Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Secrets when project_id is known after apply #95

Merged
merged 1 commit into from
Jun 30, 2022
Merged

fix: Secrets when project_id is known after apply #95

merged 1 commit into from
Jun 30, 2022

Conversation

deas
Copy link
Contributor

@deas deas commented Jun 28, 2022
edited
Loading

Current code fails for me when the project hosting the function is created in the same execution:

│ Error: Invalid for_each argument
│ 
│   on .terraform/modules/instance_actions.main/main.tf line 93, in data "google_project" "nums":
│   93:   for_each   = toset(concat(compact([for item in var.secret_environment_variables : lookup(item, "project_id", "")]), [var.project_id]))

The attached patch fixes this for me.

Please see hashicorp/terraform#28925 for a more detailed description of the general problem.

bharathkkb
bharathkkb reviewed Jun 29, 2022
View reviewed changes
Copy link
Member

@bharathkkb bharathkkb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @deas

main.tf Outdated
project_id = each.value
}

data "google_project" "main" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we only create this if any secrets exist?

count = length(var.secret_environment_variables) > 0 ? 1 : 0

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think not, because doing just that would break:

try(data.google_project.nums[secret_environment_variables.value["project_id"]].number, data.google_project.default.number)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure I follow can't we just do

try(data.google_project.nums[secret_environment_variables.value["project_id"]].number, data.google_project.default[0].number)

IIUC we use this just for secrets and length of secret_environment_variables should be known at apply time even if values are not?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, missed that. Updated the PR.

main.tf Outdated Show resolved Hide resolved
@deas deas force-pushed the secrets-this-project-id branch 2 times, most recently from 6f374ba to 283daf4 Compare June 30, 2022 05:28
@deas deas force-pushed the secrets-this-project-id branch from 9fb64c5 to df5a79e Compare June 30, 2022 06:30
@comment-bot-dev
Copy link

@deas
Thanks for the PR! 🚀
✅ Lint checks have passed.

@bharathkkb bharathkkb merged commit c8dda71 into terraform-google-modules:master Jun 30, 2022
@release-please release-please bot mentioned this pull request Jun 30, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bharathkkb bharathkkb bharathkkb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@deas @comment-bot-dev @bharathkkb