Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

Missing ASG IAM output variables on Gitlab example #241

Open
devgnx opened this issue Aug 22, 2019 · 5 comments
Open

Missing ASG IAM output variables on Gitlab example #241

devgnx opened this issue Aug 22, 2019 · 5 comments

Comments

@devgnx
Copy link

devgnx commented Aug 22, 2019
edited
Loading

Missing ASG IAM output variables on Gitlab example

Steps to reproduce

cd ./examples/gitlab-simple-ha
ᐅ make generate-ssh-key
ᐅ make render-tfvars
ᐅ make network
ᐅ make plan
ᐅ make apply
terraform-0.12.2 plan -out=tf.out

Error: Reference to undeclared output value

  on main.tf line 65, in resource "aws_iam_role_policy_attachment" "s3-full-access-attachment":
  65:   role       = module.gitlab-asg.asg_iam_role_name

An output value with the name "asg_iam_role_name" has not been declared in
module.gitlab-asg.


Error: Reference to undeclared resource

  on ../../modules/persistent-ebs/outputs.tf line 12, in output "iam_profile_policy_document":
  12:   value       = aws_iam_role_policy.attach_ebs.policy

A managed resource "aws_iam_role_policy" "attach_ebs" has not been declared in
gitlab-asg.service-data.

Makefile:63: recipe for target 'plan' failed
make: *** [plan] Error 1

Version

Terraform v0.12.2
Terraform AWS Foundation master v0.9.3
@ketzacoatl
Copy link
Contributor

Thanks for the ticket, we'll take a look.

@JoseD92
Copy link
Contributor

JoseD92 commented Sep 4, 2019

I looked into this problem, with terraform 0.12.7 I got errors:

Error: Reference to undeclared resource

on ../../modules/persistent-ebs/outputs.tf line 12, in output "iam_profile_policy_document":
12: value = data.aws_iam_role_policy.attach_ebs_policy_doc.policy

A data resource "aws_iam_role_policy" "attach_ebs_policy_doc" has not been
declared in gitlab-asg.service-data.

Error: Reference to undeclared output value

on main.tf line 43, in resource "aws_iam_role_policy_attachment" "s3-full-access-attachment":
43: role = module.gitlab-asg.asg_iam_role_name

An output value with the name "asg_iam_role_name" has not been declared in
module.gitlab-asg.

Error: Reference to undeclared output value

on main.tf line 52, in resource "aws_iam_role_policy" "associate_eip":
52: role = module.gitlab-asg.asg_iam_role_name

An output value with the name "asg_iam_role_name" has not been declared in
module.gitlab-asg.

After looking around I fount out that this two commits are at fault:

  1. 7630526 many variables were renamed and moved, and an output was left with the value aws_iam_role_policy.attach_ebs.policy that does not exists
  2. d63c3aa#diff-de7b621296cb5354086132f4fc41881e some outputs where deleted without giving a replacement

I made a fix commit f0f66e0 renames the faulty value of the output in 1 and adds a new output for 2 with the value module.instance_profile.iam_role_name that I think was the intended output here, @ketzacoatl can you please check if using this value for this output is ok?

and @devgnx could you please check that commit to see if it solve your issues, with those fixes it runs good to me

@ketzacoatl
Copy link
Contributor

@devgnx The branch to test is 241-Missing-ASG-IAM-output-variables.

@devgnx
Copy link
Author

devgnx commented Sep 4, 2019

Hi @JoseD92 and @ketzacoatl, thank you for the quick response, I'll test the branch 241-Missing-ASG-IAM-output-variables as soon as possible.

@devgnx
Copy link
Author

devgnx commented Sep 22, 2019

Variables are now bound, but there still some issues, maybe worth a new Github Issue but for now I will post here:

S3 bucket policy is timing out while waiting for s3-full-access become success.
Maybe is related to:
hashicorp/terraform-provider-aws#9414
hashicorp/terraform-provider-aws#9435

Steps to reproduce

ᐅ cd ./examples/gitlab-simple-ha
ᐅ make generate-ssh-key
ᐅ make render-tfvars
ᐅ make network
ᐅ make plan
ᐅ make apply "tf.out"

module.docker-registry-s3-storage.aws_s3_bucket_policy.s3-full-access: Creating...
module.docker-registry-s3-storage.aws_s3_bucket_policy.s3-full-access: Still creating... [10s elapsed]
module.docker-registry-s3-storage.aws_s3_bucket_policy.s3-full-access: Still creating... [20s elapsed]
module.docker-registry-s3-storage.aws_s3_bucket_policy.s3-full-access: Still creating... [30s elapsed]
module.docker-registry-s3-storage.aws_s3_bucket_policy.s3-full-access: Still creating... [40s elapsed]
module.docker-registry-s3-storage.aws_s3_bucket_policy.s3-full-access: Still creating... [50s elapsed]
module.docker-registry-s3-storage.aws_s3_bucket_policy.s3-full-access: Still creating... [1m0s elapsed]
module.docker-registry-s3-storage.aws_s3_bucket_policy.s3-full-access: Still creating... [1m10s elapsed]
module.docker-registry-s3-storage.aws_s3_bucket_policy.s3-full-access: Still creating... [1m20s elapsed]

Error: Error putting S3 policy: timeout while waiting for state to become 'success' (timeout: 1m0s)

  on ../../modules/s3-remote-state/main.tf line 94, in resource "aws_s3_bucket_policy" "s3-full-access":
  94: resource "aws_s3_bucket_policy" "s3-full-access" {


Makefile:65: recipe for target 'apply' failed
make: *** [apply] Error 1

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JoseD92 @ketzacoatl @devgnx