fix(workload-identity): resolve inconsistent conditional result types in output#2582
Open
raman1236 wants to merge 1 commit into
Open
Conversation
… in output Fixes terraform-google-modules#1112 When use_existing_gcp_sa is unknown at plan time, Terraform fails with 'Inconsistent conditional result types' because data.google_service_account and google_service_account.cluster_service_account have different object types. The fix uses one(concat(...)) instead of a conditional expression: - Only one list will ever have elements (based on count conditions) - concat() avoids type comparison between the two different resource types - one() extracts the single element from the concatenated list This approach is type-safe and works regardless of when use_existing_gcp_sa is known.
raman1236
requested review from
a team,
apeabody,
ayushmjain,
ericyz,
krprabhat-eng and
q2w
as code owners
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates the gcp_service_account output in the workload-identity module to use one(concat(...)) instead of a conditional ternary operator. This change is intended to prevent potential type mismatch issues between the data source and the resource. I have no feedback to provide as there were no review comments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #1112
When
use_existing_gcp_sais unknown at plan time (e.g., comes from another resource's output), Terraform fails with:Root Cause
The
data.google_service_accountdata source andgoogle_service_accountresource return objects with slightly different attribute schemas. When Terraform can't determine which branch to evaluate at plan time, it requires both branches to have identical types.Solution
Replace the conditional expression with
one(concat(...)):This works because:
concat()doesn't require type comparison between the list elementsone()extracts the single element from the concatenated listBackward Compatibility
The output value is identical - it still returns the full GCP service account object. Only the implementation changes to avoid the type mismatch error.