Build dynamic terraform fields for kubernetes_role resource

Question

Please help to understand how to correctly build dynamic rules for resource

In input I want to send vars like this :

  role_rules = {
    rule01 = {
      "api_groups" = ["apps"]
      "resources"  = ["pods"]
      "resource_names" = ["foo"]
      "verbs"          = ["get", "list", "watch"]
    }
    rule02 = {
      "api_groups" = ["apps2"]
      "resources"  = ["services"]
      "resource_names" = ["foo2"]
      "verbs"          = ["*"]
    }
  }

And in a result have two rules for my resource. I tried to do this in a way like :

resource "kubernetes_role" "this" {
  metadata {
    name      = var.role_name
    labels    = local.metadata_labels
  }
  dynamic "rule" {
    for_each = local.role_permission_rules
    content {
      api_groups     = try(role.value["api_groups"], "")
      resources      = try(role.value["resources"], "")
      resource_names = try(role.value["resource_names"], "")
      verbs          = try(role.value["verbs"], "")
    }
  }
}
locals {
  role_permission_rules = {
    for rule in keys(var.role_rules):
      rule => lookup(var.role_rules, rule)
  }
}

But unfortunately, it's not working with a lot of errors that no value on the root module. Any ideas on how to correct realize such stuff?

Answer 1

I would recommend using lookup instead of try. However, I think you just need to throw it into a list by containing the item in brackets []. Also I would recommend referencing rule.value and not role.value

For example:

dynamic "rule" {
   for_each = local.role_permission_rules
   content {
     api_groups     = [lookup(rule.value, "api_groups", null)]
     resources      = [lookup(rule.value, "resources", null)]
     resource_names = [lookup(rule.value, "resource_names", null)]
     verbs          = [lookup(rule.value, "verbs", null)]
   }
}