for_each returning "There is no variable named "var"."

[haffimt]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.8

AzureRM Provider Version

4.9.0

Affected Resource(s)/Data Source(s)

azurerm_eventhub_namespace

Terraform Configuration Files

variable "ip_rules" {
  description = "List of public IPs"
  type        = set(string)
  default     = ["1.1.1.0/30", "1.1.1.100/30"]
}

resource "azurerm_resource_group" "rg" {
  name     = "rg-test"
  location = "northeurope"
}

resource "azurerm_eventhub_namespace" "namespace" {
  name                = "testEventHubNamespace"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  sku                 = "Standard"

  network_rulesets {
    default_action = "Deny"
    trusted_service_access_enabled = true
    dynamic "ip_rule" {
      for_each = var.ip_rules
      content {
        ip_mask = ip_rule.value
        action  = Allow
      }
    }
  }
}

Debug Output/Panic Output

│ Error: Unknown variable
│
│   on main.tf line 22, in resource "azurerm_eventhub_namespace" "namespace":
│   21:       for_each = var.ip_rules
│
│ There is no variable named "var".

Expected Behaviour

for_each should have iterated through the set
I have tried differend

Actual Behaviour

Returns the error " There is no variable named "var"."

Steps to Reproduce

Terraform init
Tearraform apply

Important Factoids

No response

References

No response

[lonegunmanb]

@haffimt Thanks for opening this issue to us, to be honest, I'm quite surprise to confirm that I can actually reproduce this issue on my side, fascinating.

After playing around with the nested block for a while I just realized that this issue must be caused by the resource schema:

terraform-provider-azurerm/internal/services/eventhub/eventhub_namespace_resource.go

Lines 113 to 119 in 5bce84c

	"network_rulesets": {
	Type: pluginsdk.TypeList,
	Optional: true,
	MaxItems: 1,
	Computed: true,
	ConfigMode: pluginsdk.SchemaConfigModeAttr,
	Elem: &pluginsdk.Resource{

Please beware of line 118:

ConfigMode: pluginsdk.SchemaConfigModeAttr,

And we can see the same config for ip_rule:

terraform-provider-azurerm/internal/services/eventhub/eventhub_namespace_resource.go

Lines 170 to 175 in 5bce84c

	"ip_rule": {
	Type: pluginsdk.TypeList,
	Optional: true,
	MaxItems: 128,
	ConfigMode: pluginsdk.SchemaConfigModeAttr,
	Elem: &pluginsdk.Resource{

SchemaConfigModeAttr implies these "blocks" are actually treated as attributes, that's why you cannot use classic dynamic with var or local key words in your for_each here. I've tried the following config and it worked:

network_rulesets {
    default_action = "Deny"
    trusted_service_access_enabled = true
    ip_rule = [for r in var.ip_rules : {
      ip_mask = r
      action = "Allow"
    }]
  }

I believe there must be a sound justification to mark them SchemaConfigModeAttr here, so I don't think it's possible to change the schema, but we can solve your issue by treating this "block" as an attribute with object type.