fix: require deterministic values for the for loop from var.account_assignments

[wquan1]

what

Major fix: Make local.assignment_map to be compiled from account_name instead of account id.

Minor fix: Upgrade terraform local provider in examples to the latest version to make it working for Apple M1 chip platform.

why

The error:

Error: Invalid for_each argument
on .terraform/modules/sso_account_assignments/modules/account-assignments/main.tf line 29, in resource "aws_ssoadmin_account_assignment" "this":
  for_each = local.assignment_map
local.assignment_map will be known only after apply

In my use case, I am creating the AWS account within the same workspace of the SSO assignments. So, the input var.account_assignments[*].account(which is the account id) is not known until the resource is getting created. Thus, the local.assignment_map cannot be determined at terraform compiling stage, and the for_each loop on the local.assignment_map in resource.aws_ssoadmin_account_assignment.this can not be determined either.

However, the account name is something people can predefine before the aws account is created. So include the account name in the input var.account_assignments, and use the a.account_name which is deterministic, instead of a.account(account_id) will resolve this issue.

references

[Gowiem]

This sounds like a legitimate problem from the description. Before we make this breaking change to address this though... I wonder how Cloud Posse works around this. @osterman anyone on your team that should look at this?

[mergify[bot]]

Thanks @wquan1 for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

[!TIP]

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

[Nuru]

Sorry, @wquan1 (and @Gowiem), creating the AWS account at the same time as making SSO assignments is not something I want to support.