Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_lambda_function cannot pass list or map variable as argument #10407

Closed
dayglojesus opened this issue Nov 29, 2016 · 9 comments
Closed

aws_lambda_function cannot pass list or map variable as argument #10407

dayglojesus opened this issue Nov 29, 2016 · 9 comments

Comments

@dayglojesus
Copy link

dayglojesus commented Nov 29, 2016
edited
Loading

Terraform Version

0.7.13

Affected Resource(s)

aws_lambda_function and resources that demand list of maps

Terraform Configuration Files

variable "my_vpc_config" {
    type = "list"
    default = [{
      subnet_ids          = ["subnet-d34db337", "subnet-d34db338"],
      security_group_ids  = ["sg-d34db337"]
    }]
    description = "Lambda VPC config settings"
}

resource "aws_lambda_function" "lambda_function" {
    filename            = "foo.zip"
    function_name       = "foo"
    description         = "FOO Lambda"
    role                = "arn:aws:iam::123456789012:role/SomeRole"
    handler             = "foo.handler"
    vpc_config          = "${var.my_vpc_config}"
}

Debug Output

N/A

Expected Behavior

  • Terraform should configure this Lambda scoping access to the VPC and SG.
  • Terraform expects a list to be passed to vpc_config.

Actual Behavior

terraform plan produces the following error:

  lambda_function.lambda_function: vpc_config.0: expected object, got invalid
    * aws_lambda_function.lambda_function: vpc_config.0: expected object, got invalid

The maps inside the enforced list type cannot be validated.

More information

There appear to be two issues here:

1. Terraform is expecting vpc_config to be type 'List'

I am not certain this is correct behaviour.

There is no need for this var type to be list -- it should be map afaict.

For example, the following works:

resource "aws_lambda_function" "lambda_function" {
    filename            = "foo.zip"
    function_name       = "foo"
    description         = "FOO Lambda"
    role                = "arn:aws:iam::123456789012:role/SomeRole"
    handler             = "foo.handler"
    vpc_config          = {
      subnet_ids          = ["subnet-d34db337", "subnet-d34db338"],
      security_group_ids  = ["sg-d34db337"]
    }
}

No list, just a map and terraform is a happy camper.

Also, placing said map inside a list works as well...

resource "aws_lambda_function" "lambda_function" {
    filename            = "foo.zip"
    function_name       = "foo"
    description         = "FOO Lambda"
    role                = "arn:aws:iam::123456789012:role/SomeRole"
    handler             = "foo.handler"
    vpc_config          = [{
      subnet_ids          = ["subnet-d34db337", "subnet-d34db338"],
      security_group_ids  = ["sg-d34db337"]
    }]
}

Though (again) I am not sure this is correct behaviour because (I think) the AWS API expects a map.

2. Terraform does not parse static lists of maps

This appears to be a fairly serious defect -- there are already several reports of this behaviour.

Related Issues:
@mitchellh
Copy link
Contributor

Dup of #7705 most likely.

Terraform simply doesn't support any sort of nested lists/maps at the moment. We should just make better error messages for this...

@dayglojesus
Copy link
Author

@mitchellh Probable duplicate on the "list of maps" front, but this doesn't address type checking on vcp_config argument to the aws_lambda_function resource. As reported, attaching a simple map object to this argument works. Is this not evidence of a deeper issue?

@mitchellh
Copy link
Contributor

Ill take a look, but foo = [{}] and foo = {} is identical in Terraform. The latter is always turned into the former and is just syntactic sugar, so not too concerning.

@kevintsai
Copy link

kevintsai commented Jan 6, 2017
edited
Loading

I also ran into this issue when I try to pass a map variable to aws_lambda_function's environment parameter.

Tested Env: Terraform 0.8.2

Example 1:

# file: lambda.tf
resource "aws_lambda_function" "test" {
  ...
  environment = "${var.lambda_env}"
}
# file: variables.tf
...
variable "lambda_env" {
  type = "map"
  default = {
    variables = {
      foo = "bar"
    }
  }
}

The terraform plan command will output environment: should be a list.
Then, I changed the assignment syntax as example 2.

Example 2:

# file: lambda.tf
resource "aws_lambda_function" "test" {
  ...
  environment = ["${var.lambda_env}"]
}

Thus, it will saying environment.0: expected object, got string.
For me, this special case only works on assigned a map value directly.
which is quite inconvenient to modularize.
hope this issue can be solved. thanks.

@Puneeth-n
Copy link
Contributor

@kevintsai any workaround?

@kevintsai
Copy link

@Puneeth-n
The way I use and it works to me, please ref as following:

# file: lambda.tf
resource "aws_lambda_function" "test" {
  ...
  environment = {
    variables = "${var.lambda_env}"
  }
}
# file: variables.tf
...
variable "lambda_env" {
  type = "map"
  default = {
      foo = "bar"
      user = "Alice"
  }
}

I think we may don't need to use this non-intuitive solution if Terraform can resolve the root issue (#7705).

keymon added a commit to mergermarket/tf_ecs_task_definition that referenced this issue May 25, 2017
@keymon
Allow define one optional volume
f8faa94 
For some cases and workloads we need to pass some modules to the task
definition. The volumes are passed as a list of maps to the
ecs_task_resource[1].

But the current syntax of terraform does not allow consume this value
directly from a variable. Trying to do so, we hit the issues described
in [2] and [3] (pending to report a specific bug).

But we found out that it works if we build the map structure directly
within the resource, and we use interpolation to consume the values of
the map.

Meanwhile the terraform project does not provide a definitive solution,
we will implement the following workaround:

 - The module will receive configuration for one unique module, being
   the default a empty map {}
 - If the map is empty, a dummy volume will be passed as `name=dummy`
   and `host_path=/tmp/dummy_volume`

This would cover our specific case in the short term, and can be later
easily adapted to use a optional list of volumes.

[1] https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#volume
[2] hashicorp/terraform#10407
[3] hashicorp/terraform#7705 (comment)
@keymon keymon mentioned this issue May 25, 2017
Closed
keymon added a commit to mergermarket/tf_ecs_task_definition that referenced this issue May 25, 2017
@keymon
Allow define one optional volume
d0eeb03 
For some cases and workloads we need to pass some modules to the task
definition. The volumes are passed as a list of maps to the
ecs_task_resource[1].

But the current syntax of terraform does not allow consume this value
directly from a variable. Trying to do so, we hit the issues described
in [2] and [3] (pending to report a specific bug).

But we found out that it works if we build the map structure directly
within the resource, and we use interpolation to consume the values of
the map.

Meanwhile the terraform project does not provide a definitive solution,
we will implement the following workaround:

 - The module will receive configuration for one unique module, being
   the default a empty map {}
 - If the map is empty, a dummy volume will be passed as `name=dummy`
   and `host_path=/tmp/dummy_volume`

This would cover our specific case in the short term, and can be later
easily adapted to use a optional list of volumes.

[1] https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#volume
[2] hashicorp/terraform#10407
[3] hashicorp/terraform#7705 (comment)
@keymon keymon mentioned this issue May 25, 2017
Merged
@b-luu
Copy link

b-luu commented Jul 20, 2018

this helps!!
Thx @aurynn !!

@cleverlight
Copy link

I also had success with @kevintsai 's approach. One obvious thing worth mentioning if you're using modules is the passing syntax. You need to pass the variable all the way through the chain as type map even if you don't specify a default in the module.

File: /lambda/main.tf

resource "aws_lambda_function" "test" {
  ...
  environment = {
    variables = "${var.lambda_env}"
  }
}

File: /lambda/variables.tf

variable "lambda_env" {
  # type is crucial here, otherwise defaults to 'string' and throws "type string, got map" error
  type = "map"
}

File: /main.tf

module "lambda" {
  source = "./lambda"
  ...
  lambda_env = "${var.lambda_env_vars}"
}

File: /variables.tf

variable "lambda_env_vars" {
  type = "map"
  default = {
    foo = "bar"
  }
}

@ghost
Copy link

ghost commented Mar 31, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Mar 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mitchellh @dayglojesus @cleverlight @kevintsai @Puneeth-n @b-luu