Error using on the bucket that does not exist yet.

[mikhail-khodorovskiy]

resource "google_storage_bucket" "logsinc_bucket_tools" {
  name    = "${var.environment_name}-log-sink"
  project = data.google_project.tools_project.project_id
}

module "logsinc_bucket_iam_bindings" {
  source  = "terraform-google-modules/iam/google//modules/storage_buckets_iam"
  version = "~> 3.0"

  storage_buckets = [google_storage_bucket.logsinc_bucket_tools.id]

  mode = "additive"

  bindings = {
    "roles/storage.objectCreator" = [
      "group:[email protected]",
    ]

    "roles/storage.objectViewer" = [
      "group:[email protected]",
    ]
  }
}

Causes an error:

Error: Invalid count argument

on .terraform/modules/hsq-uat.logsinc_bucket_iam_bindings/terraform-google-modules-terraform-google-iam-ace2efe/modules/storage_buckets_iam/main.tf line 45, in resource "google_storage_bucket_iam_member" "storage_bucket_iam_additive":
45: count = var.bindings_num > 0 ? var.bindings_num * local.additive * local.storage_bucket_count : length(local.bindings_formatted) * local.additive

[mikhail-khodorovskiy]

Any progress on that - it's prevents us from using the module when the bucket is first created.

[morgante]

This is unfortunately a bit of a bug in Terraform.

However, I believe we can make this work for the singular case where only a single bucket is being managed (using the same approach as projects).

@cray0000 please take this on.

[cray0000]

Sure, @morgante

I think this should already be working without additional work though. Even though there is a separate option to specify one project, it's not being used to make the configuration behave in a static way.

One can already specify only a single element to the array of entities and in this case it will ignore it when doing the for_each (which is replacing the old count we used for iam in version 3.0 which @mikhail-khodorovskiy is getting an error about).

At least it behaves this way in the static-and-dynamic unit tests, which are testing this same dynamically created resources for projects

@mikhail-khodorovskiy I'm going to add a similar test for the dynamically created bucket to confirm whether it's working or not and will let you know. In case it doesn't, I'll try to find a workaround.

[morgante]

Good point. @mikhail-khodorovskiy It's probably also worth upgrading to version 5.0 and seeing if that fixes your problems.

[mikhail-khodorovskiy]

I tried, it did not.

[mikhail-khodorovskiy]

Actually I have a different error:

Terraform v0.12.8
+ provider.external v1.2.0
+ provider.google v2.13.0
+ provider.google-beta v2.13.0
+ provider.null v2.1.2
+ provider.random v2.1.2

Error: Invalid for_each argument

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

[mikhail-khodorovskiy]

Even for the existing bucket when I migrate 2.20.0 google provider to 3.5.0 google provider I get the same error even on existing buckets in both adaptive and authoritative modes.

[morgante]

Were you not getting this error before?

[pcasteran]

Same issue here with a configuration declaring a custom role and using the module (version 5.1.0) to create IAM bindings to it:

Error: Invalid for_each argument

  on .terraform\modules\project-iam-bindings\terraform-google-modules-terraform-google-iam-01965a1\modules\projects_iam\main.tf line 44, in resource "google_project_iam_member" "project_iam_additive":
  44:   for_each = module.helper.set_additive

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

[mikhail-khodorovskiy]

I filed a different issue regarding this since this seems unrelated: #92.