search

terraform-google-modules / terraform-google-kubernetes-engine

Configures opinionated GKE clusters
https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google
Apache License 2.0
1.13k stars 1.15k forks source link

Inconsistent conditional result types in kubernetes-engine_workload-identity output #1112

Open psarka opened 2 years ago

psarka commented 2 years ago

TL;DR

Terraform chokes with Error: Inconsistent conditional result types when trying to compute gcp_service_account output in workload-identity/output.tf.

Expected behavior

No response

Observed behavior

The full error message is:

paulius@xps:~/Documents/gcloud-infrastructure/terraform_v2$ terraform apply
╷
│ Error: Inconsistent conditional result types
│ 
│   on .terraform/modules/kubernetes-engine_workload-identity/modules/workload-identity/output.tf line 44, in output "gcp_service_account":
│   44:   value       = var.use_existing_gcp_sa ? data.google_service_account.cluster_service_account[0] : google_service_account.cluster_service_account[0]
│     ├────────────────
│     │ data.google_service_account.cluster_service_account[0] is a object, known only after apply
│     │ google_service_account.cluster_service_account[0] is a object, known only after apply
│     │ var.use_existing_gcp_sa is a bool, known only after apply
│ 
│ The true and false result expressions must have consistent types. The given expressions are object and object, respectively.

Terraform Configuration

module "kubernetes-engine_workload-identity" {
  source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
  name = "mlflow-worker"
  namespace = "default"
  version = "17.2.0"
  project_id = var.project
  roles = [
    "roles/artifactregistry.reader",
    "roles/storage.objectAdmin",
  ]
}

### Terraform Version

```sh
Terraform v1.1.0
on linux_amd64
+ provider registry.terraform.io/hashicorp/external v2.1.0
+ provider registry.terraform.io/hashicorp/google v3.90.1
+ provider registry.terraform.io/hashicorp/google-beta v4.3.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.7.1
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0

Additional information

It did work initially, when I created the cluster, and I'm not sure what happened since then. I'm pretty sure I did not upgrade anything.

When I got this bug, I did reinit terraform, with no positive effect. My current workaround is to manually edit the .terraform/modules/kubernetes-engine_workload-identity/modules//workload-identity/output.tf file and replace line 44 by value = google_service_account.cluster_service_account[0].

pawlomi commented 2 years ago

I have noticed the same issue. It is ok when using Terraform v1.0.11 but fails with Terraform v1.1.0

morgante commented 2 years ago

Interesting, seems like a change in Terraform v1.1.0. We might have to use a data source in both cases or construct an object with an overlapping subset of the fields.

D3luxee commented 2 years ago

Terraform 1.1.1 was released yesterday which fixed this issue.

https://github.com/hashicorp/terraform/releases/tag/v1.1.1