问题描述

又是 terraform 的动态值映射问题.

Again terraform issue with dynamic map of values.

一开始我有什么，一个局部变量:

What do I have for the start, one local variable:

locals {
  users_with_appId = [
  for user in var.users: user if user.app_id != null
  ]
}

用户变量:

users = [
  {
    userName    = "john.doe1"
    roles       = ["ORG_ADMIN"]
    profile_attributes = <<EOT
{
  "testParameter":"value"
}
EOT
    app_id = "test123"
  },
  {
    userName    = "john.doe2"
    roles       = ["ORG_ADMIN"]
    profile_attributes = null
    app_id = null
  },
  {
    userName    = "john.doe3"
    roles       = ["ORG_ADMIN"]
    profile_attributes = <<EOT
{
  "testParameter":"value"
}
EOT
    app_id = "test123"
  }
]

Okta 用户资源

# Users
resource "okta_user" "users" {
  count             = length(var.users)
  email             = "${var.users[count.index].userName}@example.com"
  login             = "${var.users[count.index].userName}@example.com"
  ...//the rest
}

和 okta_app_user 资源

and okta_app_user resource

resource "okta_app_user" "app_users" {
  count    = length(local.users_with_appId)
  app_id   = "${local.app_name_to_id_map[local.users_with_appId[count.index].app_id]}"
  user_id  = element([for user in okta_user.users: user if user.email == "${local.users_with_appId[count.index].userName}@example.com"], 0).id
  username = "${local.users_with_appId[count.index].userName}@example.com"
  profile = local.users_with_appId[count.index].profile_attributes
}

当我运行 terraform apply 时出现此错误:

When I run terraform apply I got this error:

  Error: Error in function call

  on okta_user.tf line 34, in resource "okta_app_user" "app_users":
  34:   user_id  = element([for user in okta_user.users: user if user.email == "${local.users_with_appId[count.index].userName}@example.com"], 0).id
  |----------------
  | count.index is 0
  | local.users_with_appId is tuple with 2 elements
  | okta_user.users is tuple with 3 elements

  Call to function "element" failed: cannot use element function with an empty
  list.

但正如我所见:okta_user 包含 3 个项目

But as I can see:okta_user contain 3 items

和 local.users_with_appId 包含 2 个项目(其中 app_is 不为空，因此 john.doe1 和 john.doe3 条目)

and local.users_with_appId contains 2 items (where app_is is not null so john.doe1 and john.doe3 entries)

还有这个

  element([for user in okta_user.users: user if user.email == "${local.users_with_appId[count.index].userName}@example.com"], 0).id

所以索引 0 应该从资源 okta_user 返回 [email protected]并且它应该等于局部变量 "${local.users_with_appId[count.index].userName}@example.com"

so index 0 should return [email protected] from resource okta_userand it should be equal to first (0) index of local variable "${local.users_with_appId[count.index].userName}@example.com"

也在 foreach 循环中与 local.users_with_appId[count.index].userName 进行比较，那么为什么它还要关心 local.users_with_appId 与 之间的元素数量代码>okta_user ?

Also in foreach loop im comparing to local.users_with_appId[count.index].userName so why does it even bother about number of elements between local.users_with_appId vs okta_user ?

我错过了什么?

推荐答案

根据评论.

问题是由于条件 user.email == "${local.users_with_appId[count.index].userName}@example.com" 不满足造成的.因此，element 由于试图从 empty list in 中提取元素而出错:

The issue was caused by condition user.email == "${local.users_with_appId[count.index].userName}@example.com" not being satisfied. Consequently, element was erroring out due to trying to extract an element form an empty list in:

element([for user in okta_user.users: user if user.email == "${local.users_with_appId[count.index].userName}@example.com"], 0).id

解决方案是使用

element([for user in okta_user.users: user if "${user.email}" == "${local.users_with_app_id[count.index].userName}@example.com"], 0).id

这篇关于Terraform:从资源内的数组中过滤对象的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！