Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use ternary instead of && for boolean logic #84

Merged
merged 1 commit into from
May 9, 2022
Merged

Use ternary instead of && for boolean logic #84

merged 1 commit into from
May 9, 2022

Conversation

jeffgran
Copy link
Contributor

@jeffgran jeffgran commented May 6, 2022

Logical binary operators don't short-circuit: hashicorp/terraform#24128

Summary

In terraform, logical binary operators don't short-circuit: hashicorp/terraform#24128

So while the code here looks like each branch of the conditional check is checking to see whether the second check is necessary, terraform (or more strictly/accurately, HCL) is always evaluating all of the branches of the boolean expression.

The problem with that is that, for example, if you don't need to check the var.bucket_sse_key_arn because var.use_existing_cloudtrail is true, but your var.bucket_sse_key_arn that you passed in is referencing another resource, this will create a terraform error because it can't determine the ultimate value of this create_kms_key local which is used to determine the count of the kms key resource.

And so, we get this error:

│ Error: Invalid count argument
│
│   on .terraform/modules/aws_cloudtrail/main.tf line 36, in resource "aws_kms_key" "lacework_kms_key":
│   36:   count                   = local.create_kms_key
│
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources
│ that the count depends on.

By using the ternary operator instead of the && operator, we effectively make it "short circuit" and not evaluate the second part of the boolean expression, while retaining the same logic as before. This allows combinations of variables that would disable the kms key from being created to work without the error above.

How did you test this change?

We used this forked code in our production terraform module where we were trying to upgrade to v2.x from v0.2, and this unblocked us from upgrading.

Issue

This is related to #81 but does not completely fix that issue. It does fix the case where you are using an existing cloudtrail resource, i.e. var.use_existing_cloudtrail = true, because then it doesn't need to check the bucket_sse_key_arn variable.

A further fix would be required to enable passing a custom bucket key and using an existing cloudtrail. Probably we need to add a var.use_existing_bucket_sse_key variable.

@jeffgran-dox
Use ternary instead of && for boolean logic
ccbd10c 
Logical binary operators don't short-circuit: hashicorp/terraform#24128
@dmurray-lacework
Copy link
Collaborator

make it so!

@dmurray-lacework dmurray-lacework merged commit 594fbad into lacework:main May 9, 2022
@lacework-releng lacework-releng mentioned this pull request May 9, 2022
Merged
@dmurray-lacework dmurray-lacework mentioned this pull request Jan 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmurray-lacework dmurray-lacework dmurray-lacework approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jeffgran @dmurray-lacework @jeffgran-dox