ここで示されているように、set や map でdynamic として認識されているときに、型を明示するために一度 for を回しています。
この方法をつかうのは、次のようなエラーの場合です。
Error: The given "for_each" argument value is unsuitable: "for_each" supports maps and sets of strings, but you have provided a set containing type dynamic.
示されている方法は今回のケースでもうまくいきます。
resource "aws_iam_group_policy_attachment" "Administrators" {
for_each ={for k in [
data.aws_iam_policy.AdministratorAccess.arn,
]: k => k
}
group = aws_iam_group.Administrators.name
policy_arn = each.value
}
resource "aws_iam_group_policy_attachment" "Administrators" {
for_each ={for k in [
data.aws_iam_policy.AdministratorAccess.arn,
data.aws_iam_policy.ReadonlyAccess.arn,
]: k => k
}
group = aws_iam_group.Administrators.name
policy_arn = each.value
}
Error: Unsupported attribute
on modules/iam/group.tf line 27, in resource "aws_iam_group_policy_attachment" "Administrators":
27: policy_arn = each.value.arn
|----------------
| each.value is "AdministratorAccess"
This value does not have any attributes.
Error: Unsupported attribute
on modules/iam/group.tf line 27, in resource "aws_iam_group_policy_attachment" "Administrators":
27: policy_arn = each.value.arn
|----------------
| each.value is "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n }\n ]\n}"
This value does not have any attributes.
Error: Unsupported attribute
on modules/iam/group.tf line 27, in resource "aws_iam_group_policy_attachment" "Administrators":
27: policy_arn = each.value.arn
|----------------
| each.value is "/"
This value does not have any attributes.
Error: Unsupported attribute
on modules/iam/group.tf line 27, in resource "aws_iam_group_policy_attachment" "Administrators":
27: policy_arn = each.value.arn
|----------------
| each.value is "arn:aws:iam::aws:policy/AdministratorAccess"
This value does not have any attributes.
Error: Unsupported attribute
on modules/iam/group.tf line 27, in resource "aws_iam_group_policy_attachment" "Administrators":
27: policy_arn = each.value.arn
|----------------
| each.value is "Provides full access to AWS services and resources."
This value does not have any attributes.
Error: Unsupported attribute
on modules/iam/group.tf line 27, in resource "aws_iam_group_policy_attachment" "Administrators":
27: policy_arn = each.value.arn
|----------------
| each.value is "arn:aws:iam::aws:policy/AdministratorAccess"
This value does not have any attributes.
Error: Invalid function argument
on modules/iam/group.tf line 25, in resource "aws_iam_group_policy_attachment" "Administrators":
25: for_each = toset(data.aws_iam_policy.AdministratorAccess.arn)
|----------------
| data.aws_iam_policy.AdministratorAccess.arn is "arn:aws:iam::aws:policy/AdministratorAccess"
Invalid value for "v" parameter: cannot convert string to set of any single
type.
Error: Invalid for_each set argument
on modules/iam/group.tf line 10, in resource "aws_iam_group_policy_attachment" "Administrators":
10: for_each = toset([data.aws_iam_policy.AdministratorAccess.arn])
The given "for_each" argument value is unsuitable: "for_each" supports maps
and sets of strings, but you have provided a set containing type dynamic.
たとえば Kubernetes で external-dns を使っているとき、実行するものがないときは All records are already up to date というメッセージ出力されるのですが、Datadog Log Management では Status が Error となっています。
level=info msg="All records are already up to date"
on: # Trigger the workflow on push or pull request, # but only for the master branchpush:branches:- master
pull_request:branches:- master
# Also trigger on page_build, as well as release created eventspage_build:release:types: # This configuration does not affect the page_build event above- created
定期実行は、schedule イベントで実行できる。
on:schedule: # * is a special character in YAML so you have to quote this string- cron:'*/15 * * * *'
job じゃなくて step を 条件で実行制御したい場合は、jobs.<job_id>.steps.if があるので、step に対して if を付ければok
jobs:
my_first_job:
runs-on: ubuntu-latest
steps:
- name: My first step
if: github.event_name == 'pull_request' && github.event.action == 'unassigned'
run: echo This event is a pull request that had an assignee removed.
jobs:my_first_job:runs-on: ubuntu-latest
steps: # use GitHub Actions- uses: actions/setup-node@v1
# use a specific version tag of a public repository- name: use AWS Repo
uses: actions/aws@v2.0.1
# use a action in workflow repository- uses: ./.github/actions/my-action
# use a docker in public registory- uses: docker://gcr.io/cloud-builders/gradle
Windows の run、あるいはpowershell や pwsh などを指定して PowerShell がシェルの場合、自動的に頭に $ErrorActionPreference = 'stop' が追加されて Fail fast になるのと、末尾に if ((Test-Path -LiteralPath variable:\LASTEXITCODE)) { exit $LASTEXITCODE } を追加して実行結果でrunステップが失敗するように処理が差し込まれているので注意。
jobs.<job_id>.steps.with
いわゆるパラメーター。
Actions とかでパラメーター渡すときは with の中に map (KeyValue) を書くことになる。
この with で指定したキーは、INPUT_ prefix つきで大文字に変換されて Actions 内部から参照できる。
first_name というキーで指定したなら INPUT_FIRST_NAME で値に参照できる。
jobs:my_first_job:runs-on: ubuntu-latest
steps:- name: My first step
uses: actions/hello_world@master
with:first_name: Mona
middle_name: The
last_name: Octocat
環境変数
step のrun実行時に渡したいなら、env: で指定する。
jobs:my_first_job:runs-on: ubuntu-latest
steps:- name: Hello world
run: echo Hello world $FIRST_NAME $middle_name $Last_Name!
env:FIRST_NAME: Mona
middle_name: The
Last_Name: Octocat
steps:- name: Hello world action
with: # Set the secret as an inputsuper_secret: ${{ secrets.SuperSecret }}
env: # Or as an environment variablesuper_secret: ${{ secrets.SuperSecret }}