fix: Remediate type mismatch for EFA interfaces and ensure correct (local) definition is used (#3491)

Author: bryantbiggs

modules/eks-managed-node-group/README.md

@@ -169,7 +169,7 @@ module "eks_managed_node_group" {
 | <a name="input_metadata_options"></a> [metadata\_options](#input\_metadata\_options) | Customize the metadata options for the instance | <pre>object({<br/>    http_endpoint               = optional(string, "enabled")<br/>    http_protocol_ipv6          = optional(string)<br/>    http_put_response_hop_limit = optional(number, 1)<br/>    http_tokens                 = optional(string, "required")<br/>    instance_metadata_tags      = optional(string)<br/>  })</pre> | <pre>{<br/>  "http_endpoint": "enabled",<br/>  "http_put_response_hop_limit": 1,<br/>  "http_tokens": "required"<br/>}</pre> | no |
 | <a name="input_min_size"></a> [min\_size](#input\_min\_size) | Minimum number of instances/nodes | `number` | `1` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the EKS managed node group | `string` | `""` | no |
-| <a name="input_network_interfaces"></a> [network\_interfaces](#input\_network\_interfaces) | Customize network interfaces to be attached at instance boot time | <pre>list(object({<br/>    associate_carrier_ip_address = optional(bool)<br/>    associate_public_ip_address  = optional(bool)<br/>    connection_tracking_specification = optional(object({<br/>      tcp_established_timeout = optional(number)<br/>      udp_stream_timeout      = optional(number)<br/>      udp_timeout             = optional(number)<br/>    }))<br/>    delete_on_termination = optional(bool)<br/>    description           = optional(string)<br/>    device_index          = optional(number)<br/>    ena_srd_specification = optional(object({<br/>      ena_srd_enabled = optional(bool)<br/>      ena_srd_udp_specification = optional(object({<br/>        ena_srd_udp_enabled = optional(bool)<br/>      }))<br/>    }))<br/>    interface_type       = optional(string)<br/>    ipv4_address_count   = optional(number)<br/>    ipv4_addresses       = optional(list(string))<br/>    ipv4_prefix_count    = optional(number)<br/>    ipv4_prefixes        = optional(list(string))<br/>    ipv6_address_count   = optional(number)<br/>    ipv6_addresses       = optional(list(string))<br/>    ipv6_prefix_count    = optional(number)<br/>    ipv6_prefixes        = optional(list(string))<br/>    network_card_index   = optional(number)<br/>    network_interface_id = optional(string)<br/>    primary_ipv6         = optional(bool)<br/>    private_ip_address   = optional(string)<br/>    security_groups      = optional(list(string), [])<br/>    subnet_id            = optional(string)<br/>  }))</pre> | `[]` | no |
+| <a name="input_network_interfaces"></a> [network\_interfaces](#input\_network\_interfaces) | Customize network interfaces to be attached at instance boot time | <pre>list(object({<br/>    associate_carrier_ip_address = optional(bool)<br/>    associate_public_ip_address  = optional(bool)<br/>    connection_tracking_specification = optional(object({<br/>      tcp_established_timeout = optional(number)<br/>      udp_stream_timeout      = optional(number)<br/>      udp_timeout             = optional(number)<br/>    }))<br/>    delete_on_termination = optional(bool)<br/>    description           = optional(string)<br/>    device_index          = optional(number)<br/>    ena_srd_specification = optional(object({<br/>      ena_srd_enabled = optional(bool)<br/>      ena_srd_udp_specification = optional(object({<br/>        ena_srd_udp_enabled = optional(bool)<br/>      }))<br/>    }))<br/>    interface_type       = optional(string)<br/>    ipv4_address_count   = optional(number)<br/>    ipv4_addresses       = optional(list(string))<br/>    ipv4_prefix_count    = optional(number)<br/>    ipv4_prefixes        = optional(list(string))<br/>    ipv6_address_count   = optional(number)<br/>    ipv6_addresses       = optional(list(string))<br/>    ipv6_prefix_count    = optional(number)<br/>    ipv6_prefixes        = optional(list(string))<br/>    network_card_index   = optional(number)<br/>    network_interface_id = optional(string)<br/>    primary_ipv6         = optional(bool)<br/>    private_ip_address   = optional(string)<br/>    security_groups      = optional(list(string), [])<br/>  }))</pre> | `[]` | no |
 | <a name="input_node_repair_config"></a> [node\_repair\_config](#input\_node\_repair\_config) | The node auto repair configuration for the node group | <pre>object({<br/>    enabled = optional(bool, true)<br/>  })</pre> | `null` | no |
 | <a name="input_partition"></a> [partition](#input\_partition) | The AWS partition - pass through value to reduce number of GET requests from data sources | `string` | `""` | no |
 | <a name="input_placement"></a> [placement](#input\_placement) | The placement of the instance | <pre>object({<br/>    affinity                = optional(string)<br/>    availability_zone       = optional(string)<br/>    group_name              = optional(string)<br/>    host_id                 = optional(string)<br/>    host_resource_group_arn = optional(string)<br/>    partition_number        = optional(number)<br/>    spread_domain           = optional(string)<br/>    tenancy                 = optional(string)<br/>  })</pre> | `null` | no |

modules/eks-managed-node-group/main.tf

@@ -41,7 +41,7 @@ module "user_data" {
 ################################################################################
 
 data "aws_ec2_instance_type" "this" {
-  count = var.create && var.enable_efa_support ? 1 : 0
+  count = local.enable_efa_support ? 1 : 0
 
   region = var.region
 
@@ -62,6 +62,24 @@ locals {
       device_index                = i == 0 ? 0 : 1
       network_card_index          = i
       interface_type              = var.enable_efa_only ? contains(concat([0], var.efa_indices), i) ? "efa" : "efa-only" : "efa"
+
+      # Null out due to error: The true and false result expressions must have consistent types. The 'true' value is tuple, but the 'false' value is list of objects.
+      associate_carrier_ip_address      = null
+      connection_tracking_specification = null
+      description                       = "EFA${var.enable_efa_only ? "-only" : ""} Network Interface ${i}"
+      ena_srd_specification             = null
+      ipv4_address_count                = null
+      ipv4_addresses                    = null
+      ipv4_prefix_count                 = null
+      ipv4_prefixes                     = null
+      ipv6_address_count                = null
+      ipv6_addresses                    = null
+      ipv6_prefix_count                 = null
+      ipv6_prefixes                     = null
+      network_interface_id              = null
+      primary_ipv6                      = null
+      private_ip_address                = null
+      security_groups                   = []
     }
   ]
 
@@ -247,7 +265,7 @@ resource "aws_launch_template" "this" {
   name_prefix = var.launch_template_use_name_prefix ? "${local.launch_template_name}-" : null
 
   dynamic "network_interfaces" {
-    for_each = length(var.network_interfaces) > 0 ? var.network_interfaces : []
+    for_each = length(local.network_interfaces) > 0 ? local.network_interfaces : []
 
     content {
       associate_carrier_ip_address = network_interfaces.value.associate_carrier_ip_address
@@ -688,9 +706,16 @@ locals {
     {
       all_self_efa = {
         description = "Node to node EFA"
-        protocol    = "-1"
-        from_port   = 0
+        ip_protocol = "-1"
         self        = true
+
+        # Null out due to variable type and not using `try()` in resource
+        cidr_ipv4      = null
+        cidr_ipv6      = null
+        from_port      = null
+        name           = null
+        prefix_list_id = null
+        tags           = {}
       }
     } : k => v if var.enable_efa_support
     },
@@ -700,9 +725,16 @@ locals {
     {
       all_self_efa = {
         description = "Node to node EFA"
-        protocol    = "-1"
-        to_port     = 0
+        ip_protocol = "-1"
         self        = true
+
+        # Null out due to variable type and not using `try()` in resource
+        cidr_ipv4      = null
+        cidr_ipv6      = null
+        to_port        = null
+        name           = null
+        prefix_list_id = null
+        tags           = {}
       }
     } : k => v if var.enable_efa_support
     },

modules/eks-managed-node-group/variables.tf

@@ -384,7 +384,6 @@ variable "network_interfaces" {
     primary_ipv6         = optional(bool)
     private_ip_address   = optional(string)
     security_groups      = optional(list(string), [])
-    subnet_id            = optional(string)
   }))
   default  = []
   nullable = false

modules/self-managed-node-group/README.md

@@ -166,7 +166,7 @@ module "self_managed_node_group" {
 | <a name="input_min_size"></a> [min\_size](#input\_min\_size) | The minimum size of the autoscaling group | `number` | `1` | no |
 | <a name="input_mixed_instances_policy"></a> [mixed\_instances\_policy](#input\_mixed\_instances\_policy) | Configuration block containing settings to define launch targets for Auto Scaling groups | <pre>object({<br/>    instances_distribution = optional(object({<br/>      on_demand_allocation_strategy            = optional(string)<br/>      on_demand_base_capacity                  = optional(number)<br/>      on_demand_percentage_above_base_capacity = optional(number)<br/>      spot_allocation_strategy                 = optional(string)<br/>      spot_instance_pools                      = optional(number)<br/>      spot_max_price                           = optional(string)<br/>    }))<br/>    launch_template = object({<br/>      override = optional(list(object({<br/>        instance_requirements = optional(object({<br/>          accelerator_count = optional(object({<br/>            max = optional(number)<br/>            min = optional(number)<br/>          }))<br/>          accelerator_manufacturers = optional(list(string))<br/>          accelerator_names         = optional(list(string))<br/>          accelerator_total_memory_mib = optional(object({<br/>            max = optional(number)<br/>            min = optional(number)<br/>          }))<br/>          accelerator_types      = optional(list(string))<br/>          allowed_instance_types = optional(list(string))<br/>          bare_metal             = optional(string)<br/>          baseline_ebs_bandwidth_mbps = optional(object({<br/>            max = optional(number)<br/>            min = optional(number)<br/>          }))<br/>          burstable_performance                                   = optional(string)<br/>          cpu_manufacturers                                       = optional(list(string))<br/>          excluded_instance_types                                 = optional(list(string))<br/>          instance_generations                                    = optional(list(string))<br/>          local_storage                                           = optional(string)<br/>          local_storage_types                                     = optional(list(string))<br/>          max_spot_price_as_percentage_of_optimal_on_demand_price = optional(number)<br/>          memory_gib_per_vcpu = optional(object({<br/>            max = optional(number)<br/>            min = optional(number)<br/>          }))<br/>          memory_mib = optional(object({<br/>            max = optional(number)<br/>            min = optional(number)<br/>          }))<br/>          network_bandwidth_gbps = optional(object({<br/>            max = optional(number)<br/>            min = optional(number)<br/>          }))<br/>          network_interface_count = optional(object({<br/>            max = optional(number)<br/>            min = optional(number)<br/>          }))<br/>          on_demand_max_price_percentage_over_lowest_price = optional(number)<br/>          require_hibernate_support                        = optional(bool)<br/>          spot_max_price_percentage_over_lowest_price      = optional(number)<br/>          total_local_storage_gb = optional(object({<br/>            max = optional(number)<br/>            min = optional(number)<br/>          }))<br/>          vcpu_count = optional(object({<br/>            max = optional(number)<br/>            min = optional(number)<br/>          }))<br/>        }))<br/>        instance_type = optional(string)<br/>        launch_template_specification = optional(object({<br/>          launch_template_id   = optional(string)<br/>          launch_template_name = optional(string)<br/>          version              = optional(string)<br/>        }))<br/>        weighted_capacity = optional(string)<br/>      })))<br/>    })<br/>  })</pre> | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the Self managed Node Group | `string` | `""` | no |
-| <a name="input_network_interfaces"></a> [network\_interfaces](#input\_network\_interfaces) | Customize network interfaces to be attached at instance boot time | <pre>list(object({<br/>    associate_carrier_ip_address = optional(bool)<br/>    associate_public_ip_address  = optional(bool)<br/>    connection_tracking_specification = optional(object({<br/>      tcp_established_timeout = optional(number)<br/>      udp_stream_timeout      = optional(number)<br/>      udp_timeout             = optional(number)<br/>    }))<br/>    delete_on_termination = optional(bool)<br/>    description           = optional(string)<br/>    device_index          = optional(number)<br/>    ena_srd_specification = optional(object({<br/>      ena_srd_enabled = optional(bool)<br/>      ena_srd_udp_specification = optional(object({<br/>        ena_srd_udp_enabled = optional(bool)<br/>      }))<br/>    }))<br/>    interface_type       = optional(string)<br/>    ipv4_address_count   = optional(number)<br/>    ipv4_addresses       = optional(list(string))<br/>    ipv4_prefix_count    = optional(number)<br/>    ipv4_prefixes        = optional(list(string))<br/>    ipv6_address_count   = optional(number)<br/>    ipv6_addresses       = optional(list(string))<br/>    ipv6_prefix_count    = optional(number)<br/>    ipv6_prefixes        = optional(list(string))<br/>    network_card_index   = optional(number)<br/>    network_interface_id = optional(string)<br/>    primary_ipv6         = optional(bool)<br/>    private_ip_address   = optional(string)<br/>    security_groups      = optional(list(string), [])<br/>    subnet_id            = optional(string)<br/>  }))</pre> | `[]` | no |
+| <a name="input_network_interfaces"></a> [network\_interfaces](#input\_network\_interfaces) | Customize network interfaces to be attached at instance boot time | <pre>list(object({<br/>    associate_carrier_ip_address = optional(bool)<br/>    associate_public_ip_address  = optional(bool)<br/>    connection_tracking_specification = optional(object({<br/>      tcp_established_timeout = optional(number)<br/>      udp_stream_timeout      = optional(number)<br/>      udp_timeout             = optional(number)<br/>    }))<br/>    delete_on_termination = optional(bool)<br/>    description           = optional(string)<br/>    device_index          = optional(number)<br/>    ena_srd_specification = optional(object({<br/>      ena_srd_enabled = optional(bool)<br/>      ena_srd_udp_specification = optional(object({<br/>        ena_srd_udp_enabled = optional(bool)<br/>      }))<br/>    }))<br/>    interface_type       = optional(string)<br/>    ipv4_address_count   = optional(number)<br/>    ipv4_addresses       = optional(list(string))<br/>    ipv4_prefix_count    = optional(number)<br/>    ipv4_prefixes        = optional(list(string))<br/>    ipv6_address_count   = optional(number)<br/>    ipv6_addresses       = optional(list(string))<br/>    ipv6_prefix_count    = optional(number)<br/>    ipv6_prefixes        = optional(list(string))<br/>    network_card_index   = optional(number)<br/>    network_interface_id = optional(string)<br/>    primary_ipv6         = optional(bool)<br/>    private_ip_address   = optional(string)<br/>    security_groups      = optional(list(string), [])<br/>  }))</pre> | `[]` | no |
 | <a name="input_partition"></a> [partition](#input\_partition) | The AWS partition - pass through value to reduce number of GET requests from data sources | `string` | `""` | no |
 | <a name="input_placement"></a> [placement](#input\_placement) | The placement of the instance | <pre>object({<br/>    affinity                = optional(string)<br/>    availability_zone       = optional(string)<br/>    group_name              = optional(string)<br/>    host_id                 = optional(string)<br/>    host_resource_group_arn = optional(string)<br/>    partition_number        = optional(number)<br/>    spread_domain           = optional(string)<br/>    tenancy                 = optional(string)<br/>  })</pre> | `null` | no |
 | <a name="input_placement_group"></a> [placement\_group](#input\_placement\_group) | The name of the placement group into which you'll launch your instances | `string` | `null` | no |

modules/self-managed-node-group/main.tf

@@ -82,7 +82,7 @@ module "user_data" {
 ################################################################################
 
 data "aws_ec2_instance_type" "this" {
-  count = var.create && var.enable_efa_support ? 1 : 0
+  count = local.enable_efa_support ? 1 : 0
 
   region = var.region
 
@@ -103,6 +103,24 @@ locals {
       device_index                = i == 0 ? 0 : 1
       network_card_index          = i
       interface_type              = var.enable_efa_only ? contains(concat([0], var.efa_indices), i) ? "efa" : "efa-only" : "efa"
+
+      # Null out due to error: The true and false result expressions must have consistent types. The 'true' value is tuple, but the 'false' value is list of objects.
+      associate_carrier_ip_address      = null
+      connection_tracking_specification = null
+      description                       = "EFA${var.enable_efa_only ? "-only" : ""} Network Interface ${i}"
+      ena_srd_specification             = null
+      ipv4_address_count                = null
+      ipv4_addresses                    = null
+      ipv4_prefix_count                 = null
+      ipv4_prefixes                     = null
+      ipv6_address_count                = null
+      ipv6_addresses                    = null
+      ipv6_prefix_count                 = null
+      ipv6_prefixes                     = null
+      network_interface_id              = null
+      primary_ipv6                      = null
+      private_ip_address                = null
+      security_groups                   = []
     }
   ]
 
@@ -365,7 +383,7 @@ resource "aws_launch_template" "this" {
   name_prefix = var.launch_template_use_name_prefix ? "${local.launch_template_name}-" : null
 
   dynamic "network_interfaces" {
-    for_each = length(var.network_interfaces) > 0 ? var.network_interfaces : []
+    for_each = length(local.network_interfaces) > 0 ? local.network_interfaces : []
 
     content {
       associate_carrier_ip_address = network_interfaces.value.associate_carrier_ip_address
@@ -976,9 +994,16 @@ locals {
     {
       all_self_efa = {
         description = "Node to node EFA"
-        protocol    = "-1"
-        from_port   = 0
+        ip_protocol = "-1"
         self        = true
+
+        # Null out due to variable type and not using `try()` in resource
+        cidr_ipv4      = null
+        cidr_ipv6      = null
+        from_port      = null
+        name           = null
+        prefix_list_id = null
+        tags           = {}
       }
     } : k => v if var.enable_efa_support
     },
@@ -988,9 +1013,16 @@ locals {
     {
       all_self_efa = {
         description = "Node to node EFA"
-        protocol    = "-1"
-        to_port     = 0
+        ip_protocol = "-1"
         self        = true
+
+        # Null out due to variable type and not using `try()` in resource
+        cidr_ipv4      = null
+        cidr_ipv6      = null
+        to_port        = null
+        name           = null
+        prefix_list_id = null
+        tags           = {}
       }
     } : k => v if var.enable_efa_support
     },

modules/self-managed-node-group/variables.tf

@@ -311,7 +311,6 @@ variable "network_interfaces" {
     primary_ipv6         = optional(bool)
     private_ip_address   = optional(string)
     security_groups      = optional(list(string), [])
-    subnet_id            = optional(string)
   }))
   default  = []
   nullable = false