I am trying to update my Virtual Node for AWS App Mesh via its Terraform configuration (that has worked and been deployed prior). I am adding a serviceDiscovery ReponseType variable to it so that I can change that value. Currently my code looks like this:
# Virtual Node Creation --------------------------------
resource "kubernetes_manifest" "service_virtual_node" {
manifest = {
"apiVersion" = "appmesh.k8s.aws/v1beta2"
"kind" = "VirtualNode"
"metadata" = {
"name" = "${var.team_name}-${var.service_name}-virtual-node"
"namespace" = "${var.kubernetes_namespace}"
}
"spec" = {
"podSelector" = {
"matchLabels" = {
"app" = "${var.service_name}"
}
}
"listeners" = [{
"portMapping" = {
"port" = "${var.appmesh_port}"
"protocol" = "${var.service_protocol}"
}
}]
"serviceDiscovery" = {
"dns" = {
"hostname" = var.load_balancer_type == "internal" ? "${var.service_name}.${var.dns_zone_name}" : "${var.service_name}-external.${var.dns_zone_name}"
"responseType" = var.service_discovery_response_type
}
}
logging = {
accessLog = {
file = {
path = "/dev/stdout"
}
}
}
}
}
}
It seems to be complaining about my new line:
"responseType" = var.service_discovery_response_type
The weird part about this, is that I deployed the same code (terraform module) to three other services without complaint. The error that I am now recieving from this is:
╷
│ Error: Failed to morph manifest to OAPI type
│
│ with module.services.module.accounts-api.module.appmesh.kubernetes_manifest.service_virtual_node,
│ on .terraform/modules/services.accounts-api.appmesh/kubernetes_manifest.tf line 2, in resource "kubernetes_manifest" "service_virtual_node":
│ 2: resource "kubernetes_manifest" "service_virtual_node" {
│
│ AttributeName("spec"): [AttributeName("spec")] failed to morph object element into object element: AttributeName("spec").AttributeName("serviceDiscovery"):
│ [AttributeName("spec").AttributeName("serviceDiscovery")] failed to morph object element into object element: AttributeName("spec").AttributeName("serviceDiscovery").AttributeName("dns"):
│ [AttributeName("spec").AttributeName("serviceDiscovery").AttributeName("dns")] failed to morph object element into object element:
│ AttributeName("spec").AttributeName("serviceDiscovery").AttributeName("dns").AttributeName("responseType"):
│ [AttributeName("spec").AttributeName("serviceDiscovery").AttributeName("dns").AttributeName("responseType")] failed to morph object element into object element:
│ AttributeName("spec").AttributeName("serviceDiscovery").AttributeName("dns").AttributeName("responseType"): type is nil
I am not sure why the same code is now failing. I have tried adding "${}" around the variable, and also adding brackets as well. Both failed.
Related
I am trying to create a storage bucket in GCP using Terraform. Please see the below implementation and the .tfvars snippet foe the same
implementation logic
`
resource "google_storage_bucket" "cloud_storage" {
for_each = {for gcs in var.storage_buckets : gcs.name => gcs}
name = each.value.name
location = lookup(each.value, "location", "AUSTRALIA-SOUTHEAST1")
project = data.google_project.existing_projects[each.value.project].project_id
force_destroy = lookup(each.value, "force_destroy", false)
storage_class = lookup(each.value, "storage_class", "STANDARD")
labels = merge(
lookup(each.value, "labels", {}),
{
managed_by = "terraform"
}
)
dynamic "versioning" {
for_each = [for version in [lookup(each.value, "versioning", null)] : version if version != null]
content {
enabled = lookup(versioning.value, "enabled", true)
}
}
dynamic "lifecycle_rule" {
for_each = [for rule in [lookup(each.value, "lifecycle_rule", toset([]))] : rule if length(rule) != 0]
content {
action {
type = lifecycle_rule.value.action.type
storage_class = lookup(lifecycle_rule.value.action, "storage_class", null)
}
condition {
# matches_suffix = lookup(lifecycle_rule.value["condition"], "matches_suffix", null)
age = lookup(lifecycle_rule.value.condition, "age", null)
}
}
}
uniform_bucket_level_access = lookup(each.value, "uniform_bucket_level_access", false)
depends_on = [
data.google_project.existing_projects
]
}
.tfvars snippet
storage_buckets = [
# this 1st bucket is only defined in DEV tf vars. reason: this bucket is a onetime creation for all DWH cloud artifacts under ecx-cicd-tools project.
{
name = "ecx-dwh-artefacts"
localtion = "AUSTRALIA-SOUTHEAST1"
force_destroy = false
project = "ecx-cicd-tools"
storage_class = "STANDARD"
versioning = {
enabled = false
}
labels = {
app = "alation"
project = "resetx"
team = "dwh"
}
uniform_bucket_level_access = false
folders = ["alation/","alation/packages/","alation/packages/archive/",
"alation/backups/","alation/backups/data/","alation/backups/data/DEV/","alation/backups/data/PROD/"]
lifecycle_rule = [
{
action = {
type = "Delete"
}
condition = {
age = "10"
}
},
]
}
,
{
name = "eclipx-dwh-dev"
localtion = "AUSTRALIA-SOUTHEAST1"
force_destroy = false
project = "eclipx-dwh-dev"
storage_class = "STANDARD"
versioning = {}
labels = {
app = "dataflow"
project = "resetx"
team = "dwh"
}
uniform_bucket_level_access = false
folders = ["Data/","Data/stagingCustomDataFlow/","Data/temp/","Data/templatesCustomDataFlow/"]
lifecycle_rule = []
}
]
`
Some have I am unable to make the dynamic block working in the bucket provision logic for the lifecycle_rule section, I am passing a list of objects from .tfvars as I need to be able to add many rules to the same bucket.
It looks like the foreach loop is not iterating over the list of objects in the lifecycle_rule of .tfvars
Below are the errors its throwing. Can someone please assist.
Error: Unsupported attribute
│
│ on storage.tf line 56, in resource "google_storage_bucket" "cloud_storage":
│ 56: type = lifecycle_rule.value.action.type
│ ├────────────────
│ │ lifecycle_rule.value is list of object with 1 element
│
│ Can't access attributes on a list of objects. Did you mean to access attribute "action" for a specific element of the list, or across all elements of the list?
╵
╷
│ Error: Unsupported attribute
│
│ on storage.tf line 57, in resource "google_storage_bucket" "cloud_storage":
│ 57: storage_class = lookup(lifecycle_rule.value.action, "storage_class", null)
│ ├────────────────
│ │ lifecycle_rule.value is list of object with 1 element
│
│ Can't access attributes on a list of objects. Did you mean to access attribute "action" for a specific element of the list, or across all elements of the list?
╵
╷
│ Error: Unsupported attribute
│
│ on storage.tf line 61, in resource "google_storage_bucket" "cloud_storage":
│ 61: age = lookup(lifecycle_rule.value.condition, "age", null)
│ ├────────────────
│ │ lifecycle_rule.value is list of object with 1 element
│
│ Can't access attributes on a list of objects. Did you mean to access attribute "condition" for a specific element of the list, or across all elements of the list?
Thank you.
I am expecting it that the dynamic block loop over lifecycle_rule
Your for_each is incorrect. It should be:
dynamic "lifecycle_rule" {
for_each = length(each.value["lifecycle_rule"]) != 0 ? each.value["lifecycle_rule"] : []
content {
action {
type = lifecycle_rule.value.action.type
storage_class = lookup(lifecycle_rule.value.action, "storage_class", null)
}
condition {
# matches_suffix = lookup(lifecycle_rule.value["condition"], "matches_suffix", null)
age = lookup(lifecycle_rule.value.condition, "age", null)
}
}
Looking to deploy a Fargate application where the invoking function runs the ECS container in two arbitrarily selected subnets from the default VPC.
So far my template looks like this:
data "aws_subnets" "subnets" {
filter {
name = "vpc-id"
values = [var.vpc_id]
}
}
data "aws_subnet" "subnet" {
for_each = toset(data.aws_subnets.subnets.ids)
id = each.value
}
resource "aws_lambda_function" "ecs_invoker" {
function_name = "ecs_invoker"
...
environment {
variables = {
SUBNET_PRIMARY = data.aws_subnet.subnet[0]
SUBNET_SECONDARY = data.aws_subnet.subnet[1]
}
}
}
However, this produces the following error:
│ Error: Invalid index
│
│ on lambda.tf line 16, in resource "aws_lambda_function" "ecs_invoker":
│ 16: SUBNET_PRIMARY = data.aws_subnet.subnet[0]
│ ├────────────────
│ │ data.aws_subnet.subnet is object with 6 attributes
│
│ The given key does not identify an element in this collection value. An object only supports looking up attributes by name, not by numeric index.
╵
So how exactly should I grab two arbitrary subnet IDs from the default VPC?
Since you used for_each, data.aws_subnet.subnet will be a map, not a list. So to get two first subnet ids, you can do:
SUBNET_PRIMARY = values(data.aws_subnet.subnet)[0].id
SUBNET_SECONDARY = values(data.aws_subnet.subnet)[1].id
To get two random ids, you can do:
resource "random_shuffle" "subnets" {
input = values(data.aws_subnet.subnet)[*].id
result_count = 2
}
and then
SUBNET_PRIMARY = random_shuffle.subnets.result[0]
SUBNET_SECONDARY = random_shuffle.subnets.result[1]
I have a map of map as a local variable. I am using this
locals {
region_map = {
mumbai = {
is_second_execution = true
cg_ip_address = "ip.add.re.ss"
}
}
}
Now I am referencing it as
module "saopaulo" {
source = "./site-to-site-vpn-setup"
providers = { aws = aws.saopaulo }
is_second_execution = lookup(local.region_map, local.region_map["saopaulo"]["is_second_execution"], false)
cg_ip_address = lookup(local.region_map, local.region_map["saopaulo"]["cg_ip_address"], "")
}
but since I have not added saopaulo in the map, I get an error. I want to set the fields is_second_execution and cg_ip_address to default values without adding saopaulo in the map so how do I do that?
The error I get is -
Error: Unsupported attribute
│
│ on main.tf line 20, in module "saopaulo":
│ 20: is_second_execution = lookup(local.region_map.saopaulo, "is_second_execution", false)
│ ├────────────────
│ │ local.region_map is object with 1 attribute "mumbai"
│
│ This object does not have an attribute named "saopaulo".
There are few ways of doing that. But I think in your particular case, easiest could be to use try, instead of lookup:
module "saopaulo" {
source = "./site-to-site-vpn-setup"
providers = { aws = aws.saopaulo }
is_second_execution = try(local.region_map["saopaulo"]["is_second_execution"], false)
cg_ip_address = try(local.region_map["saopaulo"]["cg_ip_address"], "")
}
Basically, try returns the first value which does not error out.
I am using terraform 1.0.11
I am trying to set an output of my secret manger.
main.tf:
resource "aws_secretsmanager_secret" "aws_secret" {
for_each = { for secret in var.secrets : secret.secret_name => secret}
name = each.value.secret_name
}
output.tf:
output "secret_arns" {
value = tolist(aws_secretsmanager_secret.aws_secret[*].arn)
}
However, it is throwing me this error.
╷
│ Error: Unsupported attribute
│
│ on ../Resources/secrets/outputs.tf line 2, in output "secret_arns":
│ 2: value = tolist(aws_secretsmanager_secret. aws_secret[*].arn)
│
│ This object does not have an attribute named "arn".
Is there anything that I did wrongly here?
Your aws_secretsmanager_secret.aws_secret is a map. So it should be:
output "secret_arns" {
value = values(aws_secretsmanager_secret.aws_secret)[*].arn
}
I have a module that creates a VPC with public and private subnets
module "vpc" {
count = var.vpc_enabled ? 1 : 0
source = "./vpc"
}
and as an output of that module I'm extracting the private subnets
output "private_subnets" {
value = aws_subnet.private.*.id
}
Then I want to use that subnets list as an input of another module:
module "eks" {
source = "./eks"
name = var.name
private_subnets = var.vpc_enabled ? module.vpc.private_subnets : var.private_subnets_id
}
basically what I'm trying to achieve is that the user can choose if he want to create a new VPC or use as an input a list of subnets of their existing VPC.
The problem that I've right now is that I'm getting the following error in terraform plan:
on main.tf line 32, in module "eks":
32: private_subnets = var.vpc_enabled ? module.vpc.private_subnets : var.private_subnets_id
|----------------
| module.vpc is tuple with 1 element
This value does not have any attributes.
Does anyone knows how to fix this?
You are defining your vpc module with count. Thus you need to refer to individual instances of the module, even if you have only 1.
private_subnets = var.vpc_enabled ? module.vpc[0].private_subnets : var.private_subnets_id
Just to add Marcin's answer
I had a similar issue when working with dynamic blocks and locals in Terraform.
I had a locals block like this:
locals {
subnet_suffix = "dev-subnet"
delegation_settings = [{
subnet_delegation_name = "app-service-delegation"
subnet_service_delegation_name = "Microsoft.Web/serverFarms"
}]
}
And I was referencing the attributes this way:
module "subnet_public_1" {
source = "../../../modules/azure/subnet"
subnet_name = "${var.subnet_name}-public-1-${local.subnet_suffix}"
resource_group_name = data.azurerm_resource_group.main.name
virtual_network_name = data.azurerm_virtual_network.main.name
subnet_address_prefixes = var.subnet_address_prefixes.public_1
enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies.public_1
delegation_settings = [
{
subnet_delegation_name = local.delegation_settings.subnet_delegation_name
subnet_service_delegation_name = local.delegation_settings.subnet_service_delegation_name
}
]
tag_environment = var.tag_environment
}
And when I run terraform plan I get the error below:
│ Error: Unsupported attribute
│
│ on main.tf line 68, in module "subnet_public_1":
│ 68: subnet_delegation_name = local.delegation_settings.subnet_delegation_name
│ ├────────────────
│ │ local.delegation_settings is tuple with 1 element
│
│ This value does not have any attributes.
╵
╷
│ Error: Unsupported attribute
│
│ on main.tf line 69, in module "subnet_public_1":
│ 69: subnet_service_delegation_name = local.delegation_settings.subnet_service_delegation_name
│ ├────────────────
│ │ local.delegation_settings is tuple with 1 element
│
│ This value does not have any attributes.
Here's how I solved it:
All I had to do was to add the index to the attributes, in this case it was 0:
module "subnet_public_1" {
source = "../../../modules/azure/subnet"
subnet_name = "${var.subnet_name}-public-1-${local.subnet_suffix}"
resource_group_name = data.azurerm_resource_group.main.name
virtual_network_name = data.azurerm_virtual_network.main.name
subnet_address_prefixes = var.subnet_address_prefixes.public_1
enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies.public_1
delegation_settings = [
{
subnet_delegation_name = local.delegation_settings[0].subnet_delegation_name
subnet_service_delegation_name = local.delegation_settings[0].subnet_service_delegation_name
}
]
tag_environment = var.tag_environment
}
That's all