Develop Reference

Terraform: Object List Value Has No Attributes

Getting an error on Terraform Plan saying my object has no attributes for the name value. We are deploying about 7 private dns zones and many of them live in the same resource group. some may live in others, but most live in the same one.
Error: Unsupported attribute
on Modules/privatednszone/main.tf line 4, in data "azurerm_resource_group" "this":
name = each.value.name
This value does not have any attributes.
MAIN
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "2.83.0"
}
}
}
provider "azurerm" {
features {}
}
variable "private_dns_zones" {
type = map(object({
dns_zone_name = string
resource_group_name = string
tags = map(string)
vnet_links = list(object({
zone_to_vnet_link_name = string
vnet_name = string
networking_resource_group = string
zone_to_vnet_link_exists = bool
vnet_link_rg_name = string
}))
zone_exists = bool
registration_enabled = bool
}))
description = "Map containing Private DNS Zone Objects"
default = {}
}
data "azurerm_resource_group" "this" {
# read from local variable, index is resource_group_name
for_each = local.rgs_map
name = each.value.name
}
locals {
rgs_map = {
for n in var.private_dns_zones :
n.resource_group_name => {
name = n.resource_group_name
}
}
}
output "rgs_map" {
value = local.rgs_map
}
output "rg_data" {
value = data.azurerm_resource_group.this
}
TFVARS
Code below is a sample of two dns zones, but there are additional ones.
private_dns_zones = {
zone1 = {
dns_zone_name = "privatelink.vaultcore.azure.net"
resource_group_name = "Terraform1"
tags = {
iac = "Terraform"
syntax = "zone1"
}
zone_exists = false
vnet_links = [
{
zone_to_vnet_link_name = "vaultcore-vnet-eastus2-01"
vnet_name = "vnet-eastus2-01"
networking_resource_group = "Terraform1"
zone_to_vnet_link_exists = false
vnet_link_rg_name = "Terraform1"
}
]
registration_enabled = false
},
zone2 = {
dns_zone_name = "privatelink.monitor.azure.com"
resource_group_name = "Terraform1"
tags = {
iac = "Terraform"
syntax = "zone2"
}
zone_exists = false
vnet_links = [
{
zone_to_vnet_link_name = "monitor-vnet-eastus2-01"
vnet_name = "vnet-eastus2-01"
networking_resource_group = "Terraform1"
zone_to_vnet_link_exists = false
vnet_link_rg_name = "Terraform1"
}
]
registration_enabled = false
}
}

You code seems to work fine only if I use different resource group names. As you are using duplicate values of resource group names which is your requirement creating a map "rgs_map" with your code is not possible as it will error out with below :
So , in order to resolve the above error , I used something like below :
locals {
rgs_map = {
for i,n in var.private_dns_zones : "${i}" =>{
name = n.resource_group_name
}
}
}
Complete code:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "2.83.0"
}
}
}
provider "azurerm" {
features {}
}
variable "private_dns_zones" {
type = map(object({
dns_zone_name = string
resource_group_name = string
tags = map(string)
vnet_links = list(object({
zone_to_vnet_link_name = string
vnet_name = string
networking_resource_group = string
zone_to_vnet_link_exists = bool
vnet_link_rg_name = string
}))
zone_exists = bool
registration_enabled = bool
}))
description = "Map containing Private DNS Zone Objects"
default = {}
}
data "azurerm_resource_group" "this" {
# read from local variable, index is resource_group_name
for_each = local.rgs_map
name = each.value.name
}
locals {
rgs_map = {
for i,n in var.private_dns_zones : "${i}" =>{
name = n.resource_group_name
}
}
}
output "rgs_map" {
value = local.rgs_map
}
output "rg_data" {
value = data.azurerm_resource_group.this
}
Output:

Terraform dynamic block missing an argument or block definition

I am attempting to use a dynamic block to define multiple ip_rules and virtual_network exceptions in one resource. For some reason, when I attempt to use a variable as my for_each loop, it says the following errors.
variable "vnet_subnet_ids" {
description = "List of strings that are VNet Subnet IDs to whitelist."
type = list(string)
default = [
"/subscriptions/${subscription_id}/resourceGroups/${rg_name}/providers/Microsoft.Network/virtualNetworks/nonprod-vnet-gp-kubernetes/subnets/pods_pub_subnet_01",
"/subscriptions/${subscription_id}/resourceGroups/${rg_name}/providers/Microsoft.Network/virtualNetworks/nonprod-vnet-gp-kubernetes/subnets/pods_pub_subnet_02",
]
sensitive = false
}
resource "azurerm_container_registry" "devops" {
name = var.acr_name
resource_group_name = var.rg_name
location = var.rg_location
sku = var.acr_sku
admin_enabled = false
georeplication_locations = var.acr_geo_rep_locations
network_rule_set {
default_action = "Deny"
dynamic "ip_rule" {
for_each = [1]
content {
action = "Allow"
ip_range = "xxx.xxx.xxx.xxx/32"
}
}
#dynamic "ip_rule" {
# for_each = var.acr_ip_rules
# content {
# action = "Allow"
# ip_range = ip_rule.value
# }
#}
dynamic "virtual_network" {
for_each = var.vnet_subnet_ids
content {
action = "Allow"
subnet_id = virtual_network.value
}
}
tags = var.company_tags
}
However, I get the following error:
│ Error: Argument or block definition required
│
│ On ../../modules/azure/acr/main.tf line 41: An argument or block definition is required here.
╵
The part with the ip_rule works, but the virtual_network part does not. I do not understand why.

There seems to be an open bug related to this. I can't test this at the moment, but see if this variation works for you:
variable "acr_name" { default = "acr_name" }
variable "rg_location" { default = "rg_location" }
variable "acr_sku" { default = "acr_sku" }
variable "subscription_id" { default = "subscription_id" }
variable "rg_name" { default = "rg_name" }
variable "acr_geo_rep_locations" { default = "acr_geo_rep_locations" }
variable "company_tags" { default = "company_tags" }
variable "acr_ip_rules" { default = ["1", "2"]}
variable "vnet_subnet_ids" { default = ["1", "2"]}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.79.1"
}
}
}
provider "azurerm" {
features {}
}
locals {
allowed_ips = [for ip in var.acr_ip_rules : {
action = "Allow",
ip_range = ip
}]
allowed_virtual_networks = [for sub in var.vnet_subnet_ids : {
action = "Allow",
subnet_id = sub
}]
}
resource "azurerm_container_registry" "devops" {
name = var.acr_name
resource_group_name = var.rg_name
location = var.rg_location
sku = var.acr_sku
admin_enabled = false
georeplication_locations = var.acr_geo_rep_locations
network_rule_set {
default_action = "Deny"
ip_rule = local.allowed_ips
virtual_network = local.allowed_virtual_networks
}
tags = var.company_tags
}

Turns out I'm missing a }. So, I'm on to new errors listed here
https://github.com/hashicorp/terraform/issues/22340

How to use Terraform dynamic block

I am trying to create a azure app gateway using terraform and my code looks like below:
main.tf
# Create Application Gateway
resource "azurerm_application_gateway" "app_gateway" {
name = var.name
resource_group_name = var.appg_name
location = var.appg_location
.
.
.
# backend_address_pool {
# name = var.backend_address_pool_name
# }
dynamic "backend_address_pool" {
for_each = var.backend_pools
content {
name = backend_pools.value["name"]
fqdns = backend_pools.value["fqdns"]
ip_addresses = backend_pools.value["ip_addresses"]
}
}
backend_http_settings {
name = var.http_setting_name
cookie_based_affinity = var.cookie_based_affinity
path = var.backend_http_settings_path
port = var.http_setting_port
protocol = var.http_setting_protocol
request_timeout = var.http_setting_request_time_out_value
}
.
.
.
}
And here's my variables.tf - only backend_pools is mentioned here of all the variables
variable "backend_pools" {
type = list(map(string))
}
And this is my terraform.tfvars
backend_pools = [
{
name = "pool1"
fqdns = "fqdns1"
ip_addresses = "10.0.0.0"
},
{
name = "pool2"
fqdns = "fqdns2"
ip_addresses = "10.0.0.0"
},
{
name = "pool3"
fqdns = "fqdns3"
ip_addresses = "10.0.0.0"
},
]
What I am worried about is, according to the terraform docs it is mentioned that the data types of both fqdns and ip_addresses are list, then how can I change my variables.tf and terraform.tfvars and also main.tf which contain the dynamic block accordingly.
What I want to do is, create multiple backend pools and pass the values using a variable file or is it possible to create a json file with multiple backend pool and pass it to the backend_pools parameter?
Can someone please help me on this?

First, there is a mistake in your Terraform code:
dynamic "backend_address_pool" {
for_each = var.backend_pools
content {
name = backend_pools.value["name"]
fqdns = backend_pools.value["fqdns"]
ip_addresses = backend_pools.value["ip_addresses"]
}
}
When you use the for_each loop, it should be:
dynamic "backend_address_pool" {
for_each = var.backend_pools
content {
name = each.value["name"]
fqdns = each.value["fqdns"]
ip_addresses = each.value["ip_addresses"]
}
}
When you use the list in the for_each loop, you can try to change the type like this:
for_each = toset(var.backend_pools)
But the better way is to use the map, so you can change your variables like this:
backend_pools = {
pool1 = {
fqdns = "fqdns1"
ip_addresses = "10.0.0.0"
},
pool2 = {
fqdns = "fqdns2"
ip_addresses = "10.0.0.0"
},
pool3 = {
fqdns = "fqdns3"
ip_addresses = "10.0.0.0"
}
}
Then your dynamic block will look like this:
dynamic "backend_address_pool" {
for_each = var.backend_pools
content {
name = each.key
fqdns = each.value["fqdns"]
ip_addresses = each.value["ip_addresses"]
}
}

Terraform for_each if value exists in object

I would like to dynamically create some subnets and route tables from a .tfvars file, and then link each subnet to the associated route table if specified.
Here is my .tfvars file:
vnet_spoke_object = {
specialsubnets = {
Subnet_1 = {
name = "test1"
cidr = ["10.0.0.0/28"]
route = "route1"
}
Subnet_2 = {
name = "test2"
cidr = ["10.0.0.16/28"]
route = "route2"
}
Subnet_3 = {
name = "test3"
cidr = ["10.0.0.32/28"]
}
}
}
route_table = {
route1 = {
name = "route1"
disable_bgp_route_propagation = true
route_entries = {
re1 = {
name = "rt-rfc-10-28"
prefix = "10.0.0.0/28"
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = "10.0.0.10"
}
}
}
route2 = {
name = "route2"
disable_bgp_route_propagation = true
route_entries = {
re1 = {
name = "rt-rfc-10-28"
prefix = "10.0.0.16/28"
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = "10.0.0.10"
}
}
}
}
...and here is my build script:
provider "azurerm" {
version = "2.18.0"
features{}
}
variable "ARM_LOCATION" {
default = "uksouth"
}
variable "ARM_SUBSCRIPTION_ID" {
default = "asdf-b31e023c78b8"
}
variable "vnet_spoke_object" {}
variable "route_table" {}
module "names" {
source = "./nbs-azure-naming-standard"
env = "dev"
location = var.ARM_LOCATION
subId = var.ARM_SUBSCRIPTION_ID
}
resource "azurerm_resource_group" "test" {
name = "${module.names.standard["resource-group"]}-vnet"
location = var.ARM_LOCATION
}
resource "azurerm_virtual_network" "test" {
name = "${module.names.standard["virtual-network"]}-test"
location = var.ARM_LOCATION
resource_group_name = azurerm_resource_group.test.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "test" {
for_each = var.vnet_spoke_object.specialsubnets
name = "${module.names.standard["subnet"]}-${each.value.name}"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = each.value.cidr
}
resource "azurerm_route_table" "test" {
for_each = var.route_table
name = "${module.names.standard["route-table"]}-${each.value.name}"
location = var.ARM_LOCATION
resource_group_name = azurerm_resource_group.test.name
disable_bgp_route_propagation = each.value.disable_bgp_route_propagation
dynamic "route" {
for_each = each.value.route_entries
content {
name = route.value.name
address_prefix = route.value.prefix
next_hop_type = route.value.next_hop_type
next_hop_in_ip_address = contains(keys(route.value), "next_hop_in_ip_address") ? route.value.next_hop_in_ip_address: null
}
}
}
That part works fine in creating the vnet/subnet/route resources, but the problem I face is to dynamically link each subnet to the route table listed in the .tfvars. Not all the subnets will have a route table associated with it, thus it will need to only run IF the key/value route is listed.
resource "azurerm_subnet_route_table_association" "test" {
for_each = {
for key, value in var.vnet_spoke_object.specialsubnets:
key => value
if value.route != null
}
lifecycle {
ignore_changes = [
subnet_id
]
}
subnet_id = azurerm_subnet.test[each.key].id
route_table_id = azurerm_route_table.test[each.key].id
}
The error I face with the above code is:
Error: Unsupported attribute
on main.tf line 65, in resource "azurerm_subnet_route_table_association" "test":
65: if value.route != null
This object does not have an attribute named "route".
I have tried various ways with no success, and I'm at a loss here and would appreciate any guidance posisble.

Based on your scenario, I'm guessing vnet_spoke_object in input looks like this:
vnet_spoke_object = {
specialsubnets = {
subnetA = {
cidr = "..."
}
subnetB = {
cidr = "..."
route = "..."
}
}
}
The problem with that is that a missing route entry doesn't resolve to null, it causes a panic or crash. You'd need to write your input like this (with explicit nulls):
vnet_spoke_object = {
specialsubnets = {
subnetA = {
cidr = "..."
route = null
}
subnetB = {
cidr = "..."
route = "..."
}
}
}
Or lookup route by name and provide a null default in your for map generator expression like this:
for_each = {
for key, value in var.vnet_spoke_object.specialsubnets:
key => value
if lookup(value, "route", null) != null
}

Terraform: How to set variables in a module based on a conditional?

I would like to pass a variable that will allow me to specify the list of VPC and subnet settings for an AWS instance. There are fixed VPC and subnet settings that make sense so I just want to allow a user to pick one using a single variable, i.e. use A or B.
For instance, let's say I have two available VPCs, and these are specified in a variables.tf file for a module my_instance:
variable "a_vpc_cidr_block" { default = "105.191.44.0/22" }
variable "a_vpc_id" { default = "id_a"}
variable "a_vpc_name" { default = "vpc_a" }
variable "a_subnet_availability_zone" { default = "us-east-1a" }
variable "a_subnet_cidr_block" { default = "105.191.25.0/25" }
variable "a_subnet_name" { default = "instance_A" }
variable "b_vpc_cidr_block" { default = "105.191.45.0/22" }
variable "b_vpc_id" { default = "id_b"}
variable "b_vpc_name" { default = "vpc_b" }
variable "b_subnet_availability_zone" { default = "us-east-1a" }
variable "b_subnet_cidr_block" { default = "105.191.35.0/25" }
variable "b_subnet_name" { default = "instance_B" }
The my_instance module will take a single input variable that an environment will specify, with a value of either 'A' or 'B' (is there a way to limit options for a variable to a list of values such as options=['A', 'B']?), and will be called like so in the terraform.tf for a Terraform configuration with a single instance:
module "my_instance" {
source = "../../modules/my_instance"
option = "A"
}
I want to now implement some logic within the module's main file (modules/my_instance/my_instance.tf) where it decides on which of the two collections of VPC and subnet settings it should use from the ones in modules/my_instance/variables.tf. I want to something like this (pseudocode):
if var.option == 'A'
vpc_cidr_block = var.a_vpc_cidr_block
vpc_id = var.a_vpc_id
vpc_name = var.a_vpc_name
subnet_availability_zone = var.a_subnet_availability_zone
subnet_cidr_block = var.a_subnet_cidr_block
subnet_name = var.a_subnet_name
else if var.option == 'B'
vpc_cidr_block = var.b_vpc_cidr_block
vpc_id = var.b_vpc_id
vpc_name = var.b_vpc_name
subnet_availability_zone = var.b_subnet_availability_zone
subnet_cidr_block = var.b_subnet_cidr_block
subnet_name = var.b_subnet_name
else
raise an error
# get a data resource identified by the VPC variables
data "aws_vpc" "instance_vpc" {
cidr_block = var.vpc_cidr_block
tags = {
Name = var.vpc_name
}
}
# get a data resource identified by the VPC variables
data "aws_subnet" "instance_subnet" {
vpc_id = var.vpc_id
cidr_block = var.subnet_cidr_block
availability_zone = var.subnet_availability_zone
tags = {
Name = var.subnet_name
}
}
# create an AWS key pair resource
resource "aws_key_pair" "instance_aws_key_pair" {
key_name = "component_key_${terraform.workspace}"
public_key = file("~/.ssh/terraform.pub")
}
# create the AWS EC2 instance
resource "aws_instance" "my_aws_instance" {
key_name = aws_key_pair.instance_aws_key_pair.key_name
ami = "ami-b12345"
instance_type = "t2.micro"
subnet_id = data.aws_subnet.instance_subnet.id
connection {
type = "ssh"
user = "terraform"
private_key = file("~/.ssh/terraform")
host = self.public_ip
}
tags = {
"Name" : "my_instance_name"
"Terraform" : "true"
}
}
Is this a matter of somehow using a count, something like this:
count = var.option == 'A'? 1 : 0
Is there a way to do this, or is there a better approach? I am very new to Terraform so I may be missing something obvious.

You have a couple of questions here.
Firstly, you should be able to use the newer, experimental custom validation rules to assert that a value is in a specific list of values.
Secondly, for determining which set of variables to use, I'd recommend going with a good old map in a local value.
For example,
locals {
vpc_info = {
"A" = {
vpc_cidr_block = var.a_vpc_cidr_block
vpc_id = var.a_vpc_id
vpc_name = var.a_vpc_name
subnet_availability_zone = var.a_subnet_availability_zone
subnet_cidr_block = var.a_subnet_cidr_block
subnet_name = var.a_subnet_name
}
"B" = {
vpc_cidr_block = var.b_vpc_cidr_block
vpc_id = var.b_vpc_id
vpc_name = var.b_vpc_name
subnet_availability_zone = var.b_subnet_availability_zone
subnet_cidr_block = var.b_subnet_cidr_block
subnet_name = var.b_subnet_name
}
}
}
Then you should be able to reference a specific field, within the chose option like the following
local.vpc_info[var.option].vpc_name
Let me know if this hits all your questions.