Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a method for to convert list into str #15888

Closed
ssala7 opened this issue Aug 23, 2017 · 3 comments
Closed

Create a method for to convert list into str #15888

ssala7 opened this issue Aug 23, 2017 · 3 comments
Labels
config enhancement

Comments

@ssala7
Copy link

ssala7 commented Aug 23, 2017
edited by apparentlymart
Loading

s3_role.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service":
          "${iam_s3_role_principal}"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
variable "iam_s3_role_principal" {
  type = "list"
  default = ["ec2.amazonaws.com","ecs.amazonaws.com"]
}

data "template_file" "iam_s3_role" {
  template = "${file("${path.module}/s3_role.json")}"
  vars {
    iam_s3_role_principal = "${jsonencode(var.iam_s3_role_principal)}"
  }
}

resource "aws_iam_role" "s3_role" {
  name               = "${var.service}_${var.project}_role"
  assume_role_policy = "${data.template_file.iam_s3_role.rendered}"
}

Error:

I have used jsonencode got error: "assume_role_policy" contains an invalid JSON: invalid character 'e' after object key:value pair

  vars {
    iam_s3_role_principal = "${**str(var.iam_s3_role_principal)**}"
  }

Error:

unknown function called: str in:

Create a function for str so we can convert anything into a string.
@apparentlymart
Copy link
Contributor

Hi @ssala7!

We have a few functions that can turn lists into strings, which looks like what you need to do here. Which function you'd use depends on what format you need the resulting string to be in:

  • join will simply concatenate the list elements together with a delimiter you specify; this is the simplest
  • jsonencode will turn the list into string containing a JSON array.

In this case it seems like jsonencode is what you need, since the IAM policy document is in JSON format. An alternative is to use the aws_iam_policy_document data source, which behaves like a more specialized template that understands IAM policy syntax natively:

data "aws_iam_policy_document" "s3_role_assume" {
  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]
    principals {
      type        = "Service"
      identifiers = "${var.iam_s3_role_principal}"
    }
  }
}

resource "aws_iam_role" "s3_role" {
  name               = "${var.service}_${var.project}_role"
  assume_role_policy = "${data.aws_iam_policy_document.s3_role_assume.json}"
}

This approach avoids the need for any explicit conversion of the list to string, since the identifiers argument in the principals block expects a list and does the conversion to JSON internally.

@apparentlymart
Copy link
Contributor

Hi again @ssala7!

Since I didn't hear back from you I'm going to hope that my previous response gave you what you needed here, and close this out.

@ghost
Copy link

ghost commented Apr 4, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
config enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@apparentlymart @ssala7