search

terraform-google-modules / terraform-google-service-accounts

Creates one or more service accounts and grants them basic roles
https://registry.terraform.io/modules/terraform-google-modules/service-accounts/google
Apache License 2.0
114 stars 99 forks source link

Error when project_roles is empty in v4.0.0 #42

Closed totogo closed 3 years ago

totogo commented 3 years ago

I just upgrade from ~>3.0 to ~>4.0 and my terraform version is 

Terraform v0.15.1
on darwin_amd64
+ provider registry.terraform.io/hashicorp/google v3.66.0
+ provider registry.terraform.io/hashicorp/template v2.2.0

If the project_roles is empty, I got this error when run terraform apply:

│ Error: Error in function call
│ 
│   on .terraform/modules/uploader_service_account/main.tf line 26, in locals:
│   26:   name_role_pairs       = setproduct(local.names, toset(var.project_roles))
│     ├────────────────
│     │ local.names is set of string with 1 element
│     │ var.project_roles is empty list of string
│ 
│ Call to function "setproduct" failed: panic in function implementation: runtime error: hash of unhashable type cty.ValueMarks
│ goroutine 2092 [running]:
│ runtime/debug.Stack(0xc00133bfd8, 0x301fa40, 0xc001bfda40)
│       runtime/debug/stack.go:24 +0x9f
│ github.com/zclconf/go-cty/cty/function.errorForPanic(...)
│       github.com/zclconf/go-cty@v1.8.2/cty/function/error.go:44
│ github.com/zclconf/go-cty/cty/function.Function.Call.func1(0xc00133c790, 0xc00133c7b0)
│       github.com/zclconf/go-cty@v1.8.2/cty/function/function.go:291 +0x93
│ panic(0x301fa40, 0xc001bfda40)
│       runtime/panic.go:965 +0x1b9
│ github.com/zclconf/go-cty/cty.Value.Mark(0x383de20, 0xc001bfda20, 0x32ea700, 0xc0006128b8, 0x30cc180, 0x0, 0x339f680, 0xc001089230, 0x0,
│ 0xc00211ff98)
│       github.com/zclconf/go-cty@v1.8.2/cty/marks.go:208 +0x1dc
│ github.com/zclconf/go-cty/cty/function/stdlib.glob..func33(0xc001ecd780, 0x2, 0x2, 0x383de20, 0xc001bfda10, 0xc001bfda10, 0x0, 0x0, 0x48f52a0,
│ 0x100f301, ...)
│       github.com/zclconf/go-cty@v1.8.2/cty/function/stdlib/collection.go:958 +0x10b2
│ github.com/zclconf/go-cty/cty/function.Function.Call(0xc0000bfce0, 0xc001ecd780, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
│       github.com/zclconf/go-cty@v1.8.2/cty/function/function.go:295 +0x4a7
│ github.com/hashicorp/hcl/v2/hclsyntax.(*FunctionCallExpr).Value(0xc0022ac0f0, 0xc00211ff80, 0x0, 0xc00133d800, 0x1, 0x1, 0x0, 0x0, 0x0)
│       github.com/hashicorp/hcl/v2@v2.9.1/hclsyntax/expression.go:442 +0xff6
│ github.com/hashicorp/terraform/lang.(*Scope).EvalExpr(0xc0020735e0, 0x383cb88, 0xc0022ac0f0, 0x383dd40, 0x48f52a0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
│       github.com/hashicorp/terraform/lang/eval.go:171 +0x1bc
│ github.com/hashicorp/terraform/terraform.(*BuiltinEvalContext).EvaluateExpr(0xc0019e4680, 0x383cb88, 0xc0022ac0f0, 0x383dd40, 0x48f52a0, 0x0,
│ 0x0, 0x0, 0xffffffffffffffff, 0x0, ...)
│       github.com/hashicorp/terraform/terraform/eval_context_builtin.go:280 +0xbb
│ github.com/hashicorp/terraform/terraform.(*NodeLocal).Execute(0xc002d588d0, 0x3873af0, 0xc0019e4680, 0xc0000b4002, 0xc0010d9ce8, 0x100d305,
│ 0x3049060)
│       github.com/hashicorp/terraform/terraform/node_local.go:153 +0x67d
│ github.com/hashicorp/terraform/terraform.(*ContextGraphWalker).Execute(0xc0004f8f00, 0x3873af0, 0xc0019e4680, 0xba9e350, 0xc002d588d0, 0x0, 0x0,
│ 0x0)
│       github.com/hashicorp/terraform/terraform/graph_walk_context.go:127 +0xbf
│ github.com/hashicorp/terraform/terraform.(*Graph).walk.func1(0x31cb520, 0xc002d588d0, 0x0, 0x0, 0x0)
│       github.com/hashicorp/terraform/terraform/graph.go:59 +0xbd3
│ github.com/hashicorp/terraform/dag.(*Walker).walkVertex(0xc001d78e40, 0x31cb520, 0xc002d588d0, 0xc001a63000)
│       github.com/hashicorp/terraform/dag/walk.go:381 +0x288
│ created by github.com/hashicorp/terraform/dag.(*Walker).Update
│       github.com/hashicorp/terraform/dag/walk.go:304 +0x1246
│ .

Here is my terraform script, this does not work:

module "uploader_service_account" {
  source       = "terraform-google-modules/service-accounts/google"
  version      = "~> 4.0"
  project_id   = var.project
  names        = ["uploader"]
  display_name = "Uploader"
  description  = "Service account to upload data in GCS  bucket"
  depends_on = [module.project-services]
}

This one works:


module "uploader_service_account" {
  source       = "terraform-google-modules/service-accounts/google"
  version      = "~> 4.0"
  project_id   = var.project
  names        = ["uploader"]
  display_name = "Uploader"
  description  = "Service account to upload data in GCS  bucket"
  project_roles = [
    "${var.project}=>roles/storage.objectCreator",
  ]

  depends_on = [module.project-services]
}
s1mark commented 3 years ago

@totogo Just by curiosity could you try it with terraform version 0.14.8 ?

bharathkkb commented 3 years ago

@totogo this is a regression in upstream tf core https://github.com/hashicorp/terraform/issues/28524 and looks like a fix is already in 0.15.2. Could you try that out?

totogo commented 3 years ago

@s1mark @bharathkkb I have tested with 0.14.8 and 0.15.2, both of them are OK. The issue is fixed for me. Thanks!