terraform-google-modules/terraform-google-service-accounts

Invalid for_each argument

larsrnielsen opened this issue · 2 comments

larsrnielsen commented

If you try to create a project (using project factory) and then a service account it fails with 'Invalid for_each argument'.

module "project-factory" {
  source  = "terraform-google-modules/project-factory/google"
  version = "8.0.1"

  name                = var.project_name
  random_project_id   = "true"
  org_id              = var.org_id
  folder_id           = var.folder_id
  billing_account     = var.billing_account
  use_tf_google_credentials_env_var = "true"
  shared_vpc          = data.terraform_remote_state.project.outputs.project_id 
  shared_vpc_subnets  = data.terraform_remote_state.project.outputs.subnet_ids

  activate_apis       = ["compute.googleapis.com", "container.googleapis.com", "monitoring.googleapis.com", "logging.googleapis.com", "storage-component.googleapis.com"] 
}
module "gke_sa" {
  source        = "terraform-google-modules/service-accounts/google"
  version       = "3.0.0"
  project_id    = module.project-factory.project_id
  description   = "SA for GKE cluster"
  display_name  = "GKE SA"
  prefix        = "gke-sa"
  names         = ["poc"]
  project_roles = [  
    "${module.project-factory.project_id}=>roles/storage.objectViewer",
    "${module.project-factory.project_id}=>roles/logging.logWriter",
    "${module.project-factory.project_id}=>roles/monitoring.metricWriter",
    "${module.project-factory.project_id}=>roles/stackdriver.resourceMetadata.writer"
  ]
}

Error:

Error: Invalid for_each argument

  on .terraform/modules/gke_sa/terraform-google-service-accounts-3.0.0/main.tf line 47, in resource "google_project_iam_member" "project-roles":
  47:   for_each = local.project_roles_map_data

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.
morgante commented

Unfortunately there are issues with using references on this module (and all modules).

You can do a targeted apply terraform apply -target=module.project-factory to work around this.

github-actions commented

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days