I am looking for a solution here on Terraform for creating role assignment and selecting the principal ids based on region.. If I am running the code to china, the variable should be "local.principal_ids_cn" and if global, then it has to be "local.principal_ids".. I do have a env variable where the geo will be set based on cluster-name.. so "if geo = cn use local.principal_ids_cn, else use local.principal_ids" How can this be incorporated in terraform?
This is my input file:
"applications" : [
{
"principal_id" : "00000000-000000-global-000000000000",
"principal_id_cn" : "00000000-000000-china-000000000000",
}
]
}
My resource block looks like this:
locals {
# get json
role_data = jsondecode(file(var.inputfile))
principal_ids = distinct([for principal in local.role_data.applications : principal.principal_id])
principal_ids_cn = distinct([for principal_cn in local.role_data.applications : principal.principal_id_cn])
}
data "azurerm_subscription" "primary" {}
resource "azurerm_role_assignment" "custom" {
for_each = toset(local.principal_ids)
scope = data.azurerm_subscription.primary.id
role_definition_name = var.custom_role
principal_id = each.key
}
resource "azurerm_role_assignment" "builtin" {
for_each = toset(local.principal_ids)
scope = data.azurerm_subscription.primary.id
role_definition_name = var.builtin_role
principal_id = each.key
}
variables.tf:
variable "custom_role" {
type = string
description = "custom role"
default = "READER"
}
variable "builtin_role" {
type = string
description = "builtin role"
default = "My_built_in_role"
}
If there is a possibility to switch over the local variables based on the regions(china and global)? Any suggestions ate ideas how this can be achieved?
CodePudding user response:
You can use conditional expression in Terraform to implement the logic "if geo = cn use local.principal_ids_cn, else use local.principal_ids"
Terraform code for your resource block:
locals {
# get json
role_data = jsondecode(file(var.inputfile))
principal_ids = distinct([for principal in local.role_data.applications : principal.principal_id])
principal_ids_cn = distinct([for principal_cn in local.role_data.applications : principal.principal_id_cn])
principal = (var.geo == "cn" ? local.principal_ids_cn : local.principal_ids)
}
data "azurerm_subscription" "primary" {}
resource "azurerm_role_assignment" "custom" {
for_each = toset(local.principal_ids)
scope = data.azurerm_subscription.primary.id
role_definition_name = var.custom_role
principal_id = each.key
}
resource "azurerm_role_assignment" "builtin" {
for_each = toset(local.principal_ids)
scope = data.azurerm_subscription.primary.id
role_definition_name = var.builtin_role
principal_id = each.key
}
https://www.terraform.io/docs/language/expressions/conditionals.html