Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace for_each with count for aws_ssoadmin_account_assignment resource #14

Closed
wants to merge 4 commits into from
Closed

Replace for_each with count for aws_ssoadmin_account_assignment resource #14

wants to merge 4 commits into from

Conversation

nicolaevladescu
Copy link

what

  • Replace for_each with count for aws_ssoadmin_account_assignment resource
  • Retrieve per iteration values using count.index from var.account_assignments
  • Deprecate assignment_map

why

  • a.permission_set_arn is providing a unique value to the account_assignment name.
  • However the permission_set_arn can not be determined until after the apply of the permission sets.
  • Using a.permission_set_arn in account_assignments before the permission sets have been applied will result in the following error.
Error: Invalid for_each argument

  on .terraform/modules/sso_account_assignments/modules/account-assignments/main.tf line 30, in resource "aws_ssoadmin_account_assignment" "this":
  30:   for_each = local.assignment_map

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

references

@nicolaevladescu nicolaevladescu requested review from a team as code owners May 19, 2021 15:34
@nicolaevladescu nicolaevladescu mentioned this pull request May 19, 2021
Merged
@jgrumboe
Copy link
Contributor

jgrumboe commented May 19, 2021
edited
Loading

But doesn't count rely on the order how the account_assignments are defined?
Inserting or removing entries in var.account_assignment would lead to unknown recreation of resources, wouldn't it? (I think that's more or less the state as it was with version 0.2.1)
I would like to test it tomorrow.

@nicolaevladescu
Copy link
Author

I didn't have time to test all scenarios, but you might be right, i will test also and come back with the findings.

@nicolaevladescu
Copy link
Author

@jgrumboe

So i managed to test and you are right, if you change items inside var.account_assignment being it a removal of an item or prepend instead of an append, everything gets recreated. The only scenario when this is fine is if you do only gradual append, yet the nature of the resources allows you to live with the recreations if you want to.

So i guess it's another compromise, but it's more severe than #13, not sure which one is easier to live with, but i cannot consider this a worthy candidate for a fix.

I guess it's back to the drawing board.

@jgrumboe
Copy link
Contributor

Thanks for testing!

@nitrocode nitrocode added terraform/0.13 Module requires Terraform 0.13 or later and removed terraform/0.13 Module requires Terraform 0.13 or later labels Jun 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@3h4x 3h4x Awaiting requested review from 3h4x

@joe-niland joe-niland Awaiting requested review from joe-niland

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Complete example not working
4 participants
@nicolaevladescu @jgrumboe @nitrocode @cloudpossebot