You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to set the cluster_encryption_config to encrypt the cluster secrets conditionally, only in case I supply the KMS key in my variable kms_key_arn. The variable is set to null by default. I am getting an error because the module does not perform a null check before applying KMS. I had the impression that setting something to null would guide terraform to "unset" and resort to the default module behavior (see Conditionally Omitted Arguments)
✋ I have searched the open/closed issues and my issue is not listed.
⚠️ Note
Before you submit an issue, please perform the following first:
Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
Re-initialize the project root to pull down modules: terraform init
Re-attempt your terraform plan or apply and check if the issue still persists
ℹ️ If I try to use an empty object instead of a null value in the false statement of the ternary operator, terraform validation complains that the type is not the same because it does not contain the 2 encryption attributes. Setting them separately null does not work either, leaving no other possible work-around.
Actual behavior
Error: Invalid function argument
│
│ on .terraform/modules/eks-cluster/main.tf line 18, in locals:
│ 18: enable_cluster_encryption_config = length(var.cluster_encryption_config) > 0 && !local.create_outposts_local_cluster
│ ├────────────────
│ │ while calling length(value)
│ │ var.cluster_encryption_config is null
│
│ Invalid value for "value" parameter: argument must not be null.
Error: Inconsistent conditional result types
│
│ on aws-eks-module.tf line 40, in module "eks-cluster":
│ 40: cluster_encryption_config = (var.kms_key_arn != null ? {
│ 41: provider_key_arn = var.kms_key_arn
│ 42: resources = ["secrets"]
│ 43: } : {})
│ ├────────────────
│ │ var.kms_key_arn is a string
│
│ The true and false result expressions must have consistent types. The 'true' value includes object attribute "provider_key_arn", which is absent in the 'false' value.
Terminal Output Screenshot(s)
Additional context
The text was updated successfully, but these errors were encountered:
Description
I am trying to set the
cluster_encryption_config
to encrypt the cluster secrets conditionally, only in case I supply the KMS key in my variablekms_key_arn
. The variable is set to null by default. I am getting an error because the module does not perform a null check before applying KMS. I had the impression that setting something tonull
would guide terraform to "unset" and resort to the default module behavior (see Conditionally Omitted Arguments)Before you submit an issue, please perform the following first:
.terraform
directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!):rm -rf .terraform/
terraform init
Versions
Module version [Required]: 19.5.1
Terraform version: v1.5.4
Reproduction Code [Required]
Steps to reproduce the behavior:
Expected behavior
The encryption configuration should be conditional, accept and handle a null config the same way it does for an empty object
{}
. When the null value is checked by the module code, it does not do a null check see https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/main.tf#L20ℹ️ If I try to use an empty object instead of a null value in the false statement of the ternary operator, terraform validation complains that the type is not the same because it does not contain the 2 encryption attributes. Setting them separately null does not work either, leaving no other possible work-around.
Actual behavior
if we use this solution:
we get a validation error:
Terminal Output Screenshot(s)
Additional context
The text was updated successfully, but these errors were encountered: