Getting error while using Terraform for_each for App Registration

Question

I am trying to do app registration and have few app roles that i would like to assign. My code is given below

resource "random_uuid" "prod" {}

resource "azuread_application" "app_prod" {
  display_name    = format("app-%s-%s", var.project.name, var.project.environment.name)
  owners          = [data.azuread_client_config.default.object_id]
  identifier_uris = [format("https://contoso.onmicrosoft.com/%s-%s", var.project.name, var.project.environment.name)]
  api {
    oauth2_permission_scope {
      for_each                   = toset(local.oauth2_permissions)
      admin_consent_description  = each.value.admin_consent_description
      admin_consent_display_name = each.value.admin_consent_display_name
      enabled                    = true
      id                         = random_uuid.prod.result
      type                       = each.value.type
      value                      = each.key
    }
  }

  app_role {
    for_each             = toset(local.app_roles)
    allowed_member_types = each.value.allowed_member_types
    description          = each.value.description
    display_name         = each.value.display_name
    enabled              = true
    id                   = random_uuid.prod.result
    value                = each.key
  }

  web {
    logout_url    = format("https://app-%s-%s", var.project.name, var.project.environment.name)
    redirect_uris = []

    implicit_grant {
      access_token_issuance_enabled = true
      id_token_issuance_enabled     = true
    }
  }

  required_resource_access {
    resource_app_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph

    resource_access {
      id   = data.azuread_service_principal.msgraph.app_role_ids["User.Read.All"]
      type = "Role"
    }
  }
}


locals {
  app_roles = {
    application-administrator = {
      display_name         = "Application administrator"
      description          = "Application administrators have the ability to administer the application."
      allowed_member_types = ["User", "Application"]
    }
    BusinessAdmin = {
      display_name         = "BusinessAdmin"
      description          = "Business Administrator"
      allowed_member_types = ["User"]
    }
    mulesoft-integration = {
      display_name         = "Mulesoft Integration"
      description          = "Allows MuleSoft Integration to talk to the APIs."
      allowed_member_types = ["Application"]
    }
  }
  oauth2_permissions = {
    read-and-write = {
      user_consent_description   = "read-and-write"
      admin_consent_display_name = "Read and write data"
      admin_consent_description  = "Allows the app to read and write data"
      user_consent_display_name  = "Allows the app to read and write data"
      type                       = "User"
    }
  }
}

data "azuread_application_published_app_ids" "well_known" {}

data "azuread_service_principal" "msgraph" {
  application_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
}

The error that i get while doing terraform apply is :

Error: each.value cannot be used in this context
│ 
│   on resources.appreg.tf line 24, in resource "azuread_application" "app_prodstats":
│   24:     description          = each.value.description
│ 
│ A reference to "each.value" has been used in a context in which it
│ unavailable, such as when the configuration no longer contains the value in
│ its "for_each" expression. Remove this reference to each.value in your
│ configuration to work around this error.
╵
╷
│ Error: each.value cannot be used in this context
│ 
│   on resources.appreg.tf line 25, in resource "azuread_application" "app_prodstats":
│   25:     display_name         = each.value.display_name
│ 
│ A reference to "each.value" has been used in a context in which it
│ unavailable, such as when the configuration no longer contains the value in
│ its "for_each" expression. Remove this reference to each.value in your
│ configuration to work around this error.
╵
╷
│ Error: Reference to "each" in context without for_each
│ 
│   on resources.appreg.tf line 28, in resource "azuread_application" "app_prodstats":
│   28:     value                = each.key
│ 
│ The "each" object can be used only in "module" or "resource" blocks, and
│ only when the "for_each" argument is set.
╵

Answer 1

You need content block if you are using dynamic blocks:

  dynamic "app_role" {
    for_each              = toset(local.app_roles)
    content {
     allowed_member_types = app_role.value.allowed_member_types
     description          = app_role.value.description
     display_name         = app_role.value.display_name
     enabled              = true
     id                   = random_uuid.prod.result
     value                = app_role.key
    }
  }

You have to make similar changes as above to other parts of your code where you get that error.