Home > Enterprise >  terraform variable type for list of maps
terraform variable type for list of maps

Time:11-28

Creating a terraform code for aws secrets creation and I am not sure which variable type I should use.

Which variable type should I use in this example?

main.tf contains this to feed

data "vault_generic_secret" "aws_secrets" {
  for_each = var.aws_secrets

  path = each.value.vault_path
}

resource "aws_secretsmanager_secret_version" "aws_secrets" {
  for_each      = var.aws_secrets
  secret_id     = aws_secretsmanager_secret.aws_secrets.id
  secret_string = jsonencode(data.vault_generic_secret.aws_secrets[each.value.vault_field])
}
aws_secrets = [
  {
    aws_secret_id = "foo"
    vault_path    = "/path1"
    vault_field   = "foo"
  },
  {  
    aws_secret_id = "bar"
    vault_path    = "/path2"
    vault_field   = "bar"
  }
]

which should be right for variables.tf?

this

variable "aws_secrets" {
  type = list(
    object({
      aws_secret_id = string,
      vault_path    = string,
      vault_field   = string,
    })
  )
  default = []
}

With this, I get this error

The given "for_each" argument value is unsuitable: the "for_each" argument must be a map, or set of strings, and you have provided a value of type list of object.

or

with this

aws_secrets = {
  object = {
    aws_secret_id = "foo"
    vault_path    = "/path1"
    vault_field   = "foo"
  },
  {  
    aws_secret_id = "bar"
    vault_path    = "/path2"
    vault_field   = "bar"
  }
}
variable "aws_secrets" {
  type = map(
    object({
      aws_secret_id = string,
      vault_path    = string,
      vault_field   = string,
    })
  )
  default = {}
}

This seems better, but I get another issue that I can't explain exactly here. I want to clarify which variable type before progressing further in either direction.

CodePudding user response:

You can convert your list of maps, to a map of maps as follows:

 for_each = {for idx, val in var.aws_secrets: idx => val}

otherwise change your variable to a map of maps:

aws_secrets = {
  "foo" = {
    aws_secret_id = "foo"
    vault_path    = "/path1"
    vault_field   = "foo"
  },
  "bar" = {  
    aws_secret_id = "bar"
    vault_path    = "/path2"
    vault_field   = "bar"
  }
}
  • Related