CORS rules fail if you don't specify all parameters

[rtim75]

If you don't specify all fields(even though some of them are optional) for CORS rule structure, plan fails with:

 terraform plan -var-file main.tfvars -out plan

Error: Invalid value for module argument

  on main.tf line 125, in module "s3-dev":
 125:   cors_rules = [
 126:     {
 127:       allowed_origins = ["http://localhost/"]
 128:       allowed_methods = ["GET", "PUT", "POST"]
 129:       allowed_headers = ["Authorization", "x-amz-date", "x-amz-content-sha256", "content-type", "content-disposition"]
 130:       expose_headers  = ["ETag"]
 131:       max_age_seconds = 3000
 132:     },
 133:     {
 134:       allowed_origins = ["*"]
 135:       allowed_methods = ["GET"]
 136:       max_age_seconds = 3000
 137:     }
 138:   ]

The given value is not suitable for child module variable "cors_rules" defined
at ../../modules/s3/variables.tf:247,1-22: all list elements must have the
same type.

main.tf

locals {
  bucket_name = "s3-bucket-${random_pet.this.id}"
}

data "aws_canonical_user_id" "current" {}

resource "random_pet" "this" {
  length = 2
}

module "s3_bucket" {
  source = "../../"

  bucket        = local.bucket_name
  acl           = "private"
  force_destroy = true

  cors_rule = [
    {
      allowed_methods = ["PUT", "POST"]
      allowed_origins = ["https://modules.tf", "https://terraform-aws-modules.modules.tf"]
      allowed_headers = ["*"]
      expose_headers  = ["ETag"]
      max_age_seconds = 3000
      }, {
      allowed_methods = ["PUT"]
      allowed_origins = ["https://example.com"]
      allowed_headers = ["*"]
      max_age_seconds = 3000
    }
  ]
}

---

Obvious(a little bit ugly, though) solution would be specifying max_age_seconds as a list and using only the first element of it:

module/s3/main.tf

...
dynamic "cors_rule" {
    for_each = toset(var.cors_rules)
    content {
      allowed_methods = cors_rule.value.allowed_methods
      allowed_origins = cors_rule.value.allowed_origins
      allowed_headers = lookup(cors_rule.value, "allowed_headers", null)
      expose_headers  = lookup(cors_rule.value, "expose_headers", null)
      max_age_seconds = lookup(cors_rule.value, "max_age_seconds", null)[0]
    }
  }
...

main.tf

cors_rules = [
    {
      allowed_origins = ["https://prototype.mddxtap.com/"]
      allowed_methods = ["GET", "PUT", "POST"]
      allowed_headers = ["Authorization", "x-amz-date", "x-amz-content-sha256", "content-type", "content-disposition"]
      expose_headers  = ["ETag"]
      max_age_seconds = [3000]
    },
    {
      allowed_origins = ["*"]
      allowed_methods = ["GET"]
      max_age_seconds = [3000]
    }
  ]

[antonbabenko]

Thanks for opening this issue. Fixed in v1.15.0.

Strange that a few hours ago there was a similar issue in this module - #45

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.