简体   繁体   中英

Getting error while using Terraform for_each for App Registration

I am trying to do app registration and have few app roles that i would like to assign. My code is given below

resource "random_uuid" "prod" {}

resource "azuread_application" "app_prod" {
  display_name    = format("app-%s-%s", var.project.name, var.project.environment.name)
  owners          = [data.azuread_client_config.default.object_id]
  identifier_uris = [format("https://contoso.onmicrosoft.com/%s-%s", var.project.name, var.project.environment.name)]
  api {
    oauth2_permission_scope {
      for_each                   = toset(local.oauth2_permissions)
      admin_consent_description  = each.value.admin_consent_description
      admin_consent_display_name = each.value.admin_consent_display_name
      enabled                    = true
      id                         = random_uuid.prod.result
      type                       = each.value.type
      value                      = each.key

  app_role {
    for_each             = toset(local.app_roles)
    allowed_member_types = each.value.allowed_member_types
    description          = each.value.description
    display_name         = each.value.display_name
    enabled              = true
    id                   = random_uuid.prod.result
    value                = each.key

  web {
    logout_url    = format("https://app-%s-%s", var.project.name, var.project.environment.name)
    redirect_uris = []

    implicit_grant {
      access_token_issuance_enabled = true
      id_token_issuance_enabled     = true

  required_resource_access {
    resource_app_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph

    resource_access {
      id   = data.azuread_service_principal.msgraph.app_role_ids["User.Read.All"]
      type = "Role"

locals {
  app_roles = {
    application-administrator = {
      display_name         = "Application administrator"
      description          = "Application administrators have the ability to administer the application."
      allowed_member_types = ["User", "Application"]
    BusinessAdmin = {
      display_name         = "BusinessAdmin"
      description          = "Business Administrator"
      allowed_member_types = ["User"]
    mulesoft-integration = {
      display_name         = "Mulesoft Integration"
      description          = "Allows MuleSoft Integration to talk to the APIs."
      allowed_member_types = ["Application"]
  oauth2_permissions = {
    read-and-write = {
      user_consent_description   = "read-and-write"
      admin_consent_display_name = "Read and write data"
      admin_consent_description  = "Allows the app to read and write data"
      user_consent_display_name  = "Allows the app to read and write data"
      type                       = "User"

data "azuread_application_published_app_ids" "well_known" {}

data "azuread_service_principal" "msgraph" {
  application_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph

The error that i get while doing terraform apply is :

Error: each.value cannot be used in this context
│   on resources.appreg.tf line 24, in resource "azuread_application" "app_prodstats":
│   24:     description          = each.value.description
│ A reference to "each.value" has been used in a context in which it
│ unavailable, such as when the configuration no longer contains the value in
│ its "for_each" expression. Remove this reference to each.value in your
│ configuration to work around this error.
│ Error: each.value cannot be used in this context
│   on resources.appreg.tf line 25, in resource "azuread_application" "app_prodstats":
│   25:     display_name         = each.value.display_name
│ A reference to "each.value" has been used in a context in which it
│ unavailable, such as when the configuration no longer contains the value in
│ its "for_each" expression. Remove this reference to each.value in your
│ configuration to work around this error.
│ Error: Reference to "each" in context without for_each
│   on resources.appreg.tf line 28, in resource "azuread_application" "app_prodstats":
│   28:     value                = each.key
│ The "each" object can be used only in "module" or "resource" blocks, and
│ only when the "for_each" argument is set.

You need content block if you are using dynamic blocks :

  dynamic "app_role" {
    for_each              = toset(local.app_roles)
    content {
     allowed_member_types = app_role.value.allowed_member_types
     description          = app_role.value.description
     display_name         = app_role.value.display_name
     enabled              = true
     id                   = random_uuid.prod.result
     value                = app_role.key

You have to make similar changes as above to other parts of your code where you get that error.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

粤ICP备18138465号  © 2020-2024 STACKOOM.COM