Terraform: Create Maps/Objects with Nested For Loops

• Introduction
• Step-by-Step Guide
• Code Example
• Additional Notes
• Summary
• Conclusion
• References

Managing team memberships in GitHub using Terraform often involves handling nested data structures. This example demonstrates how to efficiently iterate over a map of users and their respective team roles to create GitHub team memberships. Let's break down the process step-by-step:

1. Define your data structure:

   gh_users = {
     user_one = {
       username = "user1"
       main_role = "member"
       teams  = {
         team1 = {
           role = "member"
         }
       }
     },
     user_two = {
       username  = "user2"
       main_role = "admin"
       teams     = {
         team1 = {
           role = "maintainer" 
         }
       }
     }
   }

2. Use nested for expressions to iterate:

   resource "github_team_membership" "team_membership" {
     for_each = { for user_key, user_data in gh_users : 
                    user_data.username => user_data.teams }
     username = user_key
     team_id = each.value.role # Access team role here
   } 

   • The outer for loop iterates over each user in gh_users.
   • The inner for loop iterates over the teams map within each user.

3. Access nested values:

   • user_key will be "user_one", "user_two", etc.
   • user_data will hold the entire nested object for each user.
   • each.value within the inner loop represents the individual team data (e.g., { role = "member" }).

Key Points:

• Terraform 0.12+: This approach using nested for expressions is crucial in Terraform 0.12 and later for working with nested data structures effectively.
• Dynamic Block Creation: Remember that you cannot directly create nested blocks dynamically with for expressions. Instead, structure your data to fit the resource schema and use loops for efficient iteration.

This Terraform code defines a local variable gh_users to store user data, including their roles in different teams. It then uses nested for loops within a resource block to dynamically create github_team_membership resources based on the user and team information defined in gh_users. The code assumes that team IDs are accessible and uses string interpolation to construct the team_id dynamically.

# Define your data structure
locals {
  gh_users = {
    user_one = {
      username  = "user1"
      main_role = "member"
      teams     = {
        team1 = {
          role = "member"
        },
        team2 = { # Example with multiple teams
          role = "maintainer"
        }
      }
    },
    user_two = {
      username  = "user2"
      main_role = "admin"
      teams     = {
        team1 = {
          role = "maintainer"
        }
      }
    }
  }
}

# Assuming 'github_team' resources are defined elsewhere
resource "github_team_membership" "team_membership" {
  for_each = {
    for user_key, user_data in local.gh_users :
    user_data.username => {
      for team_name, team_data in user_data.teams :
      team_name => team_data
    }
  }

  username = each.key
  team_id  = "github_team.${each.value.role}.id" # Assuming team IDs are constructed like this
  role     = each.value.role
}

Explanation:

1. Data Structure: The gh_users map defines users and their roles in different teams.
2. Nested for Expressions:
   • The outer for loop iterates over each user in gh_users.
   • The inner for loop iterates over the teams map within each user.
3. Dynamic Block Creation: The for_each expression generates multiple github_team_membership resources dynamically.
4. Accessing Nested Values:
   • each.key within the resource block refers to the username (e.g., "user1").
   • each.value.role accesses the role value within the team data (e.g., "member").

Important Considerations:

• Team IDs: This example assumes you have a way to reference the team IDs (e.g., using outputs from github_team resources).
• Resource Schema: Ensure the github_team_membership resource schema matches the structure used in the code.
• Error Handling: Consider adding error handling (e.g., using the try() function) to handle cases where team data might be missing.

This code demonstrates how to use nested for expressions to iterate over nested data structures and dynamically create resources in Terraform. Remember to adapt the code to your specific use case and resource requirements.

Understanding the Goal:

• The primary objective here is to create multiple github_team_membership resources, one for each combination of a user and their role within a team.
• We achieve this by dynamically generating these resources based on the data defined in the gh_users map.

Breaking Down the Code:

1. Data Structure (gh_users):

   • This map is the heart of the operation. It's crucial to organize your data in a way that logically maps to the resources you want to create.
   • Each key in gh_users represents a user (e.g., "user_one").
   • The value associated with each user is another map containing:
     • username: The actual GitHub username.
     • main_role: A general role for the user (might not be used for team membership).
     • teams: The key part! This nested map lists the teams this user belongs to and their specific role in each.

2. Nested for Expressions:

   • Outer Loop: Iterates over each user in gh_users. user_key will be the user identifier (e.g., "user_one"), and user_data will hold all the information for that user.
   • Inner Loop: Iterates over the teams map within the current user. team_name will be the team identifier (e.g., "team1"), and team_data will hold the role information for that team.

3. for_each in Resource:

   • This is where the magic happens. The nested for expressions are used within the for_each argument of the github_team_membership resource.
   • Result: Terraform will create one github_team_membership resource for each combination produced by the nested loops.

4. Accessing Values:

   • Inside the resource block, each.key represents the combined key from both loops, which is effectively the username in this case.
   • each.value gives you access to the team_data for the current iteration, allowing you to reference the role.

Important Considerations:

• Flexibility: This pattern is adaptable. You can modify the data structure and the nested loops to accommodate more complex scenarios or different resource types.
• Team ID Resolution: The example assumes you have a mechanism to obtain the team_id. This might involve using outputs from other resources or data sources.
• Error Handling: In real-world scenarios, consider adding error handling (e.g., using try()) to gracefully handle cases where expected data might be missing.

In essence, this code snippet showcases the power of nested for expressions in Terraform to dynamically generate resources based on structured data, making your infrastructure code more efficient and maintainable.

This snippet demonstrates how to use nested for expressions in Terraform (0.12+) to iterate over a nested data structure and dynamically create resources.

The Goal: Create multiple github_team_membership resources based on a map of users and their team roles.

The Approach:

1. Data Structure: Define a map (gh_users) where each key is a username and the value is another map containing user details and a teams map with team roles.

2. Nested Iteration:

   • The outer for loop iterates over each user in gh_users.
   • The inner for loop iterates over the teams map within each user.

3. Resource Creation:

   • The for_each expression dynamically creates github_team_membership resources.
   • user_key provides the username.
   • each.value.role accesses the team role from the nested teams map.

Key Takeaways:

• Nested for expressions are essential for working with complex data structures in Terraform.
• This approach avoids directly creating nested blocks dynamically, which is not supported.
• By structuring data appropriately and using nested loops, you can efficiently manage and create resources based on nested information.

This approach highlights the power of nested for expressions in Terraform for managing complex data structures and dynamically provisioning resources. By understanding how to structure your data and leverage nested loops, you can write more efficient and maintainable Terraform code for managing GitHub team memberships and beyond.

• Terraform - iterate over nested map - Stack Overflow | Aug 20, 2020 ... Terraform 0.12 - Produce map/object from nested for loop · 0 · Iterate Through Map of Maps in Terraform 0.12 · 2 · Terraform nested loop in ...
• Use a single nested for loop instead of a nested for loop and a ... | Posted by u/EncryptedRoot - No votes and 4 comments
• Terraform 0.12 - Produce map/object from nested for loop - Stack ... | Jul 30, 2019 ... As a follow up to Terraform 0.12 nested for loops. I am trying to produce an object out of a nested loop but failing miserably.
• Going insane trying to format these nested loops : r/Terraform | Posted by u/csCareerThrowAway15 - 1 vote and 3 comments
• produce map/object from nested for loop in terraform >0.12 · Issue ... | Current Terraform Version Terraform v0.12.6dev Use-cases While I found some examples on how to produce a list of maps, I am currently failing at producing a map of maps with a nested for loop. How ...
• Trouble with nested maps in for_each : r/Terraform | Posted by u/Moederneuqer - 8 votes and 4 comments
• Terraform nested maps for_each - Super User | Oct 15, 2020 ... In the module block, we use a nested for_each loop: The outer loop iterates over the top-level map names (local.top_level_map_names).
• Terraform Map Variable - What It is & How to Use | What is a map variable in Terraform? See examples. The difference between map(string) and map(object).
• For Expressions - Configuration Language | Terraform | HashiCorp ... | ... produce separate maps with admin vs non-admin objects: variable "users ... You can't dynamically generate nested blocks using for expressions, but you ...