search

terraform-aws-modules / terraform-aws-iam

Terraform module to create AWS IAM resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/iam/aws
Apache License 2.0
790 stars 1.01k forks source link

Error: Invalid template interpolation value #42

Closed mmshaikh88 closed 4 years ago

mmshaikh88 commented 4 years ago

I am trying to create user but getting the errors:

I am using following tf

#########################################
# IAM user, login profile and access key
#########################################

variable "admin_user_user_id2" {
  description = "admin user flag"
  default = "false"
}

module "iam_user_user_id2" {
  source = "terraform-aws-modules/iam/aws//modules/iam-user"
  version = "~> 2.0"

  name = "user.id2"
  force_destroy = true

  # User has uploaded his public key here - https://keybase.io/test/pgp_keys.asc
  pgp_key = "keybase:xxxxxxxxxx"

  password_reset_required = false

  # SSH public key
  upload_iam_user_ssh_key = false
  # ssh_public_key = ""
}

resource "aws_iam_user_group_membership" "user_id2_user" {
  user = "${module.iam_user_user_id2.this_iam_user_name}"

  groups = ["${aws_iam_group.users.name}",
          ]
}
resource "aws_iam_user_group_membership" "user_id2_engops_admin" {
  user = "${module.iam_user_user_id2.this_iam_user_name}"

  count = "${var.admin_user_user_id2 == "true" ? 1 : 0}"
  groups = ["${aws_iam_group.engops_admin.name}",
          ]
}

It was working till terraform-v0.12.13, since I have upgraded to terraform-v0.12.16

I am getting following errors:

Warning: Interpolation-only expressions are deprecated

  on group-engops-admin.tf line 10, in resource "aws_iam_policy" "EngOps":
  10:   policy = "${file("policy-json-files/managed/engops.json")}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-engops-admin.tf line 14, in resource "aws_iam_group_policy_attachment" "admin":
  14:   group = "${aws_iam_group.engops_admin.name}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-service-accounts.tf line 10, in resource "aws_iam_policy" "manage_own_account_no_MFA":
  10:   policy = "${file("policy-json-files/managed/manage-own-account-no-MFA.json")}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-service-accounts.tf line 14, in resource "aws_iam_group_policy_attachment" "manage_no_mfa":
  14:   group = "${aws_iam_group.service_accounts.name}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-service-accounts.tf line 15, in resource "aws_iam_group_policy_attachment" "manage_no_mfa":
  15:   policy_arn = "${aws_iam_policy.manage_own_account_no_MFA.arn}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-users.tf line 10, in resource "aws_iam_policy" "list_own_user_policy":
  10:   policy = "${file("policy-json-files/managed/list-own-user-policy.json")}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-users.tf line 18, in resource "aws_iam_policy" "manage_own_account_with_MFA":
  18:   policy = "${file("policy-json-files/managed/manage-own-account-with-MFA.json")}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-users.tf line 22, in resource "aws_iam_group_policy_attachment" "list_own":
  22:   group = "${aws_iam_group.users.name}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-users.tf line 23, in resource "aws_iam_group_policy_attachment" "list_own":
  23:   policy_arn = "${aws_iam_policy.list_own_user_policy.arn}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-users.tf line 27, in resource "aws_iam_group_policy_attachment" "manage_mfa":
  27:   group = "${aws_iam_group.users.name}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on group-users.tf line 28, in resource "aws_iam_group_policy_attachment" "manage_mfa":
  28:   policy_arn = "${aws_iam_policy.manage_own_account_with_MFA.arn}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on main.tf line 2, in provider "aws":
   2:   region  = "${var.region}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on user_user_id2.tf line 30, in resource "aws_iam_user_group_membership" "user_id2_user":
  30:   user = "${module.iam_user_user_id2.this_iam_user_name}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on user_user_id2.tf line 37, in resource "aws_iam_user_group_membership" "user_id2_engops_admin":
  37:   user = "${module.iam_user_user_id2.this_iam_user_name}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on user_user_id2.tf line 39, in resource "aws_iam_user_group_membership" "user_id2_engops_admin":
  39:   count = "${var.admin_user_user_id2 == "true" ? 1 : 0}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on user_user_id2.tf line 49, in resource "aws_iam_policy" "user_id2":
  49:   policy = "${file("policy-json-files/users/policy_user_id2.json")}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on user_user_id2.tf line 53, in resource "aws_iam_user_policy_attachment" "user_id2":
  53:   user = "${module.iam_user_user_id2.this_iam_user_name}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Warning: Interpolation-only expressions are deprecated

  on user_user_id2.tf line 54, in resource "aws_iam_user_policy_attachment" "user_id2":
  54:   policy_arn = "${aws_iam_policy.user_id2.arn}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

Error: Invalid template interpolation value

  on .terraform/modules/iam_user_user_id2/terraform-aws-modules-terraform-aws-iam-64f6192/modules/iam-user/outputs.tf line 115, in output "keybase_secret_key_decrypt_command":
 114: 
 115: echo "${element(concat(aws_iam_access_key.this.*.encrypted_secret, [""]), 0)}" | base64 --decode | keybase pgp decrypt
 116: 
    |----------------
    | aws_iam_access_key.this is tuple with 1 element

The expression result is null. Cannot include a null value in a string
template.

Error: Invalid template interpolation value

  on .terraform/modules/iam_user_user_id2/terraform-aws-modules-terraform-aws-iam-64f6192/modules/iam-user/outputs.tf line 126, in output "keybase_secret_key_pgp_message":
 121: 
 122: 
 123: 
 124: 
 126: ${element(concat(aws_iam_access_key.this.*.encrypted_secret, [""]), 0)}
 127: 
 128: 
    |----------------
    | aws_iam_access_key.this is tuple with 1 element

The expression result is null. Cannot include a null value in a string
template.

Makefile:11: recipe for target 'apply-cp-users' failed
tonypnode commented 4 years ago

same issue.

chris-alation commented 4 years ago

I had this issue too. I got around it by 1) Cloning the repo locally. 2) Removing outputs that relate to keybase. All the other code is the same, except removing those outputs. 3) Pointing Terraform to my "new" local modules. 4) Profit

Not ideal, but not sure what else to do.

Another way around it would be to install Keybase even though you don't use it, though I have not tested, but maybe you could test that?

I didn't want to require keybase to be installed because the whole team would need it then.

I guess the only fix I can see is to split the module into 2. 1 that supports keybase and 1 that doesn't.

antonbabenko commented 4 years ago

The original issue was opened a while ago, and some things were improved since that time. The code is written in a way that if keybase is not used specified it is not going to be used and thus the output will be empty but it won't fail.

I have tried to reproduce this in Terrafrm 0.13.2 and it works as expected, or I just don't have breaking example.

If you believe that there is room for improvement in this module, please open an issue and specify a failing example.

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.