Just a quick question to understand whats the best way to use this. To fetch values off "locals" in terraform do i use lookup(local.this) or local.this or example below i got:
locals {
array = {"this" = data.something.output, "this02" = data.something.output }
}
You can reference each declaration within a locals block just as you would a normal variable, but as local.name instead of var.name.
So for your example you could use lookup(local.array,"this","defaultvalue"), or any of the other ways to access a map variable.
Related
I'm trying to tell data.github_ip_ranges to what name to use so I could create a list of CIDRs and my code look cleaner. I was trying to find answers, but no luck so far.
And I'm trying to see if there is a way of passing my variables to it...
variable "git_services" {
default = ["hooks_ipv4", "dependabot_ipv4", "dependabot_ipv6", "git_ipv4", "hooks_ipv6"]
}
locals {
github_ips = concat(data.github_ip_ranges.git.name) # name is my custom variable
}
Here is my original approach
locals {
github_ips = concat(data.github_ip_ranges.git.hooks_ipv4, data.github_ip_ranges.git.hooks_ipv6,
data.github_ip_ranges.git.dependabot_ipv4, data.github_ip_ranges.git.dependabot_ipv6)
}
Please help if you could. Thank you!
I think I understand what you're trying to accomplish. You would do it like so:
variable "git_services" {
default = ["hooks_ipv4", "dependabot_ipv4", "dependabot_ipv6", "git_ipv4", "hooks_ipv6"]
}
locals {
github_ips = distinct(flatten([
for service in var.git_services:
data.github_ip_ranges.git[service]
]))
}
What this is doing is creating a list of lists, where each element in the first level is for a service, and each element in the second level is a CIDR bock for that service. The flatten function turns this list of lists into a flat list of CIDR blocks. Since the same CIDR might be used for multiple services, and we probably don't want duplicates if we're using this for something like security group rules, we use the distinct function to remove any duplicate CIDR blocks.
One of my modules - let it be a - has an output definition as
output "data_table_arn" {
value = aws_dynamodb_table.data_table.*.arn
}
This is accessed one level above in module b
module "b" {
source = "../c"
data_lookup_table_arn = module.a.data_table_arn
The code above makes the variable module.a.data_table_arn accessible to module c through the variable data_lookup_table_arn. And now I am trying to access it in module c in an aws policy document definition
data "aws_iam_policy_document" "dynamo-read-policy-document" {
count = local.one_if_uses_dynamo
statement {
actions = ["dynamodb:GetItem"]
resources = [
var.data_table_arn
]
}
}
The exception I am getting is
Inappropriate value for attribute "resources": element 0: string required.
I want to debug this thing somehow and I cannot find a way to inspect the outputs or the variables defined inside a module. I can list the resources using terraform state list <resource_name> but this is not what I really want to do here.
How can I inspect the variables and outputs of a TF module?
Is this even possible?
Can you see anything faulty with my approach
I though of also using a heredoc instead of a aws_iam_policy_document but I would still need to make use of the output mentioned above - but this time in an interpolation I guess. Is this better or worse? They should be the same thing right?
I'm working to fine-tune some of my Terraform modules, specifically around the google_compute_vpn_tunnel, google_compute_router_interface, and google_compute_router_peer resources. I'd like to make things similar to AWS, where pre-shared keys and tunnel interface IP addresses are randomized by default, but can be overridden by the user (provided they are within a certain range).
The random option is working fine. For example, to create a 20-character random password, I do this:
resource "random_password" "RANDOM_PSK" {
length = 20
special = false
}
But, I only want to use this value if an input variable called vpn_shared_secret was not defined. Seems like this should work:
variable "vpn_shared_secret" {
type = string
default = null
}
locals {
vpn_shared_secret = try(var.vpn_shared_secret, random_password.RANDOM_PSK.result)
}
resource "google_compute_vpn_tunnel" "VPN_TUNNEL" {
shared_secret = local.vpn_shared_secret
}
Instead, it seems to ignore the vpn_shared_secret input variable and just go with the randomly generated one each time.
Is try() the correct way to be doing this? I'm just now learning Terraform if/else and map statements.
How about the coalesce() function?
The coalesce function takes any number of arguments, and returns the first argument that isn't null or an empty string.
locals {
vpn_shared_secret = coalesce(var.vpn_shared_secret, random_password.RANDOM_PSK.result)
}
For example, in variable.tf file we have this code:
variable "variable1" {
type = string
default = "ABC"
}
variable "variable2" {
type = string
default = "DEF"
}
variable "variable3" {
type = string
default = "$var.variable1-$var.variable2"
}
Expected output:
variable3 = ABC-DEF
You can use local instead
locals {
variable3 = var.variable1+"-"+var.variable2
}
and then instead of using var. use local. like this:
resource "example" "example" {
example = local.variable3
}
ref : https://www.terraform.io/docs/configuration/locals.html
Yes, I agree with #Montassar, you can use the local block to create a new expression from the existing resources or the variables. But it should combine the variables like this:
locals {
variable3 = "${var.variable1}-${var.variable2}"
}
And it will look like this:
You can't do this. Docs clearly states:
The default argument requires a literal value and cannot reference other objects in the configuration.
But you could probably use locals for variable3.
To my knowledge what you want is not doable with default.
However you can create variable3 and just not assign it a default value and then in your call set variable3 = var.variable1-var.variable2
Not sure this solves your problem but to my knowledge the way you want to do it, won't work.
Also I would recommend upgrading to v0.12.
In my lambda.tf, I have a data resource
data "template_file" "handler" {
template = "${file("${path.module}/templates/handler.js")}"
vars = {
ENDPOINT = "${var.domain}"
PASSWORD = "${var.password}"
}
}
However - I'm encountering a syntax error:
Error: failed to render : <template_file>:280,49-50: Extra characters after interpolation expression; Expected a closing brace to end the interpolation expression, but found extra characters.
on ../docs/lambda.tf line 1, in data "template_file" "handler":
1: data "template_file" "handler" {
Is interpolation inside an interpolation allowed for Terraform? If so - any suggestions on pointing towards where the error is would be greatly appreciated.
Terraform v0.12.9.
Provider "aws" version "~> 2.7"
Not exactly clear what your template file looks like or what you are trying to do, so here are a couple different answers.
You can escape interpolation with double dollar signs: $${foo} will be rendered as a literal ${foo}.
Terraform does not allow dynamic construction of variable names, because it needs to be able to analyze the configuration statically (that is, without evaluating any expressions) in order to determine which order the expressions must be resolved in.
Terraform supports a map data structure that can be used to achieve this effect.
variable "var1" {
default = "value1"
}
variable "var2" {
default = "value2"
}
locals {
var3 = "${var.var1}_${var.var2}"
values = {
"value1_value2" = "local1"
"value2_value3" = "local2"
"value3_value4" = "local3"
}
}
output "val_output" {
value = "${local.values[local.var3]}"
}
If neither is what you are looking for, you need to share your template file or a modified version that duplicates the error.
The template_file data source continues to exist for users of Terraform 0.11 and earlier, but since you are using a Terraform 0.12 release I'd recommend using the templatefile function instead. Because it's built directly into Terraform, it is able to produce better error messages.
To use it, you can replace your references to data.template_file.handler.rendered with a direct call to templatefile. If you are using that rendered result in multiple locations, you can assign the templatefile result to a local value and reference that in multiple places instead.
templatefile("${path.module}/templates/handler.js", {
ENDPOINT = var.domain
PASSWORD = var.password
})
The error message you saw suggests that there's a syntax error in your template itself, but because template_file is implemented in a separate provider it's reporting that syntax error in an unhelpful way, pointing to a particular source location but not including the relevant source code snippet.
If you use templatefile instead, Terraform can hopefully report this syntax error itself and give better information about it.
Either way, it seems like the syntax error is on line 280 column 49 of your handler.js file and is caused by Terraform's template engine expecting to find the } to close a ${ ... } interpolation sequence but finding something else instead. If you correct that syntax error, template rendering should succeed by either approach.