Search code examples
terraformazure-rm

nested for_each loop in terraform - accessing outer each

So I want do use terraform and configure my storage account so that each account that is not a file storage gets soft container deletion enabled, and if i provide a boolean flag "cors_enabled" in my account variables, add some cors rules. Since both of these are in the blob_properties block, I have to decide if I add a blob_properties block and then decide again if I have to add the re

The only way I could think of is to have a for_each loop over the variables, and then use nested dynamic blocks like this.

my vars.account looks somewhat like this:

{   
    "account1": {
      "name":  "account1",
      "account_kind": "BlobStorage",
      "account_replication_type": "LRS",
      "cors_enabled": "true",
      # other stuff that's not relevant
    },
    "account2": {
      "name": "account1",
      "account_kind": "FileStorage",
      "account_replication_type": "LRS",
      "cors_enabled": "true",
      # other stuff that's not relevant
   }
}

My hcl looks like this:

resource "azurerm_storage_account" "account" {   
  for_each = var.accounts
  name = each.value.name
  # [...] do some further configuation, set some required variables
    dynamic blob_properties {   
      for_each = lookup(each.value, "account_kind", "StorageV2") != "FileStorage" ||  lookup(each.value, "cors_enabled", "false") ? [""] : []
      content {
        dynamic container_delete_retention_policy {
          for_each = lookup(each.value, "account_kind", "StorageV2") != "FileStorage" ? [""] : []
          content {
            days = 30
          }
        }
        dynamic cors_rule {
          for_each = lookup(each.value, "cors_enabled", "false") ? [""] : []
          content {
            # some cors rule configuration
          }
      }
   }
}

But this of course doesn't work, because the "each.value" in the container_delete_retention_policy refers to the each in the INNER for_each loop (in the dynamic blob_properties blob) and the same goes for the each.value in the cors_rule, when I want it to refer to the "each" infor_each = var.accounts

I tried using count instead of the outer for_each loop (and then do some magic with local maps so I can access the correct key/value by the count's index), but count seems to produce something different than for_each; when I use for_each, I can later use

myvariable = azurerm_storage_account.account["mykey"].name

so I guess it produces some kind of map. When I use count instead of for_each, I then get an error

azurerm_storage_account.acount is tuple with 8 elements The given key does not identify an element in this collection value: a number is required.

So I guess it produces a list?

Is there a way in terraform to access the "each" of an outer for_each loop in an inner for_each loop? If not, is there a different way to achieve what I want?

Solution

  • I got it wrong and got confused by an unrelated error I got - the code above behaves exactly like I want it to, i.e. always referring to the outermost "each".