terraform-google-iam icon indicating copy to clipboard operation
terraform-google-iam copied to clipboard
verified publisher icon terraform-google-modules

service_accounts_iam doesn't work with computed values

Open red8888 opened this issue 1 year ago • 2 comments

TL;DR

You already fixed this here: https://github.com/terraform-google-modules/terraform-google-iam/issues/75\

You need to apply the same fix to this module

Expected behavior

Works with computed values

Observed behavior

│ 50: for_each = module.helper.set_additive │ ├──────────────── │ │ module.helper.set_additive is a set of dynamic, known only after apply │ │ The "for_each" set includes values derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of │ this resource.

Terraform Configuration

module "my_acct" {
  source           = "terraform-google-modules/iam/google//modules/service_accounts_iam"
  service_accounts = [data.google_service_account.my_acct.email]
  project          = var.project_id
  mode             = "additive"
  bindings = {
    "roles/iam.serviceAccountTokenCreator" = [
      "serviceAccount:${google_service_account.aaaa.email}",
    ]
    "roles/iam.serviceAccountUser" = [
      "serviceAccount:${google_service_account.aaaa.email}",
    ]
  }
}

Terraform Version

Terraform v1.9.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v6.10.0
+ provider registry.terraform.io/hashicorp/google-beta v6.10.0

Additional information

No response

red8888 avatar Nov 08 '24 16:11 red8888

I faced the same issue and couldn’t use the service_accounts_iam module.

So, I opted to use google_service_account_iam_member directly.

zope avatar Dec 24 '24 01:12 zope

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Feb 22 '25 23:02 github-actions[bot]