Error: 'threat_detection_policy' : attribute supports 1 item maximum, config has 2 declared

0
votes

Expected Behaviour

I'm trying to enable 'threat detection policy' and send alerts to a list of email address

Actual Behaviour

throws error (see Error output)

Error Output

Error: threat_detection_policy: attribute supports 1 item maximum, config has 2 declared

  on ..\mysql-module-test\example-location\main.tf line 20, in resource "azurerm_mysql_server" "instance":
  20: resource "azurerm_mysql_server" "instance" {

Terraform (and AzureRM Provider) Version

Affected Resource(s)

  • azurerm_v2.41.0
  • terraform v0.13.0

Terraform Configuration Files

Main.tf

resource "azurerm_mysql_server" "instance" {
  name                = "${var.names.product_name}-${var.names.environment}-${var.server_id}"
  location            = var.location
  resource_group_name = var.resource_group_name
  tags                = var.tags

  administrator_login          = local.administrator_login
  administrator_login_password = local.administrator_password

  sku_name   = var.sku_name
  storage_mb = var.storage_mb
  version    = var.mysql_version

  auto_grow_enabled                 = (var.create_mode == "Replica" ? true : var.auto_grow_enabled)
  backup_retention_days             = var.backup_retention_days
  geo_redundant_backup_enabled      = var.geo_redundant_backup_enabled
  infrastructure_encryption_enabled = var.infrastructure_encryption_enabled
  public_network_access_enabled     = (((length(var.service_endpoints) > 0) || (length(var.access_list) > 0)) ? true : false)
  ssl_enforcement_enabled           = var.ssl_enforcement_enabled
  ssl_minimal_tls_version_enforced  = var.ssl_enforcement_enabled ? "TLS1_2" : "TLSEnforcementDisabled"

  create_mode               = var.create_mode
  creation_source_server_id = (var.create_mode == "Replica" ? var.creation_source_server_id : null)

  dynamic "threat_detection_policy" {  # Error: threat_detection_policy: attribute supports 1 item maximum, config has 2 declared
    for_each = (var.threat_detection_policy != null ? var.threat_detection_policy : null)
    content {
      enabled         = var.threat_detection_policy.enable_threat_detection_policy
      email_addresses = var.threat_detection_policy.threat_detection_email_addresses
    }
  }
}

Variables.tf

# Advanced threat protection policy settings
variable "threat_detection_policy" {
  description = "Threat detection policy configuration.  If not input, threat detection will be disabled."
  type = object({
    enable_threat_detection_policy   = bool
    threat_detection_email_addresses = list(string)
  })
  default = null
}

Module call

# advanced threat protection policy
  threat_detection_policy = {
    enable_threat_detection_policy   = true
    threat_detection_email_addresses = ["[email protected]", "[email protected]"]
  }

Error Output

Error: threat_detection_policy: attribute supports 1 item maximum, config has 2 declared

  on ..\mysql-module-test\example-location\main.tf line 20, in resource "azurerm_mysql_server" "instance":
  20: resource "azurerm_mysql_server" "instance" {
1
databaseazureterraformterraform-provider-azureterraform0.12+

1 Answers

2
votes

When you use for_each on a map (or object) Terraform is iterating over the keys. So it is attempting to create two threat_detection_policy blocks for the keys enable_threat_detection_policy and threat_detection_email_addresses.

Dynamic blocks don't really make sense for your scenario, since the azurerm_mysql_server resource can only have a single threat_detection_policy block. A configuration like this may work:

threat_detection_policy {
  enabled          = var.threat_detection_policy != null
  email_addresses  = var.threat_detection_policy != null ? var.threat_detection_policy.threat_detection_email_addresses  : []
}