for_each attribute for creating multiple resources based on a map
Problem
Hi, We are missing a better support for loops which would be based on keys, not on indexes. Below is an example of the problem we currently have and would like Terraform to address: We have a list of Azure NSG (Network Security Group) rules defined in a hash. E.g. [code block] This allows us to keep the Terraform resource definition DRY and use a loop to create all the rules: [code block] So far, so good. However since the resources and their state are uniquely identified by the index and not by their name, we can't simply change the rules later. We can add new rules only at the end of the hash. We can remove rules only at the end of the hash. We can modify the rules, as long as their position in the hash doesn't change. * But we can never remove any other rule or change their position in the hash. This seems to be very restrictive and basically means we had to stop using this approach and define all individual rules as individual _azurerm_network_security_rule_ resources. As you can guess, if we e.g. remove the first item from the hash, Terraform would not see that as a removal of the first resource (index 0), but rather removal of the last resource (index 2) and a related unexpected change of all the other resources (old index 1 becomes new index 0, old index 2 becomes new index 1). Unfortunately this can also cause Azure provider to fail, because it may get into a conflict where an actual resource (old index 1) still exists in Azure, but Terraform now
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Solution: for_each attribute for creating multiple resources based on a map
Hi @mirogta! Thanks for this feature request, and your detailed use-case. This is definitely a request that has come up before, though it seems like it's only previously been discussed within the comments of other issues, so this issue seems like a good anchor for talking about our plans here, and updating as we make progress. The current design sketch we have is a new `for_each` argument that c
Trust Score
9 verifications
- 1
Hi @mirogta! Thanks for this feature request, and your detailed use-case.
Hi @mirogta! Thanks for this feature request, and your detailed use-case.
- 2
This is definitely a request that has come up before, though it seems like it's
This is definitely a request that has come up before, though it seems like it's only previously been discussed within the comments of other issues, so this issue seems like a good anchor for talking about our plans here, and updating as we make progress.
- 3
The current design sketch we have is a new `for_each` argument that can be used
The current design sketch we have is a new `for_each` argument that can be used as an alternative to `count`, taking either a list or a map as its value:
- 4
The primary benefit of this, as you correctly suggested, is that if the `for_eac
The primary benefit of this, as you correctly suggested, is that if the `for_each` collection is a _map_ then we will use the map keys to correlate configuration instances with state instances when planning updates, and thus avoid the problem you've encountered with adding or removing items in the map.
Validation
Resolved in hashicorp/terraform GitHub issue #17179. Community reactions: 74 upvotes.
Verification Summary
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep