Can't use PIM Assignment - Resource Group with for_each

[MohnJadden]

I am trying to use the PIM Assignment - Resource Group module with for_each and lookups in TF. The use case is so that we can set a security group as a variable, then have that security group be granted RBAC roles, and in this case, the PIM assignment as well.

The main.tf portion is as follows:

module "pim_assignment_2" {

  source               = "./PIM Assignment - Resource Group"
  for_each             = var.team_name
  resource_group_name  = azurerm_resource_group.test-vdi-rg.name
  principal_id         = lookup(var.SecurityGroup, each.key)
  role_definition_name = "Virtual Machine Administrator Login"
}

When I run terraform plan, I get the following error:

│ Error: Module module.pim_assignment_2 contains provider configuration
│
│ Providers cannot be configured within modules using count, for_each or depends_on.

How should we utilize the module to create one PIM assignment in a for_each situation?

[mariussm]

Hi @MohnJadden , could you try out the branch linked to this issue, to see if removing the provider configuration helps for this? I know there is a limitation here somewhere in Terraform when using for_each and count, though, but try it out.

[MohnJadden]

That seems to have resolved the issue - I did have to tweak main.tf to use [each.key] instead of .name since I'm using arrays, but the original issue was resolved with this build. Thank you!