
9. tags - List of Key/Value Pairs to Assign as Attributes to the Policy.
EOT
type = map(object(
{
description = optional(string)
enforce_strong_password = optional(bool)
force_send_password = optional(bool)
grace_period = optional(number)
users = optional(map(object(
{
enabled = optional(bool)
password = optional(number)
role = optional(string)
}
)))
notification_period = optional(number)
organization = optional(string)
password_expiry = optional(bool)
password_expiry_duration = optional(number)
password_history = optional(number)
tags = optional(list(map(string)))
}
))
}
Here is my output where I can access the information
output "local_users" {
value = { for k, v in local.policy_local_users : k => {
for key, value in v.users : key => {
enabled = value.enabled != null ? value.enabled : true
password = value.password != null ? value.password : 1
organization = v.organization
username = key
}
}
}
}
## Output from a Terraform Plan
Changes to Outputs:
+ local_users = {
+ Asgard_users = {
+ admin = {
+ enabled = true
+ organization = "Asgard"
+ password = 1
+ username = "admin"
}
+ serverops = {
+ enabled = true
+ organization = "Asgard"
+ password = 2
+ username = "serverops"
}
}
}
But I cannot figure out the format to use with a for_each loop to get it to work
Here is my module
module "local_users" {
depends_on = [
local.org_moids,
module.policy_local_users
]
for_each = { for k, v in local.policy_local_users : k =>
{
for user, attributes in v.users : user => attributes
}
}
source = "terraform-cisco-modules/imm/intersight//modules/policies_local_user"
org_moid = "12345"
# org_moid = local.org_moids[each.value.organization].moid
# user_enabled = each.value.enabled
user_password = each.key
# user_password = each.value.password == 1 ? var.local_user_password_1 : each.value.password == 2 ? var.local_user_password_1 : each.value.password == 3 ? var.local_user_password_1 : each.value.password == 4 ? var.local_user_password_1 : var.local_user_password_1
user_policy_moid = module.policy_local_users[each.key].moid
# user_role = each.value.role
username = each.value.user
}
Does Anyone have some guidance or thoughts? I have never done this two tier object map.
And I have tried to read through several threads but not finding any relevant examples.
Thanks in advance.