search

terraform-google-modules / terraform-google-iam

Manages multiple IAM roles for resources on Google Cloud
https://registry.terraform.io/modules/terraform-google-modules/iam/google
Apache License 2.0
189 stars 171 forks source link

Bug: Error while creating custom_role_iam #155

Closed anjuls closed 2 years ago

anjuls commented 2 years ago

https://github.com/terraform-google-modules/terraform-google-iam/blob/255a427afc110e5fb26028cf98195fc7b6f05b8f/modules/custom_role_iam/main.tf#L19

I am using following in my terraform and when doing terraform plan, I am getting error in above line.

module "qa" {
  source = "terraform-google-modules/iam/google//modules/custom_role_iam"
  version = "7.4.0"
  target_level = "project"
  target_id    = var.project_id
  role_id      = "qaTeam"
  title        = "qa team role"
  description  = "For all qa engineering team members"
  base_roles = [
    "roles/viewer"
  ]
  permissions          = ["iam.roles.get"]
  # excluded_permissions = []
  members = [
    "group:xx-xxxx@xxxxx.com"
  ]
}

 Error: Error in function call
│
│   on .terraform/modules/iam.platform/modules/custom_role_iam/main.tf line 19, in locals:
│   19:   included_permissions = concat(flatten(values(data.google_iam_role.role_permissions)[*].included_permissions), var.permissions)
│     ├────────────────
│     │ data.google_iam_role.role_permissions is object with 34 attributes
│
│ Call to function "flatten" failed: panic in function implementation: value
│ is null
│ goroutine 17666 [running]:
│ runtime/debug.Stack()
│   /usr/local/go/src/runtime/debug/stack.go:24 +0x65
│ github.com/zclconf/go-cty/cty/function.errorForPanic(...)
│   /home/circleci/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/error.go:44
│ github.com/zclconf/go-cty/cty/function.Function.ReturnTypeForValues.func1()
│   /home/circleci/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/function.go:217
│ +0x7a
│ panic({0x2143820, 0x2aaa0c0})
│   /usr/local/go/src/runtime/panic.go:1038 +0x215
│ github.com/zclconf/go-cty/cty.Value.LengthInt({{{0x2b2a050, 0xc001e61f30}},
│ {0x0, 0x0}})
│   /home/circleci/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/value_ops.go:1063
│ +0x1d8
│ github.com/zclconf/go-cty/cty.Value.Length({{{0x2b2a050, 0xc001e61f30}},
│ {0x0, 0x0}})
│   /home/circleci/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/value_ops.go:1034
│ +0x17e
│ github.com/zclconf/go-cty/cty/function/stdlib.flattener({{{0x2b2a050,
│ 0xc001e61f30}}, {0x0, 0x0}})
│   /home/circleci/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/stdlib/collection.go:528
│ +0x10f
│ github.com/zclconf/go-cty/cty/function/stdlib.flattener({{{0x2b2a130,
│ 0xc0031b4378}}, {0x20f40e0, 0xc0031b4390}})
│   /home/circleci/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/stdlib/collection.go:553
│ +0x377
│ github.com/zclconf/go-cty/cty/function/stdlib.glob..func22({0xc002b37220,
│ 0xc0031b4378, 0x2b2a018})
│   /home/circleci/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/stdlib/collection.go:492
│ +0x92
│ github.com/zclconf/go-cty/cty/function.Function.ReturnTypeForValues({0x0},
│ {0xc002b37220, 0x1, 0xc0030f8820})
│   /home/circleci/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/function.go:221
│ +0x2ff
│ github.com/zclconf/go-cty/cty/function.Function.Call({0x0}, {0xc002b37220,
│ 0x1, 0x1})
│   /home/circleci/go/pkg/mod/github.com/zclconf/go-cty@v1.10.0/cty/function/function.go:228
│ +0x86
│ github.com/hashicorp/hcl/v2/hclsyntax.(*FunctionCallExpr).Value(0xc0014f6690,
│ 0xc000997b00)
│   /home/circleci/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hclsyntax/expression.go:442
│ +0x249f
│ github.com/hashicorp/hcl/v2/hclsyntax.(*FunctionCallExpr).Value(0xc0014f6780,
│ 0xc000997b00)
│   /home/circleci/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.11.1/hclsyntax/expression.go:408
│ +0x3c87
│ github.com/hashicorp/terraform/internal/lang.(*Scope).EvalExpr(0xc000cfcf60,
│ {0x2b28c30, 0xc0014f6780}, {{0x2b2a018, 0x4059f90}})
│   /home/circleci/project/project/internal/lang/eval.go:171 +0x14b
│ github.com/hashicorp/terraform/internal/terraform.(*BuiltinEvalContext).EvaluateExpr(0x0,
│ {0x2b28c30, 0xc0014f6780}, {{0x2b2a018, 0x4059f90}}, {0x0, 0x0})
│   /home/circleci/project/project/internal/terraform/eval_context_builtin.go:281
│ +0xc5
│ github.com/hashicorp/terraform/internal/terraform.(*NodeLocal).Execute(0x0,
│ {0x2b9e040, 0xc005f941c0}, 0x0)
│   /home/circleci/project/project/internal/terraform/node_local.go:153 +0x574
│ github.com/hashicorp/terraform/internal/terraform.(*ContextGraphWalker).Execute(0xc003bb80e0,
│ {0x2b9e040, 0xc005f941c0}, {0x7f7e871dad40, 0xc0072c5500})
│   /home/circleci/project/project/internal/terraform/graph_walk_context.go:133
│ +0xc2
│ github.com/hashicorp/terraform/internal/terraform.(*Graph).walk.func1({0x23ed200,
│ 0xc0072c5500})
│   /home/circleci/project/project/internal/terraform/graph.go:74 +0x2f0
│ github.com/hashicorp/terraform/internal/dag.(*Walker).walkVertex(0xc0014dd980,
│ {0x23ed200, 0xc0072c5500}, 0xc006a5eb00)
│   /home/circleci/project/project/internal/dag/walk.go:381 +0x2f1
│ created by github.com/hashicorp/terraform/internal/dag.(*Walker).Update
│   /home/circleci/project/project/internal/dag/walk.go:304 +0xf85
│ .
╵
anjuls commented 2 years ago

During troubleshooting, I figured out, it is happening for below set.

module "platform" {
#   source       = "terraform-google-modules/iam/google//modules/custom_role_iam"
#   target_level = "project"
#   target_id    = var.project_id
#   role_id      = "platform"
#   title        = "platform team role"
#   description  = "For all Platforms Engineering team members"
#   base_roles = [
#     "roles/iam.securityViewer",
#     "roles/artifactregistry.admin",
#     "roles/gkebackup.admin",
#     "roles/container.admin",
#     "roles/container.clusterAdmin",
#     "roles/monitoring.admin",
#     "roles/billing.user",
#     "roles/file.editor",
#     "roles/cloudfunctions.admin",
#     "roles/iap.admin",
#     "roles/cloudkms.admin",
#     "roles/cloudprofiler.agent",
#     "roles/run.admin",
#     "roles/cloudscheduler.admin",
#     "roles/cloudsecurityscanner.editor",
#     "roles/cloudsql.admin",
#     "roles/storage.admin",
#     "roles/compute.admin",
#     "roles/containeranalysis.admin",
#     # "roles/dns.admin",
#     "roles/firebase.admin",
#     "roles/iam.securityAdmin",
#     "roles/logging.admin",
#     "roles/memcache.admin",
#     "roles/redis.admin",
#     "roles/pubsub.admin",
#     "roles/browser",
#     "roles/pubsublite.admin",
#     "roles/secretmanager.admin",
#     "roles/vpcaccess.admin",
#     "roles/iam.serviceAccountAdmin",
#     "roles/stackdriver.accounts.editor",
#     "roles/cloudsupport.admin",
#     "roles/iam.workloadIdentityPoolAdmin",
#     "roles/viewer"
#   ]
#   permissions          = ["iam.roles.get"]
#   # excluded_permissions = []
#   members = [
#     "group:pxxxx@xx.xx"
#   ]
# }
github-actions[bot] commented 2 years ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days