Search code examples
azureterraformterraform-provider-azure

Terraform chaining for_each between resources

variables.tf

variable "custom_ids" {
  type    = set(string)
  default = ["b4d2d", "c928f140e8"]
}

main.tf

resource "azuread_application" "my-test-app" {
  for_each     = var.custom_ids
  display_name = "testing-application"
  owners       = [data.azuread_client_config.current.object_id , each.value ] 
}

resource "azuread_service_principal" "testing-sp" {
  for_each                     = azuread_application.my-test-app
  application_id               = azuread_application.my-test-app.application_id
  app_role_assignment_required = false
  owners                       = [data.azuread_client_config.current.object_id , each.value]
}

And the error message is:

Error: Missing resource instance key Because azuread_application.my-test-app has "for_each" set, its attributes must be accessed on specific instances. │ │ For example, to correlate with indices of a referring resource, use: │ azuread_application.my-test-app[each.key]

Referred this : https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#chaining-for_each-between-resources

What's the issue here?

New Error:

│ Error: Unsupported attribute │ │ on my-service-principals.tf line 24, in resource "azuread_service_principal" "testing-sp": │ 24: application_id = each.value.application_id │ ├──────────────── │ │ each.value is a set of string │ │ This value does not have any attributes.

Solution

  • Since chaining with for_each means you will be using key value pairs, you can fix this by doing the following:

    resource "azuread_application" "my-test-app" {
  for_each     = var.custom_ids
  display_name = "testing-application"
  owners       = [data.azuread_client_config.current.object_id , each.value ]
}

resource "azuread_service_principal" "testing-sp" {
  for_each                     = azuread_application.my-test-app
  application_id               = each.value.application_id
  app_role_assignment_required = false
  owners                       = each.value.owners
}

    EDIT: since the goal of the question is different than the original post, here is how this should be set up based on the comments:

    variable "custom_ids" {
  type    = list(string)
  default = ["b4d2d", "c928f140e8"]
}

resource "azuread_application" "my-test-app" {
  display_name = "testing-application"
  owners       = concat([data.azuread_client_config.current.object_id], var.custom_ids] 
}

resource "azuread_service_principal" "testing-sp" {
  application_id               = azuread_application.my-test-app.application_id
  app_role_assignment_required = false
  owners                       = azuread_application.my-test-app.owners
}