Terraform nested for_each

0
votes

I'm quite new to Terraform and might be I want too much ... but here is the case this is what I have in my .tfvars (part of)

     st_resources = {
            "steu1edwdas001common" = {
                    st_name_site_region   = "eu1"
                    st_name_application   = "edw"
                    st_name_role          = "das"
                    st_name_seqnr         = "001"
                    st_name_purpose       = "commfs"
...
                    st_kind                      = "StorageV2"
                    st_tier                      = "Premium"
...
                    st_blob_contributor_role_aadgroups = [
                                                          { display_name = "LG_GLB_AzureLZSolutionLeadersAdmin", role = "Storage Blob Data Contributor" }
                                                         ]
    ...
            }
    }

In a template I have this code

module "st_create" {
      for_each = var.resources_st
      source = "../../_modules/general/st_create"
    
      st_name_site_region   = each.value["st_name_site_region"]
      st_name_application   = each.value["st_name_application"]
      st_name_role          = each.value["st_name_role"]
      st_name_seqnr         = each.value["st_name_seqnr"]
      st_name_purpose       = each.value["st_name_purpose"]
    ...
      st_blob_contributor_role_aadgroups = each.value["st_blob_contributor_role_aadgroups"]
    ...
    }

This works fine, but now I would like to create the roles and assign aad groups, so in my pseudo logic i see following steps

So I'm adding

locals {
  st_blob_contributor_role_aadgroups = flatten([
    for st_key, st in var.resources_st : [
      for rbac_key, rbac in st.st_blob_contributor_role_aadgroups : {
        st_key            = st_key
        rbac_key          = rbac_key
        role_display_name = rbac.display_name
        role_role         = rbac.role 
      }
    ]
  ])
}

But I have no idea how to continue. I could do a second module and loop the flattened structure, but will I get in this structure the ID of the storage account ...

Afraid I'm mixing this but can't find a sample representing a bit what I have in mind ....

1
terraformterraform-provider-azure

1 Answers

0
votes

The two main requirements for for_each are:

  • You have a collection with one element per resource instance you want to declare.
  • You can derive some sort of unique string key for each element which will be fully known at planning time.

It seems like your list in locals.st_blob_contributor_roleaadgroups meets these requirements, and so it's suitable to use as the basis for a for_each but will require a little additional transformation to turn this into a map where the unique per-element strings are the keys:

module "example" {
  source = "../../_modules/example"
  for_each = {
    for obj in locals.st_blob_contributor_roleaadgroups : "${obj.st_key}:${obj.rbac_key}" => obj
  }

  # ...
}

Inside this module block you can use each.value to refer to the current object, such as each.value.display_name to get the display name. Each instance of the module will be identified by that concatenation of the st_key and rbac_key attributes, which must be unique because they were originally taken from the keys of two different maps.