CODEWITHSUNDEEP
terraformazure-rm
devops-admin
devops-admin

Reputation: 2003

How to skip certain part of a resource from being provisioned using Terraform

# main.tf
resource "azurerm_api_management" "apim_demo" {
  name                = var.apim_instance_name
  location            = azurerm_resource_group.apim_rg.location
  resource_group_name = azurerm_resource_group.apim_rg.name
  publisher_name      = var.apim_publisher_name
  publisher_email     = var.apim_publisher_email

  sku_name = var.apim_sku_name

  identity {
    type = "SystemAssigned"
  }
  hostname_configuration {
    proxy {
      default_ssl_binding          = true
      host_name                    = "qtech"
      key_vault_id                 = "https://ssl-key-test789.vault.azure.net/secrets/my-ssl-certificate"
      negotiate_client_certificate = true
    }
    proxy {
      default_ssl_binding          = false
      host_name                    = "ftech"
      key_vault_id                 = "https://ssl-key-test789.vault.azure.net/secrets/my-ssl-certificate2"
      negotiate_client_certificate = true
      #custom                       = var.custom_block
      #count                       = var.test_condition ? 1 : 0
    }

  }


}


# variables.tf

variable "apim_instance_name" {}

variable "apim_publisher_name" {}

variable "apim_publisher_email" {}

variable "apim_sku_name" {}

variable "tenant_id" {
  #  description "Enter Tenant ID"
}

variable "client_id" {
  #  description "Enter Tenant ID"
}

variable "subscription_id" {
  #  description "Enter Subscription ID"
}

variable "client_secret" {
  #  description "Enter client secret"
}



variable "apim_resource_group_name" {
  #  description "RG-2"
}

variable "apim_location" {
  type = map(any)
  default = {
    location1 = "eastus"
    location2 = "westus"
  }
}

#variable "subnets" {
#  type = "list"
#  default = ["10.0.1.0/24", "10.0.2.0/24"]
#}


variable "test_condition" {
  type    = bool
  default = true
}

variable "custom_block" {
  default = null
}

From the above terraform code, I want to avoid/skip the below (second proxy block) part of the resource from being provisioned

    proxy {
      default_ssl_binding          = false
      host_name                    = "ftech"
      key_vault_id                 = "https://ssl-key-test789.vault.azure.net/secrets/my-ssl-certificate2"
      negotiate_client_certificate = true
#      custom                       = var.custom_block
#      count                       = var.test_condition ? 1 : 0
    }

I did try to use count logic to avoid but I guess it will work on a complete resource block, not on a certain part of a resource block. Anyway, I received the below error using count logic

Error: Unsupported argument
│ 
│   on apim-instance.tf line 35, in resource "azurerm_api_management" "apim_demo":
│   35:       count                       = var.test_condition ? 1 : 0
│ 
│ An argument named "count" is not expected here.
╵

I also try to use null logic to avoid but I guess it will also work on a complete resource block, not on a certain part of a resource block. Anyway, I got the below error using null logic.

│ Error: Unsupported argument
│ 
│   on apim-instance.tf line 34, in resource "azurerm_api_management" "apim_demo":
│   34:       custom                       = var.custom_block
│ 
│ An argument named "custom" is not expected here.
╵

Upvotes: 1

Views: 2500

Answers (2)

awiechert
awiechert

Reputation: 390

What if you just seperate this code blocks into modules for each stage?

Upvotes: 0

Yashwant Mahawar
Yashwant Mahawar

Reputation: 129

use dynamic block. it will resolve your query.

https://www.terraform.io/docs/language/expressions/dynamic-blocks.html

variable "proxy" {
  type        = any
  default     = [
    {
      default_ssl_binding          = true
      host_name                    = "qtech"
      key_vault_id                 = "https://ssl-key-test789.vault.azure.net/secrets/my-ssl-certificate"
      negotiate_client_certificate = true
    }
    {
     default_ssl_binding           = true
      host_name                    = "qtech"
      key_vault_id                 = "https://ssl-key-test789.vault.azure.net/secrets/my-ssl-certificate"
      negotiate_client_certificate = true
    }
  ]

}

use like below.

hostname_configuration {
 dynamic "proxy" {
    for_each = var.proxy
    content {
      default_ssl_binding          = proxy.value.default_ssl_binding
      host_name                    = proxy.value.host_name
      key_vault_id                 = proxy.value.key_vault_id
      negotiate_client_certificate = proxy.value.negotiate_client_certificate
    }
  }
}

Upvotes: 2

Related Questions