Search code examples
azureterraformacrazure-private-dns-zone

Creating dynamic private dns zone records for private endpoints of Azure Container Registry (ACR)


I'm struggling with setting dynamic private dns zone records for multiple private endpoints for same resource in Azure (ACR - Azure Container Registry).

So I have currently setup this simple example. Basically it simulate creation of ACR and building a map of records which need to be registered in the DNS so ACR could be used correclty. The thing here is that it is needed to somehow extract value from inner field of each resource/object (here it is endpoints variable) and then transform it correctly so it would match expected output. This is needed as in my case it is integral part of a module and it needs to be built dynamically based on values of real resources created.

Following example should help anyone who'd like to check this problem out and help a bit. To verify if you've got correct result just type "terraform refresh" and the output should be printed.

terraform {
  backend local {}
}

# simulates creation of multiple Azure Container Registry private endpoints
variable endpoints {
  type = map
  default = {
    "registry" = {
      custom_dns_configs = [
        {
          fqdn = "something.westeurope.data.azurecr.io"
          ip_addresses = ["1.1.1.1",]
        },
        {
          fqdn         = "something.azurecr.io"
          ip_addresses = ["1.1.1.2",]
        }
      ]
    },
    "registry2" = {
      custom_dns_configs = [
        {
          fqdn = "something.westeurope.data.azurecr.io"
          ip_addresses = ["1.1.2.1",]
        },
        {
          fqdn = "something.azurecr.io"
          ip_addresses = ["1.1.2.2",]
        },
      ]
    },
    #...
    # "registryN" = {...}
  }
}

# Question: How to write for block here to get out of it exactly what's in expected
#           result having in mind that there can be multiple of "registry" blocks?
#           Below line produce only single result which doesn't match expected result.
output result {
  value = {for pe in var.endpoints:
    pe.custom_dns_configs[0].fqdn => pe.custom_dns_configs[0].ip_addresses
  }
}

# Expected result:
# result = {
#   "something.westeurope.data.azurecr.io" = [
#     "1.1.1.1",
#     "1.1.2.1",
#   ]
#   "something.azurecr.io" = [
#     "1.1.1.2",
#     "1.1.2.2",
#   ]
# }

Solution

  • Answering my own question:

    output result {
      value = {for k,v in { 
          for cdc in flatten(
            [for pe in var.endpoints: pe.custom_dns_configs]
          ): 
            cdc.fqdn => cdc.ip_addresses...
        }: 
          k => flatten(v)
      }
    }
    

    Now few words of explanation:

    • [] and {} - [] produce a tuple which strip "registry" key from incomming map whereas {} would require to produce some kind of dynamic keys
    • [for pe in var.endpoints: pe.custom_dns_configs] just extract internal field from var.environments for each element of the map. Then flatten is used just to make thing simpler without the need to dig into different levels of nested lists
    • next for is to build new map for fqdn -> list(ip addresses)
    • the "..." after cdc.ip_addresses are required. That's notation to allow grouping values by keys. In this case we have at least 2 times same fqdn and by normal means terraform would complain that it cannot create such map when keys are non-uniqe. Adding those 3 dots there enable this grouping.
    • then top-most for block is used just to flatten whole value output.

    Now the problem would be if we would still want to keep "registry", "registry2", "registryN" grouping. For that I haven't found solution yet.