Terraform Azure Container Instance Dynamic Volume - share_name loop over azurerm_storage_share

Question

I have the following terraform code creating azure storage file shares.

resource "azurerm_storage_share" "jms-sftp-share" {
  for_each             = toset(["one", "two", "three"])
  name                 = each.key
  quota                = 5120
  storage_account_name = azurerm_storage_account.working-storage_account.name

  acl {
    id = "${each.key}_this_is_my_id"

    access_policy {
      permissions = "rwl"
    }
  }
}

I am trying to then create an azurerm_container_instance with a dynamic volume block that gets it's share name by looping over the azurerm_storage_share.jms-sftp-share.

resource "azurerm_container_group" "jms-sftp" {
  dns_name_label = "doccji-dts-dev-jms-sftp"
  exposed_port = [
    {
      port     = 22
      protocol = "TCP"
    },
  ]
  location            = var.resource-location
  name                = "${local.resource-name-prefix}-sftp-1"
  os_type             = "Linux"
  resource_group_name = local.resource-group-name
  restart_policy      = "Always"
  tags                = merge(local.common_tags, tomap({ "type" = "docker-sftp-server" }))

  container {
    commands = []
    cpu      = 1
    image    = "atmoz/sftp:latest"
    memory   = 1.5
    name     = "jms-sftp-1"

    ports {
      port     = 22
      protocol = "TCP"
    }
    dynamic "volume" {
      for_each = [for v in azurerm_storage_share.jms-sftp-share : {
        name = v.name
      }]
      content {
        empty_dir            = false
        mount_path           = "/home/${volume.value.name}"
        name                 = "${volume.value.name}-home-folder"
        read_only            = false
        share_name           = azurerm_storage_share.jms-sftp-share[volume.value.name]
        storage_account_key  = azurerm_storage_account.working-storage_account.primary_access_key
        storage_account_name = azurerm_storage_account.working-storage_account.name
      }

    }
    volume {
      empty_dir            = false
      mount_path           = "/etc/sftp"
      name                 = "sftp-users-conf"
      read_only            = true
      share_name           = azurerm_storage_share.jms-sftp-users-share.name
      storage_account_key  = azurerm_storage_account.working-storage_account.primary_access_key
      storage_account_name = azurerm_storage_account.working-storage_account.name
    }
  }

  depends_on = [
    azurerm_storage_share.jms-sftp-share,
    azurerm_storage_share.jms-sftp-users-share
  ]
}

I'm stuck on the following error:

Error: Incorrect attribute value type

  on container-instance.tf line 36, in resource "azurerm_container_group" "jms-sftp":
  36:         share_name           = azurerm_storage_share.jms-sftp-share[volume.value.name]
    |----------------
    | azurerm_storage_share.jms-sftp-share is object with 3 attributes

Inappropriate value for attribute "share_name": string required.


Error: Incorrect attribute value type

  on container-instance.tf line 36, in resource "azurerm_container_group" "jms-sftp":
  36:         share_name           = azurerm_storage_share.jms-sftp-share[volume.value.name]
    |----------------
    | azurerm_storage_share.jms-sftp-share is object with 3 attributes

Inappropriate value for attribute "share_name": string required.


Error: Incorrect attribute value type

  on container-instance.tf line 36, in resource "azurerm_container_group" "jms-sftp":
  36:         share_name           = azurerm_storage_share.jms-sftp-share[volume.value.name]
    |----------------
    | azurerm_storage_share.jms-sftp-share is object with 3 attributes

Inappropriate value for attribute "share_name": string required.

I believe I get what it's telling me, but I don't know how to setup the

share_name           = azurerm_storage_share.jms-sftp-share[volume.value.name]

to correctly reference the associated share.

If I change the share_name to be

share_name           = azurerm_storage_share.jms-sftp-share[volume.value.name.name]

I get output that suggests my previous notation was correct, but I'm just not sure where to go.

Error: Unsupported attribute

  on container-instance.tf line 36, in resource "azurerm_container_group" "jms-sftp":
  36:         share_name           = azurerm_storage_share.jms-sftp-share[volume.value.name.name]
    |----------------
    | volume.value.name is "one"

This value does not have any attributes.


Error: Unsupported attribute

  on container-instance.tf line 36, in resource "azurerm_container_group" "jms-sftp":
  36:         share_name           = azurerm_storage_share.jms-sftp-share[volume.value.name.name]
    |----------------
    | volume.value.name is "two"

This value does not have any attributes.


Error: Unsupported attribute

  on container-instance.tf line 36, in resource "azurerm_container_group" "jms-sftp":
  36:         share_name           = azurerm_storage_share.jms-sftp-share[volume.value.name.name]
    |----------------
    | volume.value.name is "three"

This value does not have any attributes.

Any ideas?

Answer 1

You need to reference the specific value in the exported resource attribute object. The error message states:

azurerm_storage_share.jms-sftp-share is object with 3 attributes

indicating you need to reference the specific element in the object. The three attributes are denoted with the one two and three Strings you use as keys to iterate over in the question. You then access the specific element like:

share_name = azurerm_storage_share.jms-sftp-share["one"].name

which accesses the one element of the azurerm_storage_share.jms-sftp-users-share object from the exported resource attributes.