Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change redacted_fields variable type to map(any) #4

Merged
merged 2 commits into from
Aug 24, 2021
Merged

Change redacted_fields variable type to map(any) #4

merged 2 commits into from
Aug 24, 2021

Conversation

ian-bartholomew
Copy link
Contributor

what

  • Changes redacted_fields type to map(any)
  • Changes redacted_fields default to {}

why

  • Specifying log_destination_configs produces an error:
│ Error: Invalid dynamic for_each value
│ 
│   on .terraform/modules/waf/main.tf line 15, in resource "aws_wafv2_web_acl_logging_configuration" "default":
│   15:     for_each = var.redacted_fields
│     ├────────────────
│     │ var.redacted_fields is null
│ 
│ Cannot use a null value in for_each.
  • Adding an empty redacted_fields map produces the following validation error:
╷                                                                                                                                                                                                                                     
│ Error: Invalid value for module argument                                                                                                                                                                                            
│                                                                                                                                                                                                                                     
│   on main.tf line 10, in module "waf":                                                                                                                                                                                              
│   10:   redacted_fields = {}                                                                                                                                                                                                        
│                                                                                                                                                                                                                                     
│ The given value is not suitable for child module variable "redacted_fields"                                                                                                                                                         
│ defined at .terraform/modules/waf/variables.tf:435,1-27: attributes                                                                                                                                                                 
│ "method_enabled", "query_string_enabled", "single_header", and                                                                                                                                                                      
│ "uri_path_enabled" are required.

because the variable type constraint is expecting a variable shaped like:

  redacted_fields = {
    method_enabled       = true
    uri_path_enabled     = false
    query_string_enabled = false
    single_header        = [] 
  }

While the code is expecting a map shaped like:

  redacted_fields = {
    foo = {
      method_enabled       = true
      uri_path_enabled     = false
      query_string_enabled = false
      single_header        = []
    }
  }
  • Adding a variable of the expected shape also produces errors like:
╷                                                                                                                                                                                                                                     
│ Error: Unsupported attribute                                                                                                                                                                                                        
│                                                                                                                                                                                                                                     
│   on .terraform/modules/waf/main.tf line 19, in resource "aws_wafv2_web_acl_logging_configuration" "default":                                                                                                                       
│   19:         for_each = redacted_fields.value.method_enabled ? [1] : []                                                                                                                                                            
│     ├────────────────                                                                                                                                                                                                               
│     │ redacted_fields.value is false                                                                                                                                                                                                
│                                                                                                                                                                                                                                     
│ This value does not have any attributes.
  • Changing to map(any) allows us to pass in an empty map when no redacted fields are needed, as well as pass in a map in the shape that the code is expecting

@ian-bartholomew ian-bartholomew requested review from a team as code owners August 18, 2021 05:02
mcalhoun
mcalhoun approved these changes Aug 24, 2021
View reviewed changes
Copy link
Member

@mcalhoun mcalhoun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mcalhoun
Copy link
Member

/test all

@mcalhoun mcalhoun merged commit ebc4d1c into cloudposse:master Aug 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcalhoun mcalhoun mcalhoun approved these changes

@jamengual jamengual Awaiting requested review from jamengual

@woz5999 woz5999 Awaiting requested review from woz5999

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ian-bartholomew @mcalhoun @cloudpossebot