Specifying log_destination_configs produces an error:
│ Error: Invalid dynamic for_each value
│
│ on .terraform/modules/waf/main.tf line 15, in resource "aws_wafv2_web_acl_logging_configuration" "default":
│ 15: for_each = var.redacted_fields
│ ├────────────────
│ │ var.redacted_fields is null
│
│ Cannot use a null value in for_each.
Adding an empty redacted_fields map produces the following validation error:
╷
│ Error: Invalid value for module argument
│
│ on main.tf line 10, in module "waf":
│ 10: redacted_fields = {}
│
│ The given value is not suitable for child module variable "redacted_fields"
│ defined at .terraform/modules/waf/variables.tf:435,1-27: attributes
│ "method_enabled", "query_string_enabled", "single_header", and
│ "uri_path_enabled" are required.
because the variable type constraint is expecting a variable shaped like:
Adding a variable of the expected shape also produces errors like:
╷
│ Error: Unsupported attribute
│
│ on .terraform/modules/waf/main.tf line 19, in resource "aws_wafv2_web_acl_logging_configuration" "default":
│ 19: for_each = redacted_fields.value.method_enabled ? [1] : []
│ ├────────────────
│ │ redacted_fields.value is false
│
│ This value does not have any attributes.
Changing to map(any) allows us to pass in an empty map when no redacted fields are needed, as well as pass in a map in the shape that the code is expecting
mcalhoun
commented
3 years ago
what
redacted_fieldstype tomap(any)redacted_fieldsdefault to{}why
log_destination_configsproduces an error:redacted_fieldsmap produces the following validation error:because the variable type constraint is expecting a variable shaped like:
While the code is expecting a map shaped like:
map(any)allows us to pass in an empty map when no redacted fields are needed, as well as pass in a map in the shape that the code is expecting