search

terraform-aws-modules / terraform-aws-ecs

Terraform module to create AWS ECS resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/ecs/aws
Apache License 2.0
575 stars 542 forks source link

fix: config syntax of service connect tls #226

Closed willscripted closed 1 month ago

willscripted commented 2 months ago

Description

Rebound on #216's tls config change.

Motivation and Context

With the #216 patch I needed to specify a config like this (note double aws_pca_authority_arn keys):

module "example" {
  source = "terraform-aws-modules/ecs/aws"

  # ...
  service_connect_configuration = {
      # ...
      tls = {
        issuer_cert_authority = {
          "aws_pca_authority_arn" = {
            "aws_pca_authority_arn = aws_acmpca_certificate_authority.this.arn
          }
        }
        role_arn = aws_iam_role.service_connect_tls.arn
      }
    }
  }
}

But I would expect it to look more like this:

module "example" {
  source = "terraform-aws-modules/ecs/aws"

  # ...
  service_connect_configuration = {
      # ...
      tls = {
        issuer_cert_authority = {
          "aws_pca_authority_arn" = aws_acmpca_certificate_authority.this.arn
        }
        role_arn = aws_iam_role.service_connect_tls.arn
      }
    }
  }
}

But a configuration like the above with the #216 patch yields:

Planning failed. Terraform encountered an error while generating this plan.

β•·
β”‚ Error: Unsupported attribute
β”‚ 
β”‚   on ../../modules/terraform-aws-ecs/modules/service/main.tf line 180, in resource "aws_ecs_service" "this":
β”‚  180:                   aws_pca_authority_arn = issuer_cert_authority.value.aws_pca_authority_arn
β”‚     β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚     β”‚ issuer_cert_authority.value is "arn:aws:acm-pca:us-east-1:xxxxxxxxxxxx:certificate-authority/6c2a379a-xxxx-yyyy-zzzz-498531b3dec0"
β”‚ 
β”‚ Can't access attributes on a primitive-typed value (string).

Breaking Changes

The original tls change has only landed in wip/v6.

How Has This Been Tested?

It has not.

Sorry about the brevity, I can't give this the attention it deserves to drive it all the way home right now. But hopefully, this will help save someone some time down the line. Appreciate you guys building this module -- and for the original TLS change :raised_hands:

github-actions[bot] commented 1 month ago

This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

github-actions[bot] commented 1 month ago

This PR was automatically closed because of stale in 10 days

github-actions[bot] commented 2 days ago

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.