iteration over dynamically sized collection error

[ideasculptor]

Every attempt to run terraform destroy against this module seems to result in the following error

Error: Invalid for_each argument

  on .terraform/modules/bastion/terraform-google-modules-terraform-google-bastion-host-7d2e49c/main.tf line 88, in resource "google_project_iam_member" "bastion_sa_bindings":
  88:   for_each = toset(compact(concat(
  89:     var.service_account_roles,
  90:     var.service_account_roles_supplemental,
  91:     ["projects/${var.project}/roles/${google_project_iam_custom_role.compute_os_login_viewer.role_id}"]
  92:   )))

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

Subsequent runs of terraform destroy show that it wants to make 0 changes, but if I respond 'yes' to the apply prompt, it will generate the same error. Note, even the first destroy, when there are resources to be destroyed, does eventually end with the quoted error. Subsequent applies to work correctly, so it seems to be a harmless artifact of trying to iterate over a non-existent collection.

[ideasculptor]

It turns out that the error isn't harmless at all. It appears to impact terraform apply as well, even when applying for the very first time. It is iterating over a set constructed from 2 lists passed in as variables and a list of a single element. In my case, I am not providing a value for service_account_roles or service_account_roles_supplemental, so it is using the defaults (4 values and 0 values, respectively). I'm not sure what I could do to fix it (other than the usual fix of passing the length of the collection in separately), since it seems to be the standard complaint about computing the size of a dynamic variable.