Terraform 0.12 handling of map assignment
Closed this issue · 1 comments
Versions:
Terraform: 0.12.19
provider.aws: version = "2.46"
provider.onepassword: version = "0.5"
provider.random: version = "2.2"
Issue:
First off - thanks for this provider, it's been immensely useful.
I'm working on a tf 0.12 project and ran across an issue when trying to template a onepassword_item_common
type resource.
I'm creating one or many aws_db_instance
resources, supplying them a password using random_password
from the random provider and the for_each
iterator and then attempting to automate adding this password, along with some instance attributes to a new item in 1password.
Note, this works fine if I do not use the section block.. so the looping etc does exactly as expected and will create one or many onepass items containing the correct information. I'm using the onepassword_item_common resource so I can include a specific set of fields (the thinking is to use these items as a data source in a subsequent terraform module, so I want a custom 1pass item).
If it would be helpful to see a full example let me know, I didn't want to do that since I'm not 100% certain this isn't a known problem/I'm misusing the section block.
Usage:
Example vars:
variable rds_instances {
"dev" {
instance_name = "exampledevdb"
op_vault_name = "dev-vault"
storage_gb = "10"
instance_class = "db.t3.micro"
db_user = "devadmin"
multi_az = false
rds_ingress_rules = []
rds_egress_rules = []
}
"uat" {
instance_name = "exampletestdb"
op_vault_name = "uat-vault"
storage_gb = "10"
instance_class = "db.t3.micro"
db_user = "uatadmin"
multi_az = false
rds_ingress_rules = []
rds_egress_rules = []
}
resource "onepassword_item_common" "save_to_onepassword" {
for_each = var.rds_instances
name = "RDS: ${each.value.instance_name}"
vault = each.value.op_vault_name
notes = "Managed by Terraform. Do not update this entry manually."
template = "Config"
section = {
field = {
name = "Username"
string = each.value.db_user
}
field = {
name = "Password"
concealed = random_password.db_pass[each.key].result
}
field = {
name = "Address"
string = aws_db_instance.rds_instance[each.key].address
}
field = {
name = "Port"
string = aws_db_instance.rds_instance[each.key].port
}
field = {
name = "Endpoint"
string = aws_db_instance.rds_instance[each.key].endpoint
}
}
}
Expected:
A new item is created in specified 1pass vault.
Actual:
Error: Unsupported argument
on ../../../tf-module-rds/main.tf line 89, in resource "onepassword_item_login" "save_to_onepassword":
89: section = {
An argument named "section" is not expected here. Did you mean to define a
block of type "section"?
Explanation:
TF docs suggest: If you see an error like the following from your tests after upgrading, adding the missing equals sign is usually the answer.
Source: https://www.terraform.io/docs/extend/terraform-0.12-compatibility.html
This also errors as tf is attempting to set field for each element in the section block.
Error: Attribute redefined
on ../../../tf-module-rds/main.tf line 95, in resource "onepassword_item_login" "save_to_onepassword":
95: field = {
The argument "field" was already set at
../../../tf-module-rds/main.tf:90,5-10. Each argument may be set only once.
Debug:
2020/02/25 16:30:22 [ERROR] module.rds: eval: *terraform.EvalValidateResource, err: Unsupported argument: An argument named "section" is not expected here. Did you mean to define a block of type "section"?
2020/02/25 16:30:22 [ERROR] module.rds: eval: *terraform.EvalSequence, err: Unsupported argument: An argument named "section" is not expected here. Did you mean to define a block of type "section"?
This was user error! Remove all assignment operators and it works just fine.
Leaving this here in case it helps anyone else out:
section { field { name = "Username" string = each.value.db_user } field { name = "Password" concealed = random_password.db_pass[each.key].result } field { name = "Address" string = aws_db_instance.rds_instance[each.key].address } field { name = "Port" string = aws_db_instance.rds_instance[each.key].port } field { name = "Endpoint" string = aws_db_instance.rds_instance[each.key].endpoint } }}