Terraform code for Leverage Reference Architecture for AWS, designed under optimal configs for the most popular modern web and mobile applications needs.
Given an SSO layer at management/global/sso.
Adding a new group in locals.tf file.
Running leverage tf plan.
It gives this error:
│ Error: no Identity Store Group found matching criteria
│ [{0xc002bb37d0 0xc002bb37e0 {}}]; try different search
│
│ with module.account_assignments.data.aws_identitystore_group.this["SentinelFieldEngineer"],
│ on .terraform/modules/account_assignments/modules/account-assignments/main.tf line 1, in data "aws_identitystore_group" "this":
│ 1: data "aws_identitystore_group" "this" {
Expected Behavior
The group is created and then the account assignment takes place.
Steps to Reproduce
CD into management/global/sso layer
Add a new group in locals.tf file.
Run leverage tf plan
See error:
│ Error: no Identity Store Group found matching criteria
│ [{0xc002bb37d0 0xc002bb37e0 {}}]; try different search
│
│ with module.account_assignments.data.aws_identitystore_group.this["SentinelFieldEngineer"],
│ on .terraform/modules/account_assignments/modules/account-assignments/main.tf line 1, in data "aws_identitystore_group" "this":
│ 1: data "aws_identitystore_group" "this" {
Screenshots
N/A
Environment (please complete the following information):
Anything that will help us triage the bug will help. Here are some ideas:
❯ uname -r
5.15.146-1-MANJARO
❯ leverage --version
leverage, version 1.11.2
Additional Context
This seems to be a dependencies issue.
The new group is created in the user_groups file.
Since the module account_assignment has no dependency to resources in that file, when it looks for the group it does not exist.
Proposed solution.
Adding a dependency sentence in the account_assignment module should fix it:
Describe the Bug
Given an SSO layer at
management/global/sso
. Adding a new group inlocals.tf
file. Runningleverage tf plan
. It gives this error:Expected Behavior
The group is created and then the account assignment takes place.
Steps to Reproduce
management/global/sso
layerlocals.tf
file.leverage tf plan
Screenshots
N/A
Environment (please complete the following information):
Anything that will help us triage the bug will help. Here are some ideas:
Additional Context
This seems to be a dependencies issue.
The new group is created in the user_groups file.
Since the module
account_assignment
has no dependency to resources in that file, when it looks for the group it does not exist.Proposed solution.
Adding a dependency sentence in the
account_assignment
module should fix it: