0

I need to find a way to specify a for_each resource creation where dynamically I use a specific map AND at the same time, remove an item/key or skip an item in that map.

I currently us the following for_each to specify which map to use for iteration:

for_each = (var.subnet_size == "large" ? var.subnet_map_large : var.subnet_map_small)

at the same time, I need to skip a key when the key is "AppGatewaySubnet" since there I can't apply a network security group.

I found a snippet for that purpose but have no clue how to integrate it with what I have. Here is the snippet:

for_each = { for k in compact([for k, v in var.mymap: v.condition ? k : ""]): k => var.mymap[k] }

It is assumed that the var.mymap has a boolean for the condition like:

variable "mymap" {
    type = map(object({
        attribute = string
        condition = bool
    }))

Perhaps I can state my problem in a different way. I do not know how to create a for_each expression where I accomplish the following pseudo code: for_each {if the var.subnet_size variable is equal to "large", then use the subnet_map_large, otherwise use the subnet_map_small, AND if the value "Add_NSG" is FALSE for any key in the chosen map, then skip that key}

An alternative would be: for_each {if the var.subnet_size variable is equal to "large", then use the subnet_map_large, otherwise use the subnet_map_small, AND if the key is "AppGatewaySubnet" in the chosen map, then skip that key}

Wolfgang
  • 159
  • 1
  • 7
  • 1
    What's wrong with the snippet? Any errors? What is the actual value of `mymap`, not only its type? – Marcin Feb 25 '23 at 00:12
  • There is nothing wrong with the snippet except that I don't know how to combine it with my for_each expression. The mymap which is what the snippet uses and I would have to expand my own map to match is: default = { key1 = { attribute = "value" condition = true } – Wolfgang Feb 25 '23 at 02:05
  • I found that here: https://discuss.hashicorp.com/t/conditionally-create-resources-when-a-for-each-loop-is-involved/20841/2 – Wolfgang Feb 25 '23 at 02:05
  • 1
    It's not clear what's your problem if there is nothing wrong with it. Maybe actually try writing working tf code and provide it as example. – Marcin Feb 25 '23 at 02:47
  • Thank you. Perhaps I can state my problem in a different way. I do not know how to create a for_each expression where I accomplish the following pseudo code: for_each {if the var.subnet_size variable is equal to "large", then use the subnet_map_large, otherwise use the subnet_map_small, AND if the value "Add_NSG" is FALSE for any key in the chosen map, then skip that key} – Wolfgang Feb 25 '23 at 15:24

1 Answers1

1

While I was used to SQL as a declarative language, I found Terraform somewhat unfamiliar. I then just cobbled it together as I would in SQL and voila, it worked. Here is my solution to loop through all keys that are deemed "enabled":

  for_each = {
    for k, v in(var.subnet_size == "large" ? var.subnet_map_large : var.subnet_map_small) : k => v
    if contains(var.nsg_enabled, k)
  }

This is based on the var.nsg_enabled being a list having keys that are the names of subnets where I want a network security group like:

variable "nsg_enabled" {
  type    = list(string)
  default = ["LB-NAT", "Front-Free1", "Front-Free2", "Data", "Free", "Backend", "API"]
}
Wolfgang
  • 159
  • 1
  • 7