Invalid template interpolation value; The expression result is null.

[mijndert]

Description

Versions

Terraform v1.1.7
on darwin_amd64

• provider registry.terraform.io/hashicorp/aws v4.8.0
• provider registry.terraform.io/hashicorp/cloudinit v2.2.0
• provider registry.terraform.io/hashicorp/kubernetes v2.9.0
• provider registry.terraform.io/hashicorp/random v3.1.2
• provider registry.terraform.io/hashicorp/tls v3.1.0

Module: 18.15.0

Reproduction

Steps to reproduce the behavior: terraform plan
Not using workspaces, cleared local cache.

Code Snippet to Reproduce

output "aws_auth_configmap_yaml" {
  description = "Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles"
  value = templatefile("${path.module}/templates/aws_auth_cm.tpl",
    {
      eks_managed_role_arns                   = [for group in module.eks_managed_node_group : group.iam_role_arn]
      self_managed_role_arns                  = [for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"]
      win32_self_managed_role_arns            = [for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"]
      fargate_profile_pod_execution_role_arns = [for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn]
    }
  )
}

Expected behavior

I expect my terraform plan to go through.

Actual behavior

$ tf plan
module.eks.random_string.suffix: Refreshing state... [id=EjDLu]                               
module.eks.module.eks.module.eks_managed_node_group["general"].aws_security_group.this[0]: Refreshing state... [id=sg-08db1aec4480e8cc1]                                                     
module.eks.module.eks.aws_security_group.node[0]: Refreshing state... [id=sg-0691d702c8b6ee4eb]
╷                                                                                                                                                                                            
│ Error: Error in function call                                                               
│                                                                                             
│   on .terraform/modules/eks.eks/outputs.tf line 186, in output "aws_auth_configmap_yaml":   
│  186:   value = templatefile("${path.module}/templates/aws_auth_cm.tpl",                    
│  187:     {                                                                                 
│  188:       eks_managed_role_arns                   = [for group in module.eks_managed_node_group : group.iam_role_arn]
│  189:       self_managed_role_arns                  = [for group in module.self_managed_node_group : group.iam_role_arn if group.platform != "windows"]
│  190:       win32_self_managed_role_arns            = [for group in module.self_managed_node_group : group.iam_role_arn if group.platform == "windows"]
│  191:       fargate_profile_pod_execution_role_arns = [for group in module.fargate_profile : group.fargate_profile_pod_execution_role_arn]
│  192:     }                                                                                 
│  193:   )                                                                                   
│     ├────────────────                                                                       
│     │ module.eks_managed_node_group is object with 2 attributes                             
│     │ module.fargate_profile is object with no attributes                                   
│     │ module.self_managed_node_group is object with no attributes                           
│     │ path.module is ".terraform/modules/eks.eks"                                           
│                                                                                             
│ Call to function "templatefile" failed: .terraform/modules/eks.eks/templates/aws_auth_cm.tpl:9,18-22: Invalid template interpolation value; The expression result is null. Cannot include
│ a null value in a string template..                                                         
╵                                                                                             

Terminal Output Screenshot(s)

See output above

Additional context

I have 'fixed' the issue by adding flatten to the code.

flatten([for group in module.eks_managed_node_group : group.iam_role_arn])

[bryantbiggs]

Could you please share your complete configuration

[mijndert]

@bryantbiggs sure

module "eks" {
  source = "terraform-aws-modules/eks/aws"

  cluster_name                    = var.environment
  cluster_version                 = var.eks_version
  cluster_endpoint_private_access = true
  cluster_endpoint_public_access  = true

  vpc_id          = data.aws_vpc.selected.id
  subnet_ids      = data.aws_subnets.private.ids

  enable_irsa = true

  cluster_addons = {
    # coredns = {
    #   resolve_conflicts = "OVERWRITE"
    #   addon_version = var.coredns_addon_version
    # }
    kube-proxy = {
      addon_version = var.kubeproxy_addon_version
    }
    vpc-cni = {
      resolve_conflicts = "OVERWRITE"
      addon_version     = var.cni_addon_version
      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
    }
  }

  eks_managed_node_group_defaults = {
    vpc_security_group_ids     = [data.aws_security_group.eks-nodes.id]
    disk_size                  = var.disk_size
    iam_role_attach_cni_policy = false
  }

  eks_managed_node_groups = {
    general = {
      name = "eks-general-${random_string.suffix.result}"

      ami_type     = "AL2_x86_64"

      ami_id       = var.general_ami

      min_size     = var.min_capacity_general
      max_size     = var.max_capacity_general
      desired_size = var.desired_capacity_general

      instance_types = [var.instance_type_general]
      capacity_type  = "ON_DEMAND"
      labels = {
        Environment = var.environment
      }
    }
    localstorage = {
      name = "eks-local-storage-${random_string.suffix.result}"

      ami_type     = "AL2_ARM_64"

      ami_id       = var.localstorage_ami

      min_size     = var.min_capacity_local_storage
      max_size     = var.max_capacity_local_storage
      desired_size = var.desired_capacity_local_storage

      instance_types = [var.instance_type_local_storage]
      capacity_type  = "ON_DEMAND"
      labels = {
        Environment = var.environment
      }
    }
  }
}

[bryantbiggs]

unless there are any other configs missing, I don't see any errors. you can see our use of aws_auth_configmap_yaml here https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/examples/eks_managed_node_group/main.tf#L384 and I haven't seen any errors (as well as in other examples

terraform-aws-eks/examples/complete/main.tf

Line 326 in 4898bf3

cmd_patch = "kubectl patch configmap/aws-auth --patch \"${local.aws_auth_configmap_yaml}\" -n kube-system --kubeconfig <(echo $KUBECONFIG | base64 --decode)"

[mijndert]

Then why would it work when I flatten the node groups flatten([for group in module.eks_managed_node_group : group.iam_role_arn])

Would love to have that cleared up.

Thanks.

[bryantbiggs]

Then why would it work when I flatten the node groups flatten([for group in module.eks_managed_node_group : group.iam_role_arn])

Would love to have that cleared up.

Thanks.

I don't know - I cannot reproduce your setup with the configuration provided to provide any further info

[bryantbiggs]

@mijndert can you provide a deployable configuration to reproduce (I can't guess at what values you are using with the repro provided)?

[marpada]

I have two node groups and want use the create property to create them conditionally. I bump into the same error when for any of the node groups create evaluates to false (module version 4.18.0) .

Hijacking @mijndert 's code:

 eks_managed_node_groups = {
    general = {
     create = false
      name = "eks-general-${random_string.suffix.result}"

      ami_type     = "AL2_x86_64"

      ami_id       = var.general_ami

      min_size     = var.min_capacity_general
      max_size     = var.max_capacity_general
      desired_size = var.desired_capacity_general

      instance_types = [var.instance_type_general]
      capacity_type  = "ON_DEMAND"
      labels = {
        Environment = var.environment
      }
    }
    localstorage = {
     create = false
      name = "eks-local-storage-${random_string.suffix.result}"

      ami_type     = "AL2_ARM_64"

      ami_id       = var.localstorage_ami

      min_size     = var.min_capacity_local_storage
      max_size     = var.max_capacity_local_storage
      desired_size = var.desired_capacity_local_storage

      instance_types = [var.instance_type_local_storage]
      capacity_type  = "ON_DEMAND"
      labels = {
        Environment = var.environment
      }
    }

[bryantbiggs]

thank you @marpada for that reproduction, that was very helpful and a fix is coming

[antonbabenko]

This issue has been resolved in version 18.20.3 🎉

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.