Terraform (Error: Inconsistent conditional result types) when passing var.linux_parameters #134
Description
Description
Terraform returns the error "Inconsistent conditional result types" when passing var.linux_parameters.
- ✋ I have searched the open/closed issues and my issue is not listed.
Versions
-
Module version [Required]: 5.7.0
-
Terraform version: 1.6.4
- Provider version(s): aws v5.25.0
Reproduction Code [Required]
provider "aws" {
region = local.region
}
data "aws_availability_zones" "available" {}
locals {
region = "eu-west-1"
name = "ex-${basename(path.cwd)}"
vpc_cidr = "10.0.0.0/16"
azs = slice(data.aws_availability_zones.available.names, 0, 3)
container_name = "ecsdemo-frontend"
container_port = 3000
tags = {
Name = local.name
Example = local.name
Repository = "https://github.com/terraform-aws-modules/terraform-aws-ecs"
}
}
################################################################################
# Cluster
################################################################################
module "ecs" {
source = "../../"
cluster_name = local.name
# Capacity provider
fargate_capacity_providers = {
FARGATE = {
default_capacity_provider_strategy = {
weight = 50
base = 20
}
}
FARGATE_SPOT = {
default_capacity_provider_strategy = {
weight = 50
}
}
}
services = {
ecsdemo-frontend = {
cpu = 1024
memory = 4096
# Container definition(s)
container_definitions = {
fluent-bit = {
cpu = 512
memory = 1024
essential = true
image = nonsensitive(data.aws_ssm_parameter.fluentbit.value)
firelens_configuration = {
type = "fluentbit"
}
memory_reservation = 50
}
(local.container_name) = {
cpu = 512
memory = 1024
essential = true
image = "public.ecr.aws/aws-containers/ecsdemo-frontend:776fd50"
port_mappings = [
{
name = local.container_name
containerPort = local.container_port
hostPort = local.container_port
protocol = "tcp"
}
]
# Example image used requires access to write to root filesystem
readonly_root_filesystem = false
dependencies = [{
containerName = "fluent-bit"
condition = "START"
}]
enable_cloudwatch_logging = false
log_configuration = {
logDriver = "awsfirelens"
options = {
Name = "firehose"
region = local.region
delivery_stream = "my-stream"
log-driver-buffer-limit = "2097152"
}
}
linux_parameters = {
capabilities = {
drop = [
"NET_RAW"
]
}
}
memory_reservation = 100
}
}
service_connect_configuration = {
namespace = aws_service_discovery_http_namespace.this.arn
service = {
client_alias = {
port = local.container_port
dns_name = local.container_name
}
port_name = local.container_name
discovery_name = local.container_name
}
}
load_balancer = {
service = {
target_group_arn = module.alb.target_groups["ex_ecs"].arn
container_name = local.container_name
container_port = local.container_port
}
}
tasks_iam_role_name = "${local.name}-tasks"
tasks_iam_role_description = "Example tasks IAM role for ${local.name}"
tasks_iam_role_policies = {
ReadOnlyAccess = "arn:aws:iam::aws:policy/ReadOnlyAccess"
}
tasks_iam_role_statements = [
{
actions = ["s3:List*"]
resources = ["arn:aws:s3:::*"]
}
]
subnet_ids = module.vpc.private_subnets
security_group_rules = {
alb_ingress_3000 = {
type = "ingress"
from_port = local.container_port
to_port = local.container_port
protocol = "tcp"
description = "Service port"
source_security_group_id = module.alb.security_group_id
}
egress_all = {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
}
}
tags = local.tags
}
module "ecs_disabled" {
source = "../../"
create = false
}
module "ecs_cluster_disabled" {
source = "../../modules/cluster"
create = false
}
module "service_disabled" {
source = "../../modules/service"
create = false
}
################################################################################
# Supporting Resources
################################################################################
data "aws_ssm_parameter" "fluentbit" {
name = "/aws/service/aws-for-fluent-bit/stable"
}
resource "aws_service_discovery_http_namespace" "this" {
name = local.name
description = "CloudMap namespace for ${local.name}"
tags = local.tags
}
module "alb" {
source = "terraform-aws-modules/alb/aws"
version = "~> 9.0"
name = local.name
load_balancer_type = "application"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
# For example only
enable_deletion_protection = false
# Security Group
security_group_ingress_rules = {
all_http = {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr_ipv4 = "0.0.0.0/0"
}
}
security_group_egress_rules = {
all = {
ip_protocol = "-1"
cidr_ipv4 = module.vpc.vpc_cidr_block
}
}
listeners = {
ex_http = {
port = 80
protocol = "HTTP"
forward = {
target_group_key = "ex_ecs"
}
}
}
target_groups = {
ex_ecs = {
backend_protocol = "HTTP"
backend_port = local.container_port
target_type = "ip"
deregistration_delay = 5
load_balancing_cross_zone_enabled = true
health_check = {
enabled = true
healthy_threshold = 5
interval = 30
matcher = "200"
path = "/"
port = "traffic-port"
protocol = "HTTP"
timeout = 5
unhealthy_threshold = 2
}
# Theres nothing to attach here in this definition. Instead,
# ECS will attach the IPs of the tasks to this target group
create_attachment = false
}
}
tags = local.tags
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"
name = local.name
cidr = local.vpc_cidr
azs = local.azs
private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
enable_nat_gateway = true
single_nat_gateway = true
tags = local.tags
}Steps to reproduce the behavior:
I have added the following to your "complete" example above.
linux_parameters = {
capabilities = {
drop = [
"NET_RAW"
]
}
}This returns the following:
╷
│ Error: Inconsistent conditional result types
│
│ on ../../modules/container-definition/main.tf line 20, in locals:
│ 20: linux_parameters = var.enable_execute_command ? merge({ "initProcessEnabled" : true }, var.linux_parameters) : var.linux_parameters
│ ├────────────────
│ │ var.enable_execute_command is false
│ │ var.linux_parameters is object with 1 attribute "capabilities"
│
│ The true and false result expressions must have consistent types. The 'true' value includes object attribute "initProcessEnabled", which is absent in the 'false' value.
╵
I cloned your repo, added the lines to your complete example, ran init then plan. No prior cache, no integrations such as workspaces.
Expected behavior
I expect to be allowed to pass linux_parameters map.
Actual behavior
Inconsistent values result.
Terminal Output Screenshot(s)
Additional context
Likely introduced in #127
If I'm using var.linux_parameters wrong in my example (which is entirely possible) it might be worth adding that to your "complete" example.