Terraform 0.12 - Produce map/object from nested for loop

Question

As a follow up to Terraform 0.12 nested for loops. I am trying to produce an object out of a nested loop but failing miserably :(

How would you go about producing:

  Outputs:

  association-list = {
    "policy1" = "user1"
    "policy2" = "user1"
    "policy2" = "user2"
  }

From:

iam-policy-users-map = {
  "policy1" = [ "user1" ]
  "policy2" = [ "user1", "user2" ]
}

I have tried many variations of:

variable iam-policy-users-map {
  default = {
    "policy1" = [ "user1" ]
    "policy2" = [ "user1", "user2" ]
  }
}

locals {
  association-map = merge({
    for policy, users in var.iam-policy-users-map : {
      for user in users : {
        policy => user
      }
    }
  })

output association-map {
  value = local.association-map
}

with zero success so far. Only managed to get the following depending on the variation:

Error: Invalid 'for' expression. Extra characters after the end of the 'for' expression.

Error: Missing attribute value. Expected an attribute value, introduced by an equals sign ("=").

Error: Invalid 'for' expression. Key expression is required when building an object.

Error: Missing key/value separator. Expected an equals sign ("=") to mark the beginning of the attribute value.

For reference, the following code is however capable of producing a list of maps:

variable iam-policy-users-map {
  default = {
    "policy1" = [ "user1" ]
    "policy2" = [ "user1", "user2" ]
  }
}

locals {    
  association-list = flatten([
    for policy, users in var.iam-policy-users-map : [
      for user in users : {
        user   = user
        policy = policy
      }
    ]
  ])
}

output association-list {
  value = local.association-list
}

Outputs:

association-list = [ { "policy" = "policy1" "user" = "user1" }, { "policy" = "policy2" "user" = "user1" }, { "policy" = "policy2" "user" = "user2" }, ]

Answer 1

A partial answer can be found at https://github.com/hashicorp/terraform/issues/22263. Long story short: this was a foolish attempt to begin with, a map cannot contain duplicate keys.

I am however still interested in understanding how a map of maps could be produced from a nested for loop. See second code example above, producing a list of maps.

EDIT: a full answer was given on the github issue linked above.

"This is (obviously) a useless structure, but I wanted to illustrate that it is possible:

locals {
  association-list = {
    for policy, users in var.iam-policy-users-map:
      policy => {      // can't have the nested for expression before the key!
        for u in users:
           policy => u...
      }
  }
}

Outputs:

association-list = {
  "policy1" = {
    "policy1" = [
      "user1",
    ]
  }
  "policy2" = {
    "policy2" = [
      "user1",
      "user2",
    ]
  }
}

"