terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Unable to Use data.azurerm_key_vault_secrets -> for_each data.azurerm_key_vault_secret

Open ledbutter opened this issue 11 months ago • 0 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Community Note

  • Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.7

AzureRM Provider Version

3.90.0

Affected Resource(s)/Data Source(s)

data.azurerm_key_vault_secret data.azurerm_key_vault_secrets

Terraform Configuration Files

data "azurerm_key_vault" "vault" {
  name = var.key_vault_name
  resource_group_name = var.resource_group
}

data "azurerm_key_vault_secrets" "secrets" {
  key_vault_id = data.azurerm_key_vault.vault.id
}

data "azurerm_key_vault_secret" "secret" {
  for_each = toset(data.azurerm_key_vault_secrets.secrets.names)

  name         = each.key
  key_vault_id = data.azurerm_key_vault.vault.id
}

Debug Output/Panic Output

╷
│ Error: Invalid for_each argument
│ 
│   on main.tf line 62, in data "azurerm_key_vault_secret" "secret":
│   62:   for_each = toset(data.azurerm_key_vault_secrets.secrets.names)
│     ├────────────────
│     │ data.azurerm_key_vault_secrets.secrets.names is a list of string, known only after apply
│ 
│ The "for_each" set includes values derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the
│ instances of this resource.
│ 
│ When working with unknown values in for_each, it's better to use a map value where the keys are defined statically in your configuration and where only the values contain apply-time results.
│ 
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.

Expected Behaviour

I expected--following the provided example--to be able to iterate over all of the secrets in a key vault. This issue was previously recorded and addressed by updating the example to wrap the names in a toset, but that still is not working for me here.

Actual Behaviour

Failure to complete a terraform plan

Steps to Reproduce

No response

Important Factoids

No response

References

#15052 #15308

ledbutter avatar Feb 28 '24 17:02 ledbutter