Terraform: Iterating and skipping over specific index values

Question

I'm trying to update my existing azurerm_subnet terraform code by which was consumed by many others. So we really not like to break any existing tfvars

With the depreciated field of network_security_group_id from azurerm_subnetto a new resource called azurerm_network_interface_security_group_association starting with the version 2.0.

Existing Code

resource "azurerm_subnet" "generic_subnet" {
  count = "${length(var.subnet_names)}"

  name = "${element("${var.subnet_names}", count.index)}"
  resource_group_name = "${var.resource_group_name}"
  virtual_network_name = "${azurerm_virtual_network.generic_vnet.name}"
  address_prefix = "${element("${var.subnet_address_ranges}", count.index)}"
  service_endpoints = "${var.service_endpoints[count.index]}"


  network_security_group_id = "${element(var.subnet_nsg_ids, count.index)}"
  route_table_id = "${element(var.subnet_route_tables, count.index)}"
}

tfvars:

subnet_address_ranges = [
 "10.102.40.0/22",
 "10.102.44.0/24", 
 "10.102.45.0/25"
]
subnet_names = [
 "private-subnet-01",
 "public-subnet-01", 
 "protected-subnet-01"
 ]
service_endpoints = [    
    ["Microsoft.AzureCosmosDB","Microsoft.KeyVault", "Microsoft.Storage","Microsoft.Sql","Microsoft.AzureActiveDirectory","Microsoft.ContainerRegistry","Microsoft.EventHub","Microsoft.ServiceBus","Microsoft.Web"],
    [],
    ["Microsoft.KeyVault", "Microsoft.Storage"]
]
subnet_nsg_ids = [
    "/subscriptions/yyyy/resourceGroups/yyy/providers/Microsoft.Network/networkSecurityGroups/nsg-01",
    "",
"/subscriptions/yyyy/resourceGroups/yyy/providers/Microsoft.Network/networkSecurityGroups/nsg-02" 
]

Updated Code (by introducing the azurerm_network_interface_security_group_association resource)

resource "azurerm_subnet" "generic_subnet" {
  count = "${length(var.subnet_names)}"

  name = "${element("${var.subnet_names}", count.index)}"
  resource_group_name = "${var.resource_group_name}"
  virtual_network_name = "${azurerm_virtual_network.generic_vnet.name}"
  address_prefix = "${element("${var.subnet_address_ranges}", count.index)}"
  service_endpoints = "${var.service_endpoints[count.index]}"


  network_security_group_id = "${element(var.subnet_nsg_ids, count.index)}"
  route_table_id = "${element(var.subnet_route_tables, count.index)}"
}

resource "azurerm_subnet_network_security_group_association" "generic_nsg_association" {
  count= "${length(var.subnet_nsg_ids)}" 
  subnet_id = "${element(azurerm_subnet.generic_subnet.*.id, count.index)}"
  network_security_group_id = "${element(var.subnet_nsg_ids, count.index)}"
}

Obviously my new resource will break all the tfvars by throwing the error like

Error: Can not parse "network_security_group_id" as a resource id: Cannot parse Azure ID: parse "": empty url

on ../../../main.tf line 41, in resource "azurerm_subnet_network_security_group_association" "generic_nsg_association": 41: network_security_group_id = "${element(var.subnet_nsg_ids, count.index)}"

The reason is we need to give network_security_group_id param. However all my existing tfvars have a structure support subnet_nsg_ids list with a empty string.

So my question is Is there a way to loop through only a specific Index in the list for my azurerm_subnet_network_security_group_association resource. e.g, loop through only [0] and [2] but skip [1] (because [1] is an empty string)

Its not like I need to use count only. I'm happy to use for_each as well if this kind of skipping is possible.

Answer 1

I'm not sure I fully understand your issue, but if you want to skip your network_security_group_id when there is an empty string, you can do that using:

network_security_group_id = element(var.subnet_nsg_ids, count.index) != "" ? element(var.subnet_nsg_ids, count.index) : null

And if you want to filter out items with empty strings you can do:

for_each = [for idx, val in var.subnet_names): val if var.subnet_nsg_ids[idx] != ""]