-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TF 0.12: conditional expressions does not seem to work with complex types #21465
Comments
Thanks for reporting this, @burakovsky! It does indeed seem like something odd is going on here. I'm not sure exactly what yet, but will dig in and debug it further soon. In the meantime, I'd generally prefer to use resources = lookup(s, "resources", null)
I'm sure this was just an illustrative example to show the problem, but I'd also tend to warn against making a module that exposes the interface of a particular existing resource so closely. If the caller of the module needs such specific control over the resource, I think it's better to let the caller instantiate the resource itself and then pass the necessary parts into the module, so that the interfaces between the different sub-components can be simpler and we don't need such a big wall of conditional expressions covering the entire configuration surface of a resource. The Terraform 0.12 features intend to make it possible to do things like this for the inevitable situation where it's necessary, but I think this sort of thing is best considered a last resort, instead preferring to use modules to create higher-level abstractions over complex concepts, such as a module that creates a particular kind of IAM policy tailored for a specific use-case, where the input variables are therefore tailored to that particular problem. |
Thanks a lot, @apparentlymart! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Terraform Version
Terraform Configuration Files
The failure happens in a relatively complicated code. I tried to write general-purpose module for IAM role policy using
aws_iam_policy_document
data source and dynamic block for statement configuration. The main idea to have possibility not to provide some optional arguments if it not necessary. Statements haveprincipals
,not_principals
andcondition
nested configuration blocks which can be used multiple times, that makes it even more complicated. Here is code example:Because some arguments can be not provided, I used
for_each = [for s in var.policy : {...}
to check if it provided or not.Expected Behavior
terraform apply works regardless of whether I specified some optional arguments or not.
Actual Behavior
Here is a few workarounds:
It works well if I provided actions argument, but if not I got the same error. However, It works fine in such case:
For my case the workaround is to use additional variable with empty list as default value:
2.
principals
,not_principals
has only 2 parameters (type and identifiers) and I created a map like { type = identifiers } and use empty map as false result of condition expression:condition
block has 3 arguments and I can't use workaround with map as for principal. As workaround currently I provided empty list for every policy if I don't need to configure it (can see it above in variable default value).Steps to Reproduce
terraform init
terraform apply
References
Probably related to #21455, #19180
The text was updated successfully, but these errors were encountered: