"Error: Invalid for_each argument" when specifying `secret_accessors`
I should've seen this coming when implementing !6 (aa259696), but given that I've used toset
in the for_each
of the google_secret_manager_secret_iam_member.secret_accessors
resource the values in the secret_accessors
variable must be static. So, we cannot do the following which is a standard workflow.
resource "google_service_account" "main" {
account_id = "testing"
}
module "secrets" {
source = "git::https://gitlab.developers.cam.ac.uk/uis/devops/infra/terraform/gcp-secret-manager.git?ref=v3"
project = local.project
region = local.region
secret_id = "testing"
secret_accessors = ["serviceAccount:${google_service_account.main.email}"]
}
As it results in the following error.
│ Error: Invalid for_each argument
│
│ on /terraform_data/modules/secrets/main.tf line 29, in resource "google_secret_manager_secret_iam_member" "secret_accessors":
│ 29: for_each = toset(var.secret_accessors)
│ ├────────────────
│ │ var.secret_accessors is list of string with 1 element
│
│ The "for_each" set includes values derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
│
│ When working with unknown values in for_each, it's better to use a map value where the keys are defined statically in your configuration and where only the values contain apply-time results.
I'll need to refactor this for_each
to avoid this issue.