Cannot specify more than one extra_container_definitions

[andyshinn]

Description

When specifying more than one item in list of extra_container_definitions there is an error.

• [x] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
2. Re-initialize the project root to pull down modules: terraform init
3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

• Module version [Required]: 3.13.1

• Terraform version:

Terraform v1.1.4
on darwin_amd64
+ provider registry.terraform.io/datadog/datadog v3.8.1
+ provider registry.terraform.io/hashicorp/aws v3.73.0
+ provider registry.terraform.io/hashicorp/local v2.2.2
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/taiidani/jenkins v0.9.0

• Provider version(s):

terraform providers -version
Terraform v1.1.4
on darwin_amd64

Reproduction Code [Required]

module "container_definition_fluentbit" {
  source  = "cloudposse/ecs-container-definition/aws"
  version = "v0.58.1"

  container_name  = "log-router"
  container_image = "amazon/aws-for-fluent-bit:2.23.3"
  essential       = true

  firelens_configuration = {
    type = "fluentbit"

    options = {
      config-file-type        = "file"
      config-file-value       = "/fluent-bit/configs/parse-json.conf"
      enable-ecs-log-metadata = "true"
    }
  }
}

module "container_definition_datadog" {
  source  = "cloudposse/ecs-container-definition/aws"
  version = "v0.58.1"

  container_name  = "datadog-agent"
  container_image = local.datadog_image
  essential       = true
  environment = [
    {
      name  = "DD_API_KEY"
      value = "fake"
    },
    {
      name  = "ECS_FARGATE"
      value = "true"
    },
    {
      name  = "DD_APM_ENABLED"
      value = "true"
    },
    {
      name  = "DD_SITE"
      value = "ddog-gov.com"
    },
    {
      name  = "DD_LOGS_ENABLED"
      value = "true"
    }
  ]

  firelens_configuration = {
    type = "fluentbit"

    options = {
      config-file-type        = "file"
      config-file-value       = "/fluent-bit/configs/parse-json.conf"
      enable-ecs-log-metadata = "true"
    }
  }

  log_configuration = {
    logDriver = "awsfirelens"

    options = {
      Host           = "http-intake.logs.datadoghq.com"
      Name           = "datadog"
      TLS            = "on"
      apikey         = "fake"
      dd_message_key = "log"
      dd_service     = "atlantis"
      dd_tags        = "env:${terraform.workspace}"
      provider       = "ecs"
    }
  }

  healthcheck = {
    retries     = 3
    command     = ["CMD-SHELL", "agent health"]
    timeout     = 5
    interval    = 30
    startPeriod = 15
  }
}

locals {
  atlantis_region = "us-east-1"
  atlantis_domain = "mydomain.net"
}

module "atlantis_acm" {
  source  = "terraform-aws-modules/acm/aws"
  version = "3.3.0"

  domain_name = "*.${local.atlantis_domain}"
  zone_id     = "ZMYFAKEZONEID"

  wait_for_validation    = false
  create_route53_records = false
}

module "atlantis" {
  source  = "terraform-aws-modules/atlantis/aws"
  version = "3.13.1"

  name = "atlantis"

  cidr            = "10.20.0.0/16"
  azs             = ["${local.atlantis_region}a", "${local.atlantis_region}b", "${local.atlantis_region}c"]
  private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
  public_subnets  = ["10.20.101.0/24", "10.20.102.0/24", "10.20.103.0/24"]

  acm_certificate_domain_name = local.atlantis_domain

  certificate_arn = module.atlantis_acm.acm_certificate_arn
  
  extra_container_definitions = [module.container_definition_fluentbit.json_map_object, module.container_definition_datadog.json_map_object]

  atlantis_github_user       = "myorg-build"
  atlantis_github_user_token = "fakekey"
  atlantis_repo_allowlist    = ["github.com/myorg/*"]
}

Steps to reproduce the behavior:

• I am using workspaces
• I have tried clearing the cache
• Create two extra container definitions using module and add them to extra_container_definitions
• Try apply.

Expected behavior

Extra container definitions would be added.

Actual behavior

Error:

╷
│ Error: Invalid value for module argument
│ 
│   on atlantis.tf line 223, in module "atlantis":
│  223:   extra_container_definitions = [[module.container_definition_fluentbit.json_map_object], [module.container_definition_datadog.json_map_object]]
│ 
│ The given value is not suitable for child module variable "extra_container_definitions" defined at .terraform/modules/atlantis/variables.tf:398,1-39: all list elements must have the same type.
╵

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[andyshinn]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

Ok.. thanks bot. Commenting as it is still an issue.

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[andyshinn]

Ok.. thanks bot. Commenting as it is still an issue.

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[andyshinn]

Ok.. thanks bot. Commenting as it is still an issue.

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[andyshinn]

Ok.. thanks bot. Commenting as it is still an issue.

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[andyshinn]

Ok.. thanks bot. Commenting as it is still an issue.

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[andyshinn]

Ok.. thanks bot. Commenting as it is still an issue.

[dynamike]

I spent a little time trying to understand what was going on here and you are right, passing two container definitions with slightly different definitions will result in a all list elements must have the same type. error. The problem appears to be related how extra_container_definitions is defined as list(any) and how Terraform requires when untyped as any, all element must match. You can see more detail in https://github.com/hashicorp/terraform/issues/26265

Before 1.3.0, the only workaround would have been to make both container definitions have that exact same attribute definitions. For your example you would need to define valid values for environment, log_configuration, and healthcheck in your log-router container definitions, which seems untenable.

But with the ability to define optional attributes in 1.3.0, it does look like it's possible to move away from list(any) to a typed variable definition. I'll try coming up with a PR fix in the next day or two.

[andyshinn]

Thanks!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.