From 6391c448d774ca3eeb686aa49a48c8154b96db3b Mon Sep 17 00:00:00 2001
From: Paul Blum <32366838+paulblum00@users.noreply.github.com>
Date: Tue, 14 Jan 2025 09:22:34 +0100
Subject: [PATCH] Add nonsensitive around for_each argument

---
 role_assignments.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/role_assignments.tf b/role_assignments.tf
index 05825f98..14dde78a 100644
--- a/role_assignments.tf
+++ b/role_assignments.tf
@@ -22,7 +22,7 @@ data "azurerm_user_assigned_identity" "cluster_identity" {
 # https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni#prerequisites
 # https://github.com/Azure/terraform-azurerm-aks/issues/178
 resource "azurerm_role_assignment" "network_contributor" {
-  for_each = var.create_role_assignment_network_contributor && (var.client_id == "" || var.client_secret == "") ? local.subnet_ids : []
+  for_each = nonsensitive(var.create_role_assignment_network_contributor && (var.client_id == "" || var.client_secret == "") ? local.subnet_ids : [])
 
   principal_id         = coalesce(try(data.azurerm_user_assigned_identity.cluster_identity[0].principal_id, azurerm_kubernetes_cluster.main.identity[0].principal_id), var.client_id)
   scope                = each.value