-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Function call argument expansion fails when argument has unknown type #22576
Comments
Hi @unixninja92! Sorry for this strange behavior, and thanks for reporting it. It looks like this is a bug in the underlying language engine: it's not correctly handling the situation where the type of the The intended behavior for all situations is that an unknown type always passes type checking, so that its validation can be deferred to a later step when more information is available. So the fix here will be to add an additional case to the language engine to deal with the unknown type situation and have the function call as a whole indicate that its result is unknown, allowing validation to complete successfully in this case. |
Bug is reproduced with such config: variable "z" {
type = "list"
default = [1, 2]
}
locals {
z = [1, 2]
a1 = max(local.z...)
a2 = max(var.z...)
b1 = max([for x in local.z : x]...)
b2 = max([for x in var.z : x]...) # it causes error
} Seems impossible to expand result of "for" expression, if list passed as variable. |
Temporary solution@unixninja92 I faced the same issue (also for an IAM role/policy module) for However, I managed to build a work-around that still makes it possible to do it. Input var
roles = [
{
name = "ROLE-DEVELOPER" # required: name of the role
path = "/" # defaults to 'path' variable if not set
desc = "TERRAFORM MANAGED" # defaults to 'description' variable if not set
trust_policy_file = "policies/trust.json" # required: defines trust/assume policy
inline_policies = []
policies = []
policy_arns = []
},
{
name = "ROLE-ADMIN" # required: name of the role
path = "/" # defaults to 'path' variable if not set
desc = "TERRAFORM MANAGED" # defaults to 'description' variable if not set
trust_policy_file = "policies/trust.json" # required: defines trust/assume policy
inline_policies = [
{
name = "tmp-policy-1"
file = "policies/policy-1.json"
}
]
policies = [
{
name = "tmp-policy-3"
file = "policies/policy-3.json"
},
{
name = "tmp-policy-4"
path = "/"
desc = "tmp-desc-2"
file = "policies/policy-4.json"
},
{
name = "tmp-policy-7"
path = "/"
desc = "tmp-desc-2"
file = "policies/policy-7.json"
},
]
policy_arns = [
"arn:aws:iam::aws:policy/PowerUserAccess",
"arn:aws:iam::aws:policy/job-function/Billing",
]
},
] Desired loop-able
|
Hello! 🤖 This issue seems to be covering the same problem or request as #22404, so we're going to close it just to consolidate the discussion over there. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Terraform Version
Terraform Configuration Files
vars.tf
main.tf
Crash Output
Expected Behavior
The list of lists of resources should have been combined into one list with the elements expanded as arguments for the function
concat
.Actual Behavior
...
fails to separate the elements of a list (this happens with sets as well) into separate function arguments when there is a nested...
. This also occurs when referencinglocal.polices
instead or recreating it in theiam_resources
definitionSteps to Reproduce
terraform init
terraform plan
Additional Context
I'm trying to create a dynamic number of iam polices using
for_each
for a dynamic set of resources (withfor
) and attach them to a dynamic set of groups (withfor_each
) to get around aws iam group attach limits and create other aws resources based on the dynamic set of resources usingfor_each
. I neediam_resources
to be a set of strings, but because of this issue I was trying to test with a list of strings first.The text was updated successfully, but these errors were encountered: