5

I am trying to use a variable list of objects to define the value's type and defaults, and use that in a dynamic block. I know there is an experimental feature, but just wondering how I would do this without the experimental feature?

variables.rf

variable "identity" {
  type = list(object({
    type = string
    identity_ids = list(string)
  }))
  default = [
    {
      type = null
      identity_ids = null
    }
  ]
}

main.tf

resource "azurerm_cognitive_account" "azure" {
  # Required
  name                = var.name
  location            = var.location
  resource_group_name = var.resource_group_name
  kind                = var.kind
  sku_name            = var.sku_name

  dynamic "identity" {
    for_each = var.identity
    content {
      type         = identity.value.type
      identity_ids = identity.value.identity_ids
    }
  }
}

Use as a module

module "cognitive_account" {
  source                = "../modules/cognitive-account"
  name                  = "name"
  location              = "Australia East"
  resource_group_name   = module.rg.name
  kind                  = "TextAnalytics"
  sku_name              = "S"
  custom_subdomain_name = "unique-name"


  identity = [{
    type = "SystemAssigned"
  }]
}

Using that code gives me an error:

│ Error: Invalid value for module argument
│
│   on main.tf line 66, in module "cognitive_account":
│   66:   identity = [{
│   67:     type = "SystemAssigned"
│   68:   }]
│
│ The given value is not suitable for child module variable "identity" defined at .terraform\modules\cognitive_account\variables.tf:123,1-20: element 0:
│ attribute "identity_ids" is required.

I am not sure how to deal with omitting identity_ids from the object block, I thought the default being null would take care of it.

Improve this question
1
  • Dynamic blocks are not experimental. So not sure what do you mean? Commented Oct 9, 2021 at 0:09

2 Answers 2

Reset to default
7

@marcin, thanks for the tip, a bit more work was required to get this working:

variables.tf

variable "identity" {
  type = any
  description = <<EOT
    type = Specifies the type of Managed Service Identity that should be configured on the Cognitive Account. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned (to enable both).
    identity_ids = A list of IDs for User Assigned Managed Identity resources to be assigned.
  EOT
  default = null
}

main.tf

resource "azurerm_cognitive_account" "azure" {
  # Required
  name                = var.name
  location            = var.location
  resource_group_name = var.resource_group_name
  kind                = var.kind
  sku_name            = var.sku_name

  dynamic "identity" {
    for_each = var.identity == null ? [] : [true]
    content {
      type         = lookup(var.identity, "type", null)
      identity_ids = lookup(var.identity, "identity_ids", null)
    }
  }
}

use the module

module "cognitive_account" {
  source                = "../modules/cognitive-account"
  name                  = "name"
  location              = "Australia East"
  resource_group_name   = module.rg.name
  kind                  = "TextAnalytics"
  sku_name              = "S"
  custom_subdomain_name = "unique-name"

  identity = {
    type = "SystemAssigned"
  }
}

Now the identity block is omitted when not provided, and each object in the identity variable can be used without needing to specify all values.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The error is not because of dynamic blocks, but because your identity is:

  type = list(object({
    type = string
    identity_ids = list(string)
  }))

This means that identity_ids is required, yet when you are using your module, you are not providing it:

  identity = [{
    type = "SystemAssigned"
  }]

You have to explicitly provide the identity_ids:

  identity = [{
    type = "SystemAssigned"
    identity_ids = ["somevalue1", "somevalue2"]
  }]
Improve this answer

2 Comments

Yes I know I have to provide it, is there anything I can do to omit that object without using the experimental feature from terraform.io/docs/language/expressions/…?
@philthy If you don't want it enforced nor use experminetal features, then don't specify your type in identity.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.