Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extract nested json value via variable #129

Open
derekleegh opened this issue Jan 17, 2025 · 3 comments
Open

Extract nested json value via variable #129

derekleegh opened this issue Jan 17, 2025 · 3 comments

Comments

@derekleegh
Copy link

derekleegh commented Jan 17, 2025
edited
Loading

Hi,

I have a unique use case here if I can get your advice on what is the best approach.

Based on your example on README.md, I would like to extract the db and get the value as a json.

value = {"password": "bar"}

It works with your jsondecode(data.sops_file.demo-secret.raw).db

How can i pass the .db as an variable?

What i want to achieve is something like this: jsondecode(data.sops_file.demo-secret.raw)[var.key] where var.key is '.db'

The idea is that the key we want to extract can be a variable without hardcoding the .db

Hope you can help me with this use case.

Thanks
@carlpett
Copy link
Owner

carlpett commented Feb 4, 2025

Hi @derekleegh,
That was indeed quite a new case. I'm actually not certain if it is possible to do this? This would be limited by HCL rather than the provider. So you might need to look at a workaround if we cannot figure out how to redefine the problem, so to speak. Do you have very large files, or need to loop over them, or how did the use-case come about?

@derekleegh
Copy link
Author

@carlpett thanks for coming back to me.

This use case comes from our org where we want to store a json block in parameter store rather than just single value. So as an example, we have the following secrets.json

{
	"Backend": {
		"Server": {
			"Port": 8080
		},
		"Database": {
			"WriteCredentials": {
				"Endpoint": "xxx",
				"Username": "readwrite-user",
				"Password": "xx",
				"Port": 5432,
				"Database": "db"
			}
		}
	}
}

We want to extract the Database section and store it as a single parameter store value.

Workaround for now is we can achieve this by doing jsondecode(data.sops_file.demo-secret.raw).Backend.Database by using the raw data.

However, in terraform we would like the Backend.Database value to be a variable so we can be like jsondecode(data.sops_file.demo-secret.raw).${var.secret_position} where var.secret_position="Backend.Database" something like that.

This will gives us flexibility of extracting the secrets using for_loop.

Alternatively via the map values where data.sops_file.demo-secret.data["${var.secret_position}"] like this.

@nobbs
Copy link

nobbs commented Feb 12, 2025
edited
Loading

Hey @derekleegh.

Have you tried the lookup function?

Something like

lookup(jsondecode(data.sops_file.demo-secret.raw), var.secret_position, {})

should work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nobbs @carlpett @derekleegh