Refactor template assignment logic in the trusted profile template module #192
Description
In the trusted profile template module, the template assignment is done using for_each loop over a local variable as shown below:
The issue with for_each loop here is that it will work correctly only if all the list/map values are known during plan phase. There if we use all for account_to_assign that would work as expected.
But on calling the module with known number of elements like
module "create_trusted_profile_template" {
source = "terraform-ibm-modules/trusted-profile/ibm//modules/trusted-profile-template"
version = "3.1.0"
template_name = "${var.prefix}-enable-service-id-to-invite-users-template"
template_description = "Trusted Profile template for Enterpise with required access for inviting users"
profile_name = "${var.prefix}-enable-service-id-to-invite-users"
profile_description = "Trusted Profile for Enterpise sub accounts with required access for inviting users"
identities = [
for account in module.enterprise.enterprise_accounts_iam_response : {
type = "serviceid"
iam_id = account.iam_service_id
identifier = replace(account.iam_service_id, "iam-", "")
}
]
account_group_ids_to_assign = []
account_ids_to_assign = [
module.enterprise.enterprise_accounts_iam_response[0].id,
module.enterprise.enterprise_accounts_iam_response[1].id
]
policy_templates = [
{
name = "${var.prefix}-iam-admin-access"
description = "Grants Administrator role to all Identity and Access enabled services (IAM service group)."
roles = ["Administrator"]
attributes = [{
key = "service_group_id"
value = "IAM" # assigns access to All Identity and Access enabled services
operator = "stringEquals"
}]
}
]
}gives out the following error
As the IDs for the enterprise sub account will be know only after the apply phase.