Home > Enterprise >  Terraform - Manipulate local variables
Terraform - Manipulate local variables

Time:03-03

I am trying to setup some aws_ssoadmin_managed_policy_attachments (there will end up being a lot) so ideally I just want to be able to update a local variable and then use for_each to go through said variable and churn out a bunch of resources the other side.

I currently have something like the following:

locals {
    roles = {
        admin = {
           //managed_policy_name = toset(["AdministratorAccess", "AWSSupportAccess"])
           managed_policy_name = "AWSSupportAccess"
           perm_set_name       = "admin"
        }
       auditor = { ...
    }
}

There will be a bunch more roles within this. I use the below to transform it to something more usable by the for_each.

managed_policy_map = [for keys, managed_policy_names in local.roles : {
for managed_policy_name in managed_policy_names :
format("%s-%s", keys, managed_policy_name) => { "managed_policy_name" : managed_policy_name }
}]
perm_set_to_managed_policy_map = merge(local.managed_policy_map...)

Output from this:

a = [{
    "admin-AWSSupportAccess" = {
      "managed_policy_name" = "AWSSupportAccess"
      "perm_set_name" = "admin"
    }
    "admin-admin" = {
      "managed_policy_name" = "admin"
      "perm_set_name" = "admin"
    }
    "auditor-ReadOnlyAccess" = {
      "managed_policy_name" = "ReadOnlyAccess"
      "perm_set_name" = "auditor"
    }
    "auditor-auditor" = {
      "managed_policy_name" = "auditor"
      "perm_set_name" = "auditor"
    }
    "auditor-auditor-permission-set" = {
      "managed_policy_name" = "auditor-permission-set"
      "perm_set_name" = "auditor"
   }
},]

Now, ideally, I would like to use the commented managed_policy_name which uses a list (or set to avoid dupes) //managed_policy_name = toset(["AdministratorAccess", "AWSSupportAccess"]) and cycle through that to end up with something like.

a = [{
    "admin-AdministratorAccess" = {
      "managed_policy_name" = "AdministratorAccess"
      "perm_set_name" = "admin"
    }
    "admin-AWSSupportAccess" = {
      "managed_policy_name" = "AWSSupportAccess"
      "perm_set_name" = "admin"
    }
    "auditor-ReadOnlyAccess" = {
      "managed_policy_name" = "ReadOnlyAccess"
      "perm_set_name" = "auditor"
    } ...

Is this doable? My assumption is that it will be fairly complicated or I'm missing some Terraform function that makes it easy. Any help would be greatly appreciated.

CodePudding user response:

You can simplify your variable structure:

locals {
  roles = {
    admin = toset(["AdministratorAccess", "AWSSupportAccess"])
    auditor = ...
  }
}

and then simplify your for expression:

managed_policy_map = [for role, managed_policy_names in local.roles : {
  for policy in managed_policy_names : "${role}-${policy}" => {
    "managed_policy_name" = policy
    "perm_set_name"       = role
  }
}]

to easily achieve the same output structure with the set type instead of the string type:

[
  {
    "admin-AWSSupportAccess"    = {
      "managed_policy_name" = "AWSSupportAccess"
      "perm_set_name"       = "admin"
    }
    "admin-AdministratorAccess" = {
      "managed_policy_name" = "AdministratorAccess"
      "perm_set_name"       = "admin"
    }
  },
]

I would also recommend simplifying the output structure for easier use in the for_each meta-argument according to the intention stated in the question.

  • Related