Covert terraform custom variable to some specific format issue-CodePudding

The below is the custom variable that will use for specific AWS resource creation

INPUT Variable:

VAR = {
        "commonPolicy" = [
            "DenyRootUser",
            "denyIamAccessKeyCreation"
        ]
        "extraPolicy" = [
            "denyGlobalService",
            "denyBillingModify"
        ]
}

The interpolation/modification method i am using below to modify the value using Terraform console.

Method:

> { for i,j in var.VAR  : "${i}" =>  [ for k in j : "file('policies/${k}.json')}" ] }

Through this method i am able to get this value when i parse value from specific key:

Like this:

> { for i,j in var.VAR  : "${i}" =>  [ for k in j : "file('policies/${k}.json')}" ] }["commonPolicy"]

OUTPUT:

[
  "file('policies/DenyRootUser.json')}",
  "file('policies/denyIamAccessKeyCreation.json')}",
]

But the following value i want from interpolation method

Expected Output:

[
  file("policies/DenyRootUser.json")},
  file("policies/denyIamAccessKeyCreation.json")},
]

NOTE:

The difference between output & expected output is that i want list of values without doube quotes.
under file function, the location/path should be under double quotes.

CodePudding user response：

You can use it as below which will yield the result as follows:

locals {
    a = ["a.json","b.json"]
    test = [for i in local.a: file("${i}")]
}


data "aws_iam_policy_document" "b" {
  source_policy_documents =  local.test
}


terraform  console

> data.aws_iam_policy_document.b.json
<<EOT
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "*"
    },
    {
      "Sid": "UniqueSidOne",
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    },
    {
      "Sid": "UniqueSidTwo",
      "Effect": "Allow",
      "Action": "iam:*",
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "lambda:*",
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "ec3:*",
      "Resource": "*"
    },
    {
      "Sid": "uu",
      "Effect": "Allow",
      "Action": "s4:*",
      "Resource": "*"
    },
    {
      "Sid": "rr",
      "Effect": "Allow",
      "Action": "iamm:*",
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "scp:*",
      "Resource": "*"
    }
  ]
}
EOT

Is this the expected output?

CodePudding user response：

[SOLVED] I resolved this issue by using below method.

Directory Structure:

.
├── main.tf
└── policies
    ├── denyIamAccessKeyCreation.json
    └── denyRootUser.json

Method:

main.tf

VAR = {
        "commonPolicy" = [
            "DenyRootUser",
            "denyIamAccessKeyCreation"
        ]
        "extraPolicy" = [
            "denyGlobalService",
            "denyBillingModify"
        ]
}

locals {
  local_policy_list = { for i,j in local.VAR  : "${i}" =>  [ for k in j : file("policies/${k}.json") ] }
}

data "aws_iam_policy_document" "b" {
  for_each = local.test
  source_policy_documents =  each.value
}

The above local_policy_list variable collect file input and created a list under specific map variable.

Terraform console:

> data.aws_iam_policy_document.b["commonPolicy"].json
> data.aws_iam_policy_document.b["extraPolicy"].json

As i am getting the expected output but the resultant is similar to the aws_iam_policy_document data variable source_policy_documents requirement.

Example:

<<EOT
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyRootUser",
      "Effect": "Deny",
      "Action": "*",
      "Resource": "*",
      "Condition": {
        "StringLike": {
          "aws:PrincipalArn": [
            "arn:aws:iam::*:root"
          ]
        }
      }
    }
  ]
}
EOT