我尝试使用for_each以一种条件的方式遍历列表的对合。
如果环境为dev =〉，则循环遍历listA并将角色分配给listA中的所有管理组
如果环境是生产环境=〉遍历列表B并将角色分配给列表B中的所有管理组
条件角色分配给列表中的管理组：

variable "environment" {
   default = "dev"
}

locals {
    management_groups = [
        "/providers/Microsoft.Management/managementGroups/one",
        "/providers/Microsoft.Management/managementGroups/two"
    ]

    management_groups_aux = [
        "/providers/Microsoft.Management/managementGroups/three",
        "/providers/Microsoft.Management/managementGroups/four"
    ]
}

resource "azurerm_resource_group" "this" {
  name     = "myrg"
  location = "West Europe"
}

resource "azurerm_user_assigned_identity" "this" {
    name = "myuai"
    resource_group_name = azurerm_resource_group.this.name
    location  = azurerm_resource_group.this.location
}

resource "azurerm_role_assignment" "dev" {
  for_each             = lower(var.environment) == "dev" ? toset(local.management_groups) : {}
  scope                = each.value
  role_definition_name = "Reader"
  principal_id         = resource.azurerm_user_assigned_identity.this.principal_id
}

resource "azurerm_role_assignment" "production" {
  for_each             = lower(var.environment) == "production" ? toset(local.management_groups_aux) : {}
  scope                = each.value
  role_definition_name = "Reader"
  principal_id         = resource.azurerm_user_assigned_identity.this.principal_id
}

这是抛出一个错误如下：

Error: Inconsistent conditional result types

on main.tf line 327, in resource "azurerm_role_assignment" "production":
327:   for_each             = lower(var.environment) == "production" ? toset(local.management_groups_aux) : {}
>! >! │     ├────────────────
local.management_groups_aux is tuple with 2 elements
var.environment will be known only after apply

The true and false result expressions must have consistent types. The given expressions are set of string and object, respectively.