After update to v21, sensitive variables in self_managed_node_groups aren't supportedΒ #3536
Description
Description
If any element of self_managed_node_groups contains any of the sensitive variables (in my case it was post_bootstrap_user_data), then after the update to v21, terraform apply fails with an error
β·
β Error: Invalid for_each argument
β
β on .terraform/modules/eks-prod-1-23/node_groups.tf line 394, in module "self_managed_node_group":
β 394: for_each = var.create && var.self_managed_node_groups != null ? var.self_managed_node_groups : {}
β βββββββββββββββββ
β β var.create is true
β β var.self_managed_node_groups is map of object with 5 elements
β
β Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key.
I believe it was caused by this change:
416515a#diff-f18568a32bfa70d11a736400eff74d8c51858b9fcbb8af637c14d94c3562a431L422
https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/node_groups.tf#L394
- for_each = { for k, v in var.self_managed_node_groups : k => v if var.create }
+ for_each = var.create && var.self_managed_node_groups != null ? var.self_managed_node_groups : {}
In v20 code, Terraform iterated over the derived map, which allowed it to avoid this error.
Workaround
I wrapped problematic variables in the nonsensitive function, but it's more like a workaround than a permanent solution.