terraform-google-kubernetes-engine icon indicating copy to clipboard operation
terraform-google-kubernetes-engine copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

Inconsistent conditional result types in kubernetes-engine_workload-identity output

Open psarka opened this issue 3 years ago • 3 comments

TL;DR

Terraform chokes with Error: Inconsistent conditional result types when trying to compute gcp_service_account output in workload-identity/output.tf.

Expected behavior

No response

Observed behavior

The full error message is:

paulius@xps:~/Documents/gcloud-infrastructure/terraform_v2$ terraform apply
╷
│ Error: Inconsistent conditional result types
│ 
│   on .terraform/modules/kubernetes-engine_workload-identity/modules/workload-identity/output.tf line 44, in output "gcp_service_account":
│   44:   value       = var.use_existing_gcp_sa ? data.google_service_account.cluster_service_account[0] : google_service_account.cluster_service_account[0]
│     ├────────────────
│     │ data.google_service_account.cluster_service_account[0] is a object, known only after apply
│     │ google_service_account.cluster_service_account[0] is a object, known only after apply
│     │ var.use_existing_gcp_sa is a bool, known only after apply
│ 
│ The true and false result expressions must have consistent types. The given expressions are object and object, respectively.

Terraform Configuration

module "kubernetes-engine_workload-identity" {
  source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
  name = "mlflow-worker"
  namespace = "default"
  version = "17.2.0"
  project_id = var.project
  roles = [
    "roles/artifactregistry.reader",
    "roles/storage.objectAdmin",
  ]
}



### Terraform Version

```sh
Terraform v1.1.0
on linux_amd64
+ provider registry.terraform.io/hashicorp/external v2.1.0
+ provider registry.terraform.io/hashicorp/google v3.90.1
+ provider registry.terraform.io/hashicorp/google-beta v4.3.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.7.1
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0

Additional information

It did work initially, when I created the cluster, and I'm not sure what happened since then. I'm pretty sure I did not upgrade anything.

When I got this bug, I did reinit terraform, with no positive effect. My current workaround is to manually edit the .terraform/modules/kubernetes-engine_workload-identity/modules//workload-identity/output.tf file and replace line 44 by value = google_service_account.cluster_service_account[0].

psarka avatar Dec 13 '21 19:12 psarka

I have noticed the same issue. It is ok when using Terraform v1.0.11 but fails with Terraform v1.1.0

pawlomi avatar Dec 13 '21 20:12 pawlomi

Interesting, seems like a change in Terraform v1.1.0. We might have to use a data source in both cases or construct an object with an overlapping subset of the fields.

morgante avatar Dec 13 '21 21:12 morgante

Terraform 1.1.1 was released yesterday which fixed this issue.

https://github.com/hashicorp/terraform/releases/tag/v1.1.1

D3luxee avatar Dec 17 '21 10:12 D3luxee