cloudposse/terraform-aws-ssm-parameter-store

bug: module inside module get Invalid for_each argument

Opened this issue · 0 comments

babebort commented

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

When I am execute module inside module I get
│ Error: Invalid for_each argument │ │ on .terraform/modules/argocd.argocd_parameter_store/main.tf line 30, in resource "aws_ssm_parameter" "ignore_value_changes": │ 30: for_each = local.parameter_write_ignore_values │ ├──────────────── │ │ local.parameter_write_ignore_values will be known only after apply │ │ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this │ resource. │ │ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values. │ │ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge. ╵

So, bellow all my configuration

`module "this" {
count = local.enabled ? 1 : 0
source = "cloudposse/label/null"
version = "0.25.0" # requires Terraform >= 0.13.0

enabled = var.enabled
namespace = var.namespace
tenant = var.tenant
environment = var.environment
stage = var.stage
name = var.name
delimiter = var.delimiter
attributes = var.attributes
tags = var.tags
additional_tag_map = var.additional_tag_map
label_order = var.label_order
regex_replace_chars = var.regex_replace_chars
id_length_limit = var.id_length_limit
label_key_case = var.label_key_case
label_value_case = var.label_value_case
descriptor_formats = var.descriptor_formats
labels_as_tags = var.labels_as_tags

context = var.context
}

module "argocd_additional_label" {
count = local.enabled ? 1 : 0
source = "cloudposse/label/null"
version = "0.25.0"

tenant = var.tenant
context = one(module.this[*].context)
}

module "parameter_store_label" {
count = local.enabled ? 1 : 0
source = "cloudposse/label/null"
version = "0.25.0"

#name = module.this.name
label_order = ["namespace", "environment", "stage", "tenant", "name", "attributes"]
attributes = ["argocd-password"]
context = one(module.argocd_additional_label[*].context)
}

module "argocd_parameter_store" {
count = local.enabled ? 1 : 0

source = "cloudposse/ssm-parameter-store/aws"
version = "0.10.0"

parameter_write = [
{
name = "/${local.eks_cluster_id}/argocd/password"
type = "SecureString"
value = one(random_password.argocd_password[].result)
description = "A password for accessing ArgoCD installation in ${local.eks_cluster_id} EKS cluster"
},
{
name = "/${local.eks_cluster_id}/argocd/password/encrypted"
type = "SecureString"
value = bcrypt(one(random_password.argocd_password[].result), 10)
description = "An encrypted password for accessing ArgoCD installation in ${local.eks_cluster_id} EKS cluster"
},
]

ignore_value_changes = true
kms_arn = one(module.argocd_kms_key[*].alias_arn)

#enabled = true
#name = null
context = one(module.parameter_store_label[*].context)
depends_on = [random_password.argocd_password]
}
`