Creating a terraform code for aws secrets creation and I am not sure which variable type I should use.
Which variable type should I use in this example?
main.tf contains this to feed
data "vault_generic_secret" "aws_secrets" {
for_each = var.aws_secrets
path = each.value.vault_path
}
resource "aws_secretsmanager_secret_version" "aws_secrets" {
for_each = var.aws_secrets
secret_id = aws_secretsmanager_secret.aws_secrets.id
secret_string = jsonencode(data.vault_generic_secret.aws_secrets[each.value.vault_field])
}
aws_secrets = [
{
aws_secret_id = "foo"
vault_path = "/path1"
vault_field = "foo"
},
{
aws_secret_id = "bar"
vault_path = "/path2"
vault_field = "bar"
}
]
which should be right for variables.tf?
this
variable "aws_secrets" {
type = list(
object({
aws_secret_id = string,
vault_path = string,
vault_field = string,
})
)
default = []
}
With this, I get this error
The given "for_each" argument value is unsuitable: the "for_each" argument must be a map, or set of strings, and you have provided a value of type list of object.
or
with this
aws_secrets = {
object = {
aws_secret_id = "foo"
vault_path = "/path1"
vault_field = "foo"
},
{
aws_secret_id = "bar"
vault_path = "/path2"
vault_field = "bar"
}
}
variable "aws_secrets" {
type = map(
object({
aws_secret_id = string,
vault_path = string,
vault_field = string,
})
)
default = {}
}
This seems better, but I get another issue that I can't explain exactly here. I want to clarify which variable type before progressing further in either direction.
CodePudding user response:
You can convert your list of maps, to a map of maps as follows:
for_each = {for idx, val in var.aws_secrets: idx => val}
otherwise change your variable to a map of maps:
aws_secrets = {
"foo" = {
aws_secret_id = "foo"
vault_path = "/path1"
vault_field = "foo"
},
"bar" = {
aws_secret_id = "bar"
vault_path = "/path2"
vault_field = "bar"
}
}