terraform icon indicating copy to clipboard operation
terraform copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

allow nested references in `templatestring` argument

Open sashasimkin opened this issue 5 months ago • 2 comments

Terraform Version

Terraform v1.9.5
on darwin_amd64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.22.0
+ provider registry.terraform.io/hashicorp/aws v5.66.0
+ provider registry.terraform.io/hashicorp/external v2.3.3
+ provider registry.terraform.io/hashicorp/local v2.5.1
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.2
+ provider registry.terraform.io/hashicorp/tls v4.0.

Terraform Configuration Files

See "Debug Output"

Debug Output

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: Invalid function argument
│ 
│   on rds-instance/main.tf line 169, in locals:
│  168:       connstr         = templatestring(
│  169:         lookup(value, "connstr_template", local.connstr_template),
│  170:         {
│  171:           role_name = postgresql_role.additional[key].name
│  172:           role_password = random_password.additional-db-password[key].result
│  173:           db_host = aws_db_instance.infra_database.address
│  174:           db_port = aws_db_instance.infra_database.port
│  175:           db_name = postgresql_database.additional[key].name
│  176:         }
│  177:       )
│     ├────────────────
│     │ local.connstr_template is "postgresql+asyncpg://${role_name}:${role_password}@${db_host}:${db_port}/${db_name}"
│ 
│ Invalid value for "template" parameter: invalid template expression: must be a direct reference to a single string from elsewhere, containing valid Terraform template syntax.

Expected Behavior

templatestring executed on the result of lookup call

Actual Behavior

"Planning failed"

Steps to Reproduce

terraform plan

Additional Context

I managed to circumvent the issues using the following construct:

locals {
  connstr_template_default = "postgresql+asyncpg://$${role_name}:$${role_password}@$${db_host}:$${db_port}/$${db_name}"
  additional_dbs_connection_strings_templates = {
    for key, value in local.additional_dbs_map:
    key => lookup(value, "connstr_template", local.connstr_template_default)
  }
  additional_dbs_connection_strings = {
    for key, value in local.additional_dbs_map:
    key => {
      param_name      = value.connection_string
      connstr         = templatestring(
        local.additional_dbs_connection_strings_templates[key],
        {
          role_name = postgresql_role.additional[key].name
          role_password = random_password.additional-db-password[key].result
          db_host = aws_db_instance.infra_database.address
          db_port = aws_db_instance.infra_database.port
          db_name = postgresql_database.additional[key].name
        }
      )
      secrets_manager = lookup(value, "secrets_manager", false)
    }
  }
}

References

  • https://github.com/hashicorp/terraform/issues/35274

sashasimkin avatar Sep 09 '24 21:09 sashasimkin