@thedarkwriter wrote:
Hi there,
Terraform v0.12.18
- provider.google v3.4.0
- provider.google-beta v3.4.0
I am trying to create several service accounts and map them to multiple roles in GCP.
I’m having an issue getting my second loop to be honored (if that’s possible).
variable "roles_for_admins" { default = { "iam" = "roles/resourcemanager.projectIamAdmin" "kubernetes" = "roles/container.admin" "storage" = "roles/storage.admin" "datastore" = "roles/datastore.owner" "googleappengine" = "roles/appengine.appAdmin" "computevpc" = "roles/compute.admin" "cloudfunctions" = "roles/cloudfunctions.admin" "cloudscheduler" = "roles/cloudscheduler.admin" "cloudtasks" = "roles/cloudtasks.admin" "memorystore" = "roles/redis.admin" "serverlessvpcconnector" = "roles/vpcaccess.admin" } } variable "admins" { default = { "joesmith" = "jsmith" "alicebrown" = "abrown" "anotherone" = "aone" } } resource "google_service_account" "create-serviceaccounts" { for_each = var.admins account_id = each.value display_name = "This service account is for ${each.value} to manage things" } resource "google_project_iam_member" "grant-deployer-roles-to-users" { for_each = var.roles_for_admins role = each.value member = "serviceAccount:${[for admin in google_service_account.create-serviceaccounts: admin.email]}" depends_on = [google_service_account.create-serviceaccounts] }The problem loop is the member = "serviceAccount:${[for admin in google_service_account.create-serviceaccounts: admin.email]}"
The error looks like it doesn’t like how I’m trying to call that for loop (possibly because the member attribute expects only a string or because this loop is different than the original for_each)
Example error
Error: Invalid template interpolation valueon line 51, in resource "google_project_iam_member" "grant-deployer-roles-to-users": 51: member = "serviceAccount:${[for admin in google_service_account.create-serviceaccounts: admin.email]}" |---------------- | google_service_account.create-serviceaccounts is object with 6 attributes Cannot include the given value in a string template: string required.What I’m trying to get working is having one block to create all the users and one block to iteratively add in all the roles to each user.
Posts: 4
Participants: 2
