-
Notifications
You must be signed in to change notification settings - Fork 9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
role_arn can't use values from a terraform_remote_state data source #1280
Comments
Hi @icebourg Unfortunately this is a known core bug involving cross-provider references ( Do you mind me closing this in favour of a more generic issue hashicorp/terraform#4149 ? |
I'm confused. The documentation explicitly says that remote state is a supported for interpolation in providers:
I glanced at both of those bug reports, and I think what those issues are trying to accomplish is very different, trying to progressively build a terraform plan. That's not at all what I'm trying to do here. |
I think you're right, sorry for the confusion. It should work for data sources. |
I just hit this same issue.
This fails with:
Are we any closer to a fix? |
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Terraform Version
Terraform v0.9.11
Affected Resource(s)
Terraform Configuration Files
Debug Output
Terraform does not correctly recognize the ARN it needs to assume. This is an example from the debug log:
(if you take away
${data.terraform_remote_state.constants.account_ids["production"]}
from role_arn and replace it with a hardcoded value, Terraform correctly logs the ARN in debug output)Panic Output
N/A
Expected Behavior
Terraform should have interpolated the value from the remote state and correctly calculated the ARN which would lead to Terraform performing an STS:AssumeRole with this ARN and performing a successful plan.
Actual Behavior
The debug output shows the ARN is empty, and therefore Terraform does not perform an STS:AssumeRole, and therefore Terraform does not end up with credentials that manage the other resources.
Steps to Reproduce
terraform plan --out plan
Important Factoids
I've already been down the road of ensuring that the remote state is correctly loaded by Terraform before the provider. I've also verified the interpolated value is correct, though that doesn't seem to be here nor there since the debug log shows the whole thing interpolates to a blank string.
From the debug log I can see Terraform get the S3 remote state before it calculates the ARN, so Terraform should have the information it needs to correctly calculate the ARN.
I've also verified that I haven't done something dumb by using
${data.terraform_remote_state.constants.account_ids["not_real"]}
, which Terraform correctly complains about the key/value not existing.The documentation providers says that this should work, but something is causing Terraform to incorrectly believe the ARN is a blank string.
We are using this remote state data source all over our Terraform files, and all the values are correct and everything works as expected. I don't think this can be attributed to something simple like a broken remote state. The only place we can't seem to get this to work at all is as an interpolated value for role_arn for the AWS provider.
The text was updated successfully, but these errors were encountered: