for_each 通过 Terraform 0.12 中的对象

for_each through a object in Terraform 0.12

我想通过以下方式调用 terraform 模块:

module "database_role" {
 source = "modules/roles"

 project_id = "testid"
 role_name = "testrole"

 actions = {
   database_name: "test_db"


resource "mongodbatlas_custom_db_role" "custom_role" {
  project_id = var.project_id
  role_name  = var.role_name

  dynamic "actions" {
    for_each = [for item in [var.actions] : item]
      content {
        actions {
          action = lookup(actions.value, "action")

          resources {
            cluster = "false"
            database_name = lookup(actions.value, "database_name")


 actions {
   action = "ENABLE_PROFILER"
   resources {
     cluster         = "false"
     database_name   = "test_db"

 actions {
   action = "DROP_DATABASE"
   resources {
     cluster         = "false"
     database_name   = "test_db"

我收到错误消息:给定值不适合子模块变量“actions”。 我在模块动态资源中做错了什么?谢谢


我在 actions 本地 var::

locals {
  actions = {
    database_name = "test_db"

现在,我将根据 local.actions["action"] 的大小展平以获得所需的结果。有一次,我得到了扁平化的列表,我将遍历列表以创建动态块。

resource "mongodbatlas_custom_db_role" "custom_role" {
  project_id = "xxx-xxx"
  role_name  = "yyy-yyy"

  dynamic "actions" {
    for_each = flatten([
      for item in range(length(local.actions["action"])): {
        act = local.actions["action"][item]
        db_name = local.actions.database_name
     content {
       action = actions.value.act
       resources {
         cluster = "false"
         database_name = actions.value.db_name


Harshas-MBP:mongo harshavmb$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # mongodbatlas_custom_db_role.custom_role will be created
  + resource "mongodbatlas_custom_db_role" "custom_role" {
      + id         = (known after apply)
      + project_id = "xxx-xxx"
      + role_name  = "yyy-yyy"

      + actions {
          + action = "ENABLE_PROFILER"

          + resources {
              + cluster       = false
              + database_name = "test_db"
      + actions {
          + action = "DROP_DATABASE"

          + resources {
              + cluster       = false
              + database_name = "test_db"

Plan: 1 to add, 0 to change, 0 to destroy.


Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
