I'm trying to create a list of maps from my list of subnet names so I've created the following:
created a variable named subnet_names of type list of strings
created a null resource block to create a list of maps from this list, like this:
resource "null_resource" "subnet_mapping" {
count = "${length(var.subnet_names)}"
triggers = {
name = "${element(var.subnet_names, count.index)}"
number = "${count.index}"
}
}
if I only execute this block I have my list of maps correctly but when I try to use this list of maps with a dynamic block this is not working.
resource "azurerm_virtual_network" "virtual_network" {
address_space = "${var.cidr_network_range}"
location = "${var.location}"
name = "${var.virtual_network_resource_name}"
resource_group_name = "${var.resource_group_name}"
count = "${length(var.subnet_names)}"
dynamic "subnet"{
for_each = [for s in null_resource.subnet_mapping: {
name = s.name
prefix = cidrsubnet(element(var.cidr_network_range, 0),8 ,s.number)
}]
content {
name = subnet.value.name
address_prefix = subnet.value.prefix
}
}
depends_on = [null_resource.subnet_mapping]
}
resource "null_resource" "subnet_mapping" {
count = "${length(var.subnet_names)}"
triggers = {
name = "${element(var.subnet_names, count.index)}"
number = "${count.index}"
}
}
resource "azurerm_resource_group" "virtual_network_group" {
location = "${var.location}"
name = "${var.resource_group_name}"
}
it should be valid, but I still don't have the output of the null_resource so it fails
dynamic "subnet"{
for_each = [for s in null_resource.subnet_mapping: {
name = s.name
prefix = cidrsubnet(element(var.cidr_network_range, 0),8 ,s.number)
}]
content {
name = subnet.value.name
address_prefix = subnet.value.prefix
}
}
depends_on = [null_resource.subnet_mapping]
}
my error message:
Error: Unsupported attribute
on main.tf line 10, in resource "azurerm_virtual_network" "virtual_network":
10: name = s.name
This object does not have an attribute named "name".
Error: Unsupported attribute
on main.tf line 10, in resource "azurerm_virtual_network" "virtual_network":
10: name = s.name
This object does not have an attribute named "name".
Error: Unsupported attribute
on main.tf line 10, in resource "azurerm_virtual_network" "virtual_network":
10: name = s.name
This object does not have an attribute named "name".
Error: Unsupported attribute
on main.tf line 10, in resource "azurerm_virtual_network" "virtual_network":
10: name = s.name
This object does not have an attribute named "name".
Error: Unsupported attribute
on main.tf line 11, in resource "azurerm_virtual_network" "virtual_network":
11: prefix = cidrsubnet(element(var.cidr_network_range, 0),8 ,s.number)
This object does not have an attribute named "number".
Error: Unsupported attribute
on main.tf line 11, in resource "azurerm_virtual_network" "virtual_network":
11: prefix = cidrsubnet(element(var.cidr_network_range, 0),8 ,s.number)
This object does not have an attribute named "number".
Error: Unsupported attribute
on main.tf line 11, in resource "azurerm_virtual_network" "virtual_network":
11: prefix = cidrsubnet(element(var.cidr_network_range, 0),8 ,s.number)
This object does not have an attribute named "number".
Error: Unsupported attribute
on main.tf line 11, in resource "azurerm_virtual_network" "virtual_network":
11: prefix = cidrsubnet(element(var.cidr_network_range, 0),8 ,s.number)
This object does not have an attribute named "number".
From the message, I'm not clear how many Vnets do you want to create, because your code is a little confusing. For your issue with the null_resource, I don't think it's a good choice, I recommend the locals.
Here I assume you only want to create one Vnet with serial subnets and use a list to store the names of the subnets, then the example core code below:
locals {
subnets = [for sname in var.subnet_names: {
name = sname
# the index begin from 0, so you need to add 1
number = index(var.subnet_names, sname) + 1
}]
}
resource "azurerm_virtual_network" "virtual_network" {
address_space = "${var.cidr_network_range}"
location = "${var.location}"
name = "${var.virtual_network_resource_name}"
resource_group_name = "${var.resource_group_name}"
dynamic "subnet"{
for_each = [for s in local.subnets: {
name = s.name
prefix = cidrsubnet(var.cidr_network_range, 8 , s.number)
}]
content {
name = subnet.value.name
address_prefix = subnet.value.prefix
}
}
}
I solved this way, I've created a variable named
variable "subnets" {
type = list(map(string))
description = "A list of maps of names and network addresses bits for subnets that will be created inside this network (this is parallel to subnet_prefixes array)."
}
resource "azurerm_virtual_network" "virtual_network" {
address_space = var.cidr_network_range
location = var.location
name = var.virtual_network_resource_name
resource_group_name = var.resource_group_name
dynamic "subnet"{
for_each = [for subnet in var.subnets: {
name = subnet.name
prefix = cidrsubnet(element(var.cidr_network_range, 0),8 ,subnet.number)
}]
content {
name = subnet.value.name
address_prefix = subnet.value.prefix
}
}
}
resource "azurerm_resource_group" "virtual_network_group" {
location = var.location
name = var.resource_group_name
}
This way I already created the map, I would like to have created it automatically as I posted before but it seems to not be very common in terraform way.
In Charles Xu example the mapping will be created based on a sequence (1,2,3) and I would like to use it always in different ways like (21, 24, 26)
So the only solution I could find was to force the map before.
Anyway, thank you everyone
Related
I'm trying to deploy two subnets with different ip prefixes and different names and not create too much repeated code. I'm not sure how to approach it best. I tried the below but its not working. My terraform version is 0.14.11 so I think some of what I am doing below might be outdated
My main.tf in root module
module "deploy_subnet" {
source = "./modules/azure_subnet"
subscription_id = var.subscription_id
resource_group_name = var.resource_group_name
region = var.region
vnet_name = var.vnet_name
count_subnets = "${length(var.subnet_prefix)}"
subnet_name = "${lookup(element(var.subnet_prefix, count.index), "name")}"
address_prefix = "${lookup(element(var.subnet_prefix, count.index), "ip")}"
}
My variables.tf in root module (only pasting relevant part)
variable "subnet_prefix" {
type = "list"
default = [
{
ip = "10.0.1.0/24"
name = "aks-sn"
},
{
ip = "10.0.2.0/24"
name = "postgres-sn"
}
]
}
My main.tf in my child module folder
resource "azurerm_subnet" "obc_subnet" {
name = var.subnet_name
count = var.count_subnet
resource_group_name = var.resource_group_name
virtual_network_name = var.vnet_name
address_prefixes = var.address_prefix
}
My variables.tf in my child module folder (only relevant part)
variable "subnet_name" {
description = "Subnet Name"
}
variable "count_subnet" {
description = "count"
}
variable "address_prefix" {
description = "IP Address prefix"
}
I get the error below
Reference to "count" in non-counted context
on main.tf line 8, in module "deploy_subnet":
8: subnet_name = "${lookup(element(var.subnet_prefix, count.index),"name")}"
The "count" object can only be used in "module", "resource", and "data"
blocks, and only when the "count" argument is set
Reference to "count" in non-counted context
on main.tf line 9, in module "deploy_subnet":
9: address_prefix = "${lookup(element(var.subnet_prefix, count.index), "ip")}"
The "count" object can only be used in "module", "resource", and "data"
blocks, and only when the "count" argument is set.
It is exactly what it says. In the root module you try to reference a count.index but there is nothing being counted. All you do is pass a variable to the child module.
You should just pass subnet prefix to the child module, and in the child module set the count to the length of it, and reference count.index for the values of address_prefix and name
Alternatively, and probably more elegant you might look into for_each and each.value
I have a module which has a variable defined using for_each, and its output is as below:
output "nic_ids" {
value = [for x in azurerm_network_interface.nic : x.id]
}
nic_ids = [
"/subscriptions/*****/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/test-nic-1",
"/subscriptions/*****/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/test-nic-2",
]
My aim is to pass above NIC ids to the VM module and have 1:1 mapping between NIC id and VM (test-nic-1 should only be attached to vm-1, test-nic-2 to vm-2 etc.)
module "vm" {
source = "*****/vm/azurerm"
version = "0.1.0"
vms = var.vms
nic_ids = module.nic[each.value.id].nic_ids
}
I am getting below error:
Error: each.value cannot be used in this context
on main.tf line 58, in module "vm":
58: nic_ids = module.nic[each.value.id].nic_ids
A reference to "each.value" has been used in a context in which it
unavailable, such as when the configuration no longer contains the value in
its "for_each" expression. Remove this reference to each.value in your
configuration to work around this error.
I used this similar question as reference.
Can you please suggest?
You could pass the above NIC id list to the VM modules with the count.
module "vm" {
source = "./modules/vms"
vm_names = ["aaa","bbb"]
nic_ids = module.nic.network_interface_nics
}
module "nic" {
source = "./modules/nic"
nic_names = ["nic1","nic2"]
}
the main.tf in the VM module:
resource "azurerm_virtual_machine" "vm-windows" {
count = length(var.vm_names)
name = var.vm_names[count.index]
resource_group_name = data.azurerm_resource_group.vm.name
location = var.location
vm_size = var.vm_size
network_interface_ids = [ var.nic_ids[count.index] ]
...
}
The output.tf in the NIC module:
output "network_interface_nics" {
description = "ids of the vm nics provisoned."
value = [for x in azurerm_network_interface.nic : x.id]
}
I am new to HCL and Terraform and have having issues with associating a security group and a backend address pool to the network interface. I am creating 2 network interfaces in a single network interface block:
#Create network interface for 2 VMs
resource "azurerm_network_interface" "FrontNetworkInterface" {
count = 2
name = "niFront${count.index}"
location = azurerm_resource_group.PWSDevResourceGroup.location
resource_group_name = azurerm_resource_group.PWSDevResourceGroup.name
ip_configuration {
name = "ipconfFrontVM"
subnet_id = azurerm_subnet.PWSDevSubnet.id
private_ip_address_allocation = "dynamic"
}
}
I have tried associating in various ways that have produced different errors:
ATTEMPT 1:
#Connect security group to the network interface
resource "azurerm_network_interface_security_group_association" "PWSDevSecurityGroupAssoc" {
network_interface_id = azurerm_network_interface.FrontNetworkInterface.id
network_security_group_id = azurerm_network_security_group.PWSDevSecurityGroup.id
}
#Connect 2 backend ips to the load balancer
resource "azurerm_network_interface_backend_address_pool_association" "BackendIPAssoc" {
network_interface_id = azurerm_network_interface.FrontNetworkInterface.id
ip_configuration_name = "bipa"
backend_address_pool_id = azurerm_lb_backend_address_pool.BackendIpPool.id
}
ERRORS:
Error: Missing resource instance key
on front.tf line 85, in resource "azurerm_network_interface_security_group_association" "PWSDevSecurityGroupAssoc":
85: network_interface_id = azurerm_network_interface.FrontNetworkInterface.id
Because azurerm_network_interface.FrontNetworkInterface has "count" set, its
attributes must be accessed on specific instances.
For example, to correlate with indices of a referring resource, use:
azurerm_network_interface.FrontNetworkInterface[count.index]
Error: Missing resource instance key
on front.tf line 91, in resource "azurerm_network_interface_backend_address_pool_association" "BackendIPAssoc":
91: network_interface_id = azurerm_network_interface.FrontNetworkInterface.id
Because azurerm_network_interface.FrontNetworkInterface has "count" set, its
attributes must be accessed on specific instances.
For example, to correlate with indices of a referring resource, use:
azurerm_network_interface.FrontNetworkInterface[count.index]
ATTEMPT 2/3/4 (Using "[count.index]", "[count.index].id", or "[element(azurerm_network_interface.FrontNetworkInterface.*.id, count.index)]" as described in the previous error):
#Connect security group to the network interface
resource "azurerm_network_interface_security_group_association" "PWSDevSecurityGroupAssoc" {
network_interface_id = azurerm_network_interface.FrontNetworkInterface[count.index]
network_security_group_id = azurerm_network_security_group.PWSDevSecurityGroup.id
}
#Connect 2 backend ips to the load balancer
resource "azurerm_network_interface_backend_address_pool_association" "BackendIPAssoc" {
network_interface_id = azurerm_network_interface.FrontNetworkInterface[count.index]
ip_configuration_name = "bipa"
backend_address_pool_id = azurerm_lb_backend_address_pool.BackendIpPool.id
}
ERROR (Same result for [count.index].id and [element(azurerm_network_interface.FrontNetworkInterface.*.id, count.index)]):
Error: Reference to "count" in non-counted context
on front.tf line 85, in resource "azurerm_network_interface_security_group_association" "PWSDevSecurityGroupAssoc":
85: network_interface_id = azurerm_network_interface.FrontNetworkInterface[count.index]
The "count" object can only be used in "module", "resource", and "data"
blocks, and only when the "count" argument is set.
Error: Reference to "count" in non-counted context
front.tf line 91, in resource "azurerm_network_interface_backend_address_pool_association" "BackendIPAssoc":
network_interface_id = azurerm_network_interface.FrontNetworkInterface[count.index]
The "count" object can only be used in "module", "resource", and "data"
blocks, and only when the "count" argument is set.
Also, I am receiving this error on my azurerm_virtual_machine block:
line 162, in resource "azurerm_virtual_machine" "FrontEndVirtualMachines":
162: admin_ssh_key {
Blocks of type "admin_ssh_key" are not expected here.
I am following what is shown here:
https://learn.microsoft.com/en-us/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure
As you can see, the admin_ssh_key block is provided. I tried using version 2.0 as used in the scripts; however, I experienced the same result.
Thanks for your help!! :)
When referencing a resource created with count you still need to add the .id. See the following example. For more information see this link.
provider "azurerm" {
version = "~>2.23.0"
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "East US"
}
resource "azurerm_virtual_network" "example" {
name = "vnet"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
dns_servers = ["10.0.0.4", "10.0.0.5"]
}
resource "azurerm_subnet" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_network_interface" "example" {
count = 2
name = format("int%s", count.index)
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "ip"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "dynamic"
}
}
resource "azurerm_network_security_group" "example" {
name = "acceptanceTestSecurityGroup1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
security_rule {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_network_interface_security_group_association" "secgroup" {
count = length(azurerm_network_interface.example)
network_interface_id = azurerm_network_interface.example[count.index].id
network_security_group_id = azurerm_network_security_group.example.id
}
I will admit that I haven't read the whole story, but it looks like your attempt #2/3/4 was pretty close. Where you use [count.index], you need to specify a count, otherwise there's no count to index. So if you just add count = 2 to those two resource blocks, it should work.
Better yet, either have the 2 as a variable, or use
count = len(azurerm_network_interface.FrontNetworkInterface)
to ensure you don't end up with mismatched numbers when you change the 2 later on.
Using for_each expression in Terraform v0.12.6 to dynamically generate inline blocks of vnet subnets (Azure). I have list variable 'subnets' defined, with two subnets 'sub1' and 'sub2' as below
variable "subnets" {
default = [
{
name = "sub1"
prefix = "1.1.1.1/32"
},
{
name = "sub2"
prefix = "2.2.2.2/32"
},
]
}
then iterate over list variable inside "azurerm_virtual_network" block to create dynamic blocks of subnets
dynamic "subnet" {
for_each = [for s in var.subnets : {
name = s.name
prefix = s.prefix
}]
content {
name = subnet.name
address_prefix = subnet.prefix
}
}
}
Getting i.e. first one is Error: Unsupported attribute
on main.tf line 42, in resource "azurerm_virtual_network" "vnet":
42: name = subnet.name
This object does not have an attribute named "name".
The iterator object created for a dynamic block has two attributes:
key: the map key or list index of the current element
value: the value of the current element
In this case, the collection being used for repetition is a list of objects, so subnet.key will be integer indices 0, 1, ... and subnet.value will be the object associated with that index.
To get the result you were looking for, you'll need to access the object attributes on subnet.value instead:
dynamic "subnet" {
for_each = [for s in var.subnets : {
name = s.name
prefix = s.prefix
}]
content {
name = subnet.value.name
address_prefix = subnet.value.prefix
}
}
}
It seems like var.subnets is already compatible with the object structure the content block expects, so it may be possible to simplify this further by accessing it directly:
dynamic "subnet" {
for_each = var.subnets
content {
name = subnet.value.name
address_prefix = subnet.value.prefix
}
}
}
As long as var.subnets is a list of objects already, this should produce an identical result.
I'm testing the "for_each" resource attribute now available in Terraform 12.6 but can't manage to reference created instances in other resources.
azure.tf
variable "customers" {
type = map(object({name=string}))
}
resource "azurerm_storage_account" "provisioning-datalake" {
for_each = var.customers
name = "mydatalake${each.key}"
resource_group_name = "${azurerm_resource_group.provisioning-group.name}"
location = "${azurerm_databricks_workspace.databricks.location}"
account_kind = "StorageV2"
account_tier = "Standard"
account_replication_type = "GRS"
is_hns_enabled = true
enable_advanced_threat_protection = true
tags = {
environment = var.environment
customer = each.value.name
}
}
resource "azurerm_key_vault_secret" "key-vault-datalake-secret" {
for_each = var.customers
name = "mydatalake-shared-key-${each.key}"
value = azurerm_storage_account.provisioning-datalake[each.key].primary_access_key
key_vault_id = azurerm_key_vault.key-vault.id
tags = {
environment = var.environment
customer = each.value.name
}
}
build.tfvars
environment = "Build"
customers = {
dev = {
name = "Development"
},
int = {
name = "Integration"
},
stg = {
name = "Staging"
}
}
I expect "keyvault-datalake-secret" entries to be created with the matching keys of the generated "provisioning-datalake" resources.
But when I run terraform plan --var-file=build.tfvars, I get the following error:
Error: Invalid index
on azure.tf line 45, in resource "azurerm_key_vault_secret" "key-vault-datalake-secret":
45: value = azurerm_storage_account.provisioning-datalake[each.key].primary_access_key
|----------------
| azurerm_storage_account.provisioning-datalake is object with 52 attributes
| each.key is "stg"
The given key does not identify an element in this collection value.
Error: Invalid index
on azure.tf line 45, in resource "azurerm_key_vault_secret" "key-vault-datalake-secret":
45: value = azurerm_storage_account.provisioning-datalake[each.key].primary_access_key
|----------------
| azurerm_storage_account.provisioning-datalake is object with 52 attributes
| each.key is "int"
The given key does not identify an element in this collection value.
Error: Invalid index
on azure.tf line 45, in resource "azurerm_key_vault_secret" "key-vault-datalake-secret":
45: value = azurerm_storage_account.provisioning-datalake[each.key].primary_access_key
|----------------
| azurerm_storage_account.provisioning-datalake is object with 52 attributes
| each.key is "dev"
The given key does not identify an element in this collection value.
Bug corrected in Terraform 0.12.7