Interpolate locals, variables etc. into import block ids

[simoncrowe]

OpenTofu Version

OpenTofu v1.6.0-rc1
on linux_amd64

Use Cases

I've been testing whether opentofu has the feature added to terraform in this PR.

Based on what I've attempted, although the error messages are different to those output by terraform 1.5.6, it does not seem that interplating variables into import block ids works in opentofu.

Here are few use cases I can think of:

• Writing code capable of importing resources across multiple environments, where resources are namespaced
• Importing based on data sources where resource ids aren't known
• Working across multiple AWS accounts

Attempted Solutions

Terrafrom code

import {
  to = module.tasks_queue.aws_sqs_queue.this
  id =  "https://sqs.eu-west-1.amazonaws.com/${local.aws_account_id}/${local.tasks_queue_name}"
}

Output (to be clear, both aws_account_id and tasks_queue_name are declared as locals in the same module as the code snippet above so maybe they are somehow not in scope).

│ Error: Invalid import id argument
│
│   on main.tf line 390, in import:
│  390:   id =  "https://sqs.eu-west-1.amazonaws.com/${local.aws_account_id}/${local.tasks_queue_name}"
│
│ The import block "id" argument depends on resource attributes that cannot be determined until apply, so
│ OpenTofu cannot plan to import this resource.
╵
╷
│ Error: Reference to undeclared local value
│
│   on main.tf line 390, in import:
│  390:   id =  "https://sqs.eu-west-1.amazonaws.com/${local.aws_account_id}/${local.tasks_queue_name}"
│
│ A local value with the name "aws_account_id" has not been declared.
╵
╷
│ Error: Reference to undeclared local value
│
│   on main.tf line 390, in import:
│  390:   id =  "https://sqs.eu-west-1.amazonaws.com/${local.aws_account_id}/${local.tasks_queue_name}"
│
│ A local value with the name "tasks_queue_name" has not been declared.

Proposal

Make it possible to interpolate variables, locals, outputs and data sources within import block ids so that they are dynamic.

References

No response

[Yantrio]

Hi @simoncrowe , Thanks for raising this!

This feature was in 1.6.x of terraform but not 1.5.x, this is probably why you're noticing some differences here in the errors that are reported.

This change was also included in opentofu in this commit because it was committed to the terraform repository before the license change occurred and, therefore, before the point that we forked.

As for the errors you have received here

│ The import block "id" argument depends on resource attributes that cannot be determined until apply, so
│ OpenTofu cannot plan to import this resource.

I think that this error message is acceptable. It is impossible to interpolate those variables in the expression without having those resources applied.

│ A local value with the name "X" has not been declared.

Would you be able to provide us with the full file or a cut down reproduction to help here? I'm going to attempt to reproduce this issue now but if you had a cut down reproduction that would be extremely helpful.

Thanks!

[simoncrowe]

Thanks @Yantrio I was unable to work out whether that commit was included in OpenToFu.

My tofu plan run was a quick test on my local machine using CLI arguments that worked with terraform 1.5.6, so it might not be the best example.

That said, I here is the relevant code for the locals:

  aws_account_id                    = data.aws_caller_identity.current.account_id
...
  colour                            = var.environment == "Staging" ? var.environment : trimprefix(var.environment, "Staging")
  staging_colour                    = var.environment == "Staging" || var.environment == "Production" || var.environment == "Development" ? "" : lower(trimprefix(var.environment, "Staging"))
...
  env_type_map = {
    "Production"  = "production"
    "Staging"     = "staging"
    "Development" = "development"
  }
  env_type = local.staging_colour != "" ? "staging" : lookup(local.env_type_map, var.environment)
...
  tasks_queue_name = "${local.env_type}-${lower(local.colour)}-tasks"

And the module referenced in the import block:

module "tasks_queue" {
  source = "git@<REDACTED>/tf-modules.git//aws/sqs/queue?ref=r327"
  name = local.tasks_queue_name
  sqs_policy_doc = templatefile("${path.module}/policies/task_queue_access_policy.json.tftpl", {
    queue_arn = "arn:aws:sqs:eu-west-1:${data.aws_caller_identity.current.account_id}:${local.tasks_queue_name}"
  })
}

Please don't go to too much effort if this isn't enough information to work with. My team would need to properly migrate the codebsase to OpenToFu before I could be confident that the import block is the problem here.

[cam72cam]

What happens when you plan with terraform 1.6?

Also it looks like local.aws_account_id depends on data.aws_caller_identity.current.account_id which may not yet be accessible?

[simoncrowe]

@cam72cam I've run the same init and plan commands with Terraform 1.6.6 and I don't get the Invalid import id argument error or either of the Reference to undeclared local value errors. My only guess is that I've encountered some kind of edge case that wasn't supported at the point that the repos forked.

[cam72cam]

Reproduced with:
main.tf

provider "aws" {
  region = "eu-west-1"
}

variable "environment" {
  type = string
}

locals {
  tasks_queue_name = "myqueuoe"
  aws_account_id   = data.aws_caller_identity.current.account_id
  colour           = var.environment == "Staging" ? var.environment : trimprefix(var.environment, "Staging")
  staging_colour   = var.environment == "Staging" || var.environment == "Production" || var.environment == "Development" ? "" : lower(trimprefix(var.environment, "Staging"))
  env_type_map = {
    "Production"  = "production"
    "Staging"     = "staging"
    "Development" = "development"
  }
}

data "aws_caller_identity" "current" {

}

module "tasks_queue" {
  source = "./mod"
  #source = "git@<REDACTED>/tf-modules.git//aws/sqs/queue?ref=r327"
  name           = local.tasks_queue_name
  sqs_policy_doc = "nop" /*templatefile("${path.module}/policies/task_queue_access_policy.json.tftpl", {
    queue_arn = "arn:aws:sqs:eu-west-1:${data.aws_caller_identity.current.account_id}:${local.tasks_queue_name}"
  })*/
}

import {
  to = module.tasks_queue.aws_sqs_queue.this
  id = "https://sqs.eu-west-1.amazonaws.com/${local.aws_account_id}/${local.tasks_queue_name}"
}

mod/mod.tf

variable "name" {
  type = string
}
variable "sqs_policy_doc" {
  type = string
}

resource "aws_sqs_queue" "this" {
}