search

terraform-aws-modules / terraform-aws-ecr

Terraform module to create AWS ECR resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/ecr/aws
Apache License 2.0
49 stars 106 forks source link

Wrappers not working #11

Closed BartoszZawadzki closed 1 year ago

BartoszZawadzki commented 1 year ago

Description

I'm trying to use wrappers to create some repositories in ECR, currently I want to create just one. My config:

terraform {
  source = "tfr:///terraform-aws-modules/ecr/aws//wrappers?version=1.4.0"
}

inputs = {
  defaults = {
    tags = {
      Terraform   = "true"
      Environment = "${local.environment}"
    }
  }

  items = {
    activity_sec = {
      repository_name = "foo"
      repository_lifecycle_policy = jsonencode({
        rules = [
          {
            rulePriority = 1,
            description  = "Keep last 30 images",
            selection = {
              tagStatus     = "tagged",
              tagPrefixList = ["v"],
              countType     = "imageCountMoreThan",
              countNumber   = 30
            },
            action = {
              type = "expire"
            }
          }
        ]
      })
    }
  }
}

Output when executing terragrunt plan:

Waiting for the plan to start...

Terraform v1.3.3
on linux_amd64
Initializing plugins and modules...
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 6, in module "wrapper":
β”‚    6:   create                                    = try(each.value.create, var.defaults.create, true)
β”‚
β”‚ An argument named "create" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 7, in module "wrapper":
β”‚    7:   tags                                      = try(each.value.tags, var.defaults.tags, {})
β”‚
β”‚ An argument named "tags" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 8, in module "wrapper":
β”‚    8:   repository_type                           = try(each.value.repository_type, var.defaults.repository_type, "private")
β”‚
β”‚ An argument named "repository_type" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 9, in module "wrapper":
β”‚    9:   create_repository                         = try(each.value.create_repository, var.defaults.create_repository, true)
β”‚
β”‚ An argument named "create_repository" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 10, in module "wrapper":
β”‚   10:   repository_name                           = try(each.value.repository_name, var.defaults.repository_name, "")
β”‚
β”‚ An argument named "repository_name" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 11, in module "wrapper":
β”‚   11:   repository_image_tag_mutability           = try(each.value.repository_image_tag_mutability, var.defaults.repository_image_tag_mutability, "IMMUTABLE")
β”‚
β”‚ An argument named "repository_image_tag_mutability" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 12, in module "wrapper":
β”‚   12:   repository_encryption_type                = try(each.value.repository_encryption_type, var.defaults.repository_encryption_type, null)
β”‚
β”‚ An argument named "repository_encryption_type" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 13, in module "wrapper":
β”‚   13:   repository_kms_key                        = try(each.value.repository_kms_key, var.defaults.repository_kms_key, null)
β”‚
β”‚ An argument named "repository_kms_key" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 14, in module "wrapper":
β”‚   14:   repository_image_scan_on_push             = try(each.value.repository_image_scan_on_push, var.defaults.repository_image_scan_on_push, true)
β”‚
β”‚ An argument named "repository_image_scan_on_push" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 15, in module "wrapper":
β”‚   15:   repository_policy                         = try(each.value.repository_policy, var.defaults.repository_policy, null)
β”‚
β”‚ An argument named "repository_policy" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 16, in module "wrapper":
β”‚   16:   repository_force_delete                   = try(each.value.repository_force_delete, var.defaults.repository_force_delete, null)
β”‚
β”‚ An argument named "repository_force_delete" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 17, in module "wrapper":
β”‚   17:   attach_repository_policy                  = try(each.value.attach_repository_policy, var.defaults.attach_repository_policy, true)
β”‚
β”‚ An argument named "attach_repository_policy" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 18, in module "wrapper":
β”‚   18:   create_repository_policy                  = try(each.value.create_repository_policy, var.defaults.create_repository_policy, true)
β”‚
β”‚ An argument named "create_repository_policy" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 19, in module "wrapper":
β”‚   19:   repository_read_access_arns               = try(each.value.repository_read_access_arns, var.defaults.repository_read_access_arns, [])
β”‚
β”‚ An argument named "repository_read_access_arns" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 20, in module "wrapper":
β”‚   20:   repository_read_write_access_arns         = try(each.value.repository_read_write_access_arns, var.defaults.repository_read_write_access_arns, [])
β”‚
β”‚ An argument named "repository_read_write_access_arns" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 21, in module "wrapper":
β”‚   21:   create_lifecycle_policy                   = try(each.value.create_lifecycle_policy, var.defaults.create_lifecycle_policy, true)
β”‚
β”‚ An argument named "create_lifecycle_policy" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 22, in module "wrapper":
β”‚   22:   repository_lifecycle_policy               = try(each.value.repository_lifecycle_policy, var.defaults.repository_lifecycle_policy, "")
β”‚
β”‚ An argument named "repository_lifecycle_policy" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 23, in module "wrapper":
β”‚   23:   public_repository_catalog_data            = try(each.value.public_repository_catalog_data, var.defaults.public_repository_catalog_data, {})
β”‚
β”‚ An argument named "public_repository_catalog_data" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 24, in module "wrapper":
β”‚   24:   create_registry_policy                    = try(each.value.create_registry_policy, var.defaults.create_registry_policy, false)
β”‚
β”‚ An argument named "create_registry_policy" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 25, in module "wrapper":
β”‚   25:   registry_policy                           = try(each.value.registry_policy, var.defaults.registry_policy, null)
β”‚
β”‚ An argument named "registry_policy" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 26, in module "wrapper":
β”‚   26:   registry_pull_through_cache_rules         = try(each.value.registry_pull_through_cache_rules, var.defaults.registry_pull_through_cache_rules, {})
β”‚
β”‚ An argument named "registry_pull_through_cache_rules" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 27, in module "wrapper":
β”‚   27:   manage_registry_scanning_configuration    = try(each.value.manage_registry_scanning_configuration, var.defaults.manage_registry_scanning_configuration, false)
β”‚
β”‚ An argument named "manage_registry_scanning_configuration" is not expected
β”‚ here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 28, in module "wrapper":
β”‚   28:   registry_scan_type                        = try(each.value.registry_scan_type, var.defaults.registry_scan_type, "ENHANCED")
β”‚
β”‚ An argument named "registry_scan_type" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 29, in module "wrapper":
β”‚   29:   registry_scan_rules                       = try(each.value.registry_scan_rules, var.defaults.registry_scan_rules, [])
β”‚
β”‚ An argument named "registry_scan_rules" is not expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 30, in module "wrapper":
β”‚   30:   create_registry_replication_configuration = try(each.value.create_registry_replication_configuration, var.defaults.create_registry_replication_configuration, false)
β”‚
β”‚ An argument named "create_registry_replication_configuration" is not
β”‚ expected here.
β•΅
β•·
β”‚ Error: Unsupported argument
β”‚
β”‚   on main.tf line 31, in module "wrapper":
β”‚   31:   registry_replication_rules                = try(each.value.registry_replication_rules, var.defaults.registry_replication_rules, [])
β”‚
β”‚ An argument named "registry_replication_rules" is not expected here.
β•΅
Operation failed: failed running terraform plan (exit 1)
ERRO[0031] Terraform invocation failed in /Users/XXX/XXX/XXX/XXX/XXX/.terragrunt-cache/lNn_BUItOxjt46sMF85eiWlKVAc/eWDEKADBpIQ7X8Dom0nJ14Prazg/wrappers  prefix=[/Users/XXX/XXX/XXX/XXX/XXX]
ERRO[0031] 1 error occurred:
    * exit status 1

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

Reproduction Code [Required]

Steps to reproduce the behavior:

Yes Yes In description ## Expected behavior terragrunt plan passes successfully ## Actual behavior In description ### Terminal Output Screenshot(s)

Additional context

antonbabenko commented 1 year ago

Could you double-check that terragrunt init actually downloads the module in the cache location? Try to delete it and rerun it if you haven't done it yet.

BartoszZawadzki commented 1 year ago

.terragrunt-cache/lNn_BUItOxjt46sMF85eiWlKVAc/eWDEKADBpIQ7X8Dom0nJ14Prazg

❯ ls -alh
total 152
drwxr-xr-x  18 bartoszzawadzki  staff   576B Oct 27 12:17 .
drwxr-xr-x   3 bartoszzawadzki  staff    96B Oct 27 12:17 ..
-rw-r--r--   1 bartoszzawadzki  staff   559B Oct 27 12:17 .editorconfig
drwxr-xr-x  12 bartoszzawadzki  staff   384B Oct 27 13:15 .git
drwxr-xr-x   3 bartoszzawadzki  staff    96B Oct 27 12:17 .github
-rw-r--r--   1 bartoszzawadzki  staff   913B Oct 27 12:17 .gitignore
-rw-r--r--   1 bartoszzawadzki  staff   1.2K Oct 27 12:17 .pre-commit-config.yaml
-rw-r--r--   1 bartoszzawadzki  staff   1.0K Oct 27 12:17 .releaserc.json
-rw-r-----   1 bartoszzawadzki  staff    27B Oct 27 12:17 .terragrunt-source-version
-rw-r--r--   1 bartoszzawadzki  staff   2.6K Oct 27 12:17 CHANGELOG.md
-rw-r--r--   1 bartoszzawadzki  staff   9.9K Oct 27 12:17 LICENSE
-rw-r--r--   1 bartoszzawadzki  staff    13K Oct 27 12:17 README.md
drwxr-xr-x   4 bartoszzawadzki  staff   128B Oct 27 12:17 examples
-rw-r--r--   1 bartoszzawadzki  staff   7.9K Oct 27 12:17 main.tf
-rw-r--r--   1 bartoszzawadzki  staff   773B Oct 27 12:17 outputs.tf
-rw-r--r--   1 bartoszzawadzki  staff   6.1K Oct 27 12:17 variables.tf
-rw-r--r--   1 bartoszzawadzki  staff   151B Oct 27 12:17 versions.tf
drwxr-xr-x  13 bartoszzawadzki  staff   416B Oct 27 13:15 wrappers
antonbabenko commented 1 year ago

I can't reproduce it after running your provided terragrunt.hcl config. Here is an output:

$ terragrunt init
Initializing modules...

Initializing the backend...

Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v4.36.1

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

$ terragrunt plan
module.wrapper["activity_sec"].data.aws_caller_identity.current: Reading...
module.wrapper["activity_sec"].data.aws_partition.current: Reading...
module.wrapper["activity_sec"].data.aws_partition.current: Read complete after 0s [id=aws]
module.wrapper["activity_sec"].data.aws_caller_identity.current: Read complete after 1s [id=835367859851]
module.wrapper["activity_sec"].data.aws_iam_policy_document.repository[0]: Reading...
module.wrapper["activity_sec"].data.aws_iam_policy_document.repository[0]: Read complete after 0s [id=1015195856]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.wrapper["activity_sec"].aws_ecr_lifecycle_policy.this[0] will be created
  + resource "aws_ecr_lifecycle_policy" "this" {
      + id          = (known after apply)
      + policy      = jsonencode(
            {
              + rules = [
                  + {
                      + action       = {
                          + type = "expire"
                        }
                      + description  = "Keep last 30 images"
                      + rulePriority = 1
                      + selection    = {
                          + countNumber   = 30
                          + countType     = "imageCountMoreThan"
                          + tagPrefixList = [
                              + "v",
                            ]
                          + tagStatus     = "tagged"
                        }
                    },
                ]
            }
        )
      + registry_id = (known after apply)
      + repository  = "foo"
    }

  # module.wrapper["activity_sec"].aws_ecr_repository.this[0] will be created
  + resource "aws_ecr_repository" "this" {
      + arn                  = (known after apply)
      + id                   = (known after apply)
      + image_tag_mutability = "IMMUTABLE"
      + name                 = "foo"
      + registry_id          = (known after apply)
      + repository_url       = (known after apply)
      + tags                 = {
          + "Environment" = "dd"
          + "Terraform"   = "true"
        }
      + tags_all             = {
          + "Environment" = "dd"
          + "Terraform"   = "true"
        }

      + encryption_configuration {
          + encryption_type = "AES256"
          + kms_key         = (known after apply)
        }

      + image_scanning_configuration {
          + scan_on_push = true
        }
    }

  # module.wrapper["activity_sec"].aws_ecr_repository_policy.this[0] will be created
  + resource "aws_ecr_repository_policy" "this" {
      + id          = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = [
                          + "ecr:ListTagsForResource",
                          + "ecr:ListImages",
                          + "ecr:GetRepositoryPolicy",
                          + "ecr:GetLifecyclePolicyPreview",
                          + "ecr:GetLifecyclePolicy",
                          + "ecr:GetDownloadUrlForLayer",
                          + "ecr:DescribeRepositories",
                          + "ecr:DescribeImages",
                          + "ecr:DescribeImageScanFindings",
                          + "ecr:BatchGetImage",
                          + "ecr:BatchCheckLayerAvailability",
                        ]
                      + Effect    = "Allow"
                      + Principal = {
                          + AWS = "arn:aws:iam::835367859851:root"
                        }
                      + Sid       = "PrivateReadOnly"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + registry_id = (known after apply)
      + repository  = "foo"
    }

Plan: 3 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + wrapper = {
      + activity_sec = {
          + repository_arn         = (known after apply)
          + repository_registry_id = (known after apply)
          + repository_url         = (known after apply)
        }
    }

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
BartoszZawadzki commented 1 year ago

Alright, so I've been able to catch the issue. I was using TerraformCloud as a backend:

generate "backend" {
  path      = "backend.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<EOF
terraform {
  backend "remote" {
  hostname = "app.terraform.io"
  organization = "MyOrganization"
  token = "${local.terraform_token}"
    workspaces {
      name = "MyOrganization-${local.environment}"
    }
  }
}
EOF
}

when switched to s3 backend plan generated successfully.

Thanks for Your help Anton!

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.