tf-plan in eks cluster policy.tf error

[shaik005]

Describe the bug
tf-plan on eks cluster creation gives error "Invalid value for "v" parameter: cannot convert string to list of any single
type"

Identify Environment

• Terraform version [terraform -version]: `Terraform v0.12.31

• provider.aws v4.36.1
• provider.external v1.2.0
• provider.helm v2.7.1
• provider.http v3.1.0
• provider.kubernetes v2.14.0
• provider.ldap (unversioned)
• provider.null v3.1.1
• provider.template v2.2.0
• provider.tls v4.0.3

Your version of Terraform is out of date! The latest version
is 1.3.3. You can update by downloading from https://www.terraform.io/downloads.html`

• Repository [git remote -v show]:
  origin git@github.e.it.census.gov:terraform/079788916859-do2-cat.git (fetch)
  origin git@github.e.it.census.gov:terraform/079788916859-do2-cat.git (push)
• Git branch [git branch]: cat-test-eks
• Current working directory [pwd]: /vpc/east-1/vpc4/apps/tco-ent-auth
• Commands issued : tf-plan
• Errors generated : Attached in Additional Context block.

Expected behavior
tf-plan runs with no errors.

Screenshots

Server (please complete the following information):

• Hostname [e.g. redwood.cto.census.gov]
• OS Version [e.g. RHEL6, RHEL7]

Additional context
`Error: Invalid function argument

on policy.tf line 152, in locals:
152: tolist(format(local.common_arn, "eks", format("/clusters/%v/addons", var.cluster_name))),

Invalid value for "v" parameter: cannot convert string to list of any single
type.

Error: Too many function arguments

on policy.tf line 155, in locals:
153:
154:
155: format(local.common_arn, "eks", format("%v/%v/*", r, var.cluster_name))
156:

Function "tolist" expects only 1 argument(s).

Error: Too many function arguments

on policy.tf line 155, in locals:
153:
154:
155: format(local.common_arn, "eks", format("%v/%v/*", r, var.cluster_name))
156:

Function "tolist" expects only 1 argument(s).

Error: Too many function arguments

on policy.tf line 155, in locals:
153:
154:
155: format(local.common_arn, "eks", format("%v/%v/*", r, var.cluster_name))
156:

Function "tolist" expects only 1 argument(s).

Error: Too many function arguments

on policy.tf line 155, in locals:
153:
154:
155: format(local.common_arn, "eks", format("%v/%v/*", r, var.cluster_name))
156:

Function "tolist" expects only 1 argument(s).`

[badra001]

You need to use tf-run, which handled policy setup before doing other things.

tf-run plan

This will only work up until the POLICY statements, as everything after POLICY which uses the policy statements requires the resources to be there.

[shaik005]

Its gives the same error.
[shaik005@catlab001 tco-ent-auth]$ tf-run plan 14

• running action=plan
• START: tf-run 1.10.2 start=1666706579 end= logfile=logs/run.plan.20221025.1666706579.log
• reading from tf-run.data
• read 31 entries from tf-run.data

START: start_time=1666706579 version=1.10.2 data.version=1.1.3 start=14 end=0 start_tag=

• profile=079788916859-do2-cat region=us-east-1 short_region=east-1

[14] POLICY> (*.tf) aws_iam_policy.nlb-policy aws_iam_policy.cloudwatch-policy aws_iam_policy.cluster-admin-policy aws_iam_policy.cluster-admin_assume_policy
[14] tf-plan -target=aws_iam_policy.nlb-policy -target=aws_iam_policy.cloudwatch-policy -target=aws_iam_policy.cluster-admin-policy -target=aws_iam_policy.cluster-admin_assume_policy

starting v1.4.4 action plan file logs/plan.20221025.1666706579.log stamp 20221025.1666706579 time 1666706579

Warning: Provider source not supported in Terraform v0.12

on .terraform/modules/group_cluster-admin/versions.tf line 3, in terraform:
3: aws = {
4: source = "hashicorp/aws"
5: version = ">= 3.66.0"
6: }

A source was declared for provider aws. Terraform v0.12 does not support the
provider source attribute. It will be ignored.

(and 6 more similar warnings elsewhere)

Error: Invalid function argument

on policy.tf line 152, in locals:
152: tolist(format(local.common_arn, "eks", format("/clusters/%v/addons", var.cluster_name))),

Invalid value for "v" parameter: cannot convert string to list of any single
type.

Error: Too many function arguments

on policy.tf line 155, in locals:
153:
154:
155: format(local.common_arn, "eks", format("%v/%v/*", r, var.cluster_name))
156:

Function "tolist" expects only 1 argument(s).

Error: Too many function arguments

on policy.tf line 155, in locals:
153:
154:
155: format(local.common_arn, "eks", format("%v/%v/*", r, var.cluster_name))
156:

Function "tolist" expects only 1 argument(s).

Error: Too many function arguments

on policy.tf line 155, in locals:
153:
154:
155: format(local.common_arn, "eks", format("%v/%v/*", r, var.cluster_name))
156:

Function "tolist" expects only 1 argument(s).

Error: Too many function arguments

on policy.tf line 155, in locals:
153:
154:
155: format(local.common_arn, "eks", format("%v/%v/*", r, var.cluster_name))
156:

Function "tolist" expects only 1 argument(s).

ending v1.4.4 action plan file logs/plan.20221025.1666706579.log stamp 20221025.1666706579 start 1666706579 end 1666706586 elapsed 7

results in file logs/plan.20221025.1666706579.log stamp 20221025.1666706579 status=0

= Complete: 14 POLICY> | status=0
} Next: 15, continue [y|n: default=y]? n
<< INCOMPLETE 14/30 last_item=14
<< END: start_time=1666706579 end_time=1666706588 elapsed=9 logfile=logs/run.plan.20221025.1666706579.log status=0

[badra001]

Please show me your settings.auto.tfvars file in that directory

[badra001]

and explain how you populated the directory for this new EKS cluster.

[shaik005]

This is my setting.auto.tfvars file. I copied full cluster example code to APP Directory as demonstrated in TWG Knowledge sharing sessions.

[shaik005@catlab001 tco-ent-auth]$ cat settings.auto.tfvars

cluster_name           = "tco-ent-auth"
cluster_version        = "1.21"
region                 = "us-east-1"
domain                 = "tco-ent-auth.sandbox.csp2.census.gov"
eks_instance_disk_size = 40
eks_vpc_name           = "*sandbox-servers*"
eks_instance_type      = "t3.medium"
eks_ng_desire_size     = 3
eks_ng_max_size        = 15
eks_ng_min_size        = 3

[shaik005]

esk-tf-run14.txt
As temporary reasons, I've removed the condition at line 152 on policy.tf file and rerun tf-run apply commands. The above issue was resolved but I received another error

Attached tf-run apply 14 output

Note that the -target option is not suitable for routine use, and is provided
only for exceptional situations such as recovering from errors or mistakes, or
when Terraform specifically suggests to use it as part of an error message.

Error: error creating IAM Policy p-eks-tco-ent-auth-cluster-admin: MalformedPolicyDocument: Policy statement must contain resources.
status code: 400, request id: 58334309-c008-4dcb-ae26-3ce86baf8d18

on policy.tf line 57, in resource "aws_iam_policy" "cluster-admin-policy":
57: resource "aws_iam_policy" "cluster-admin-policy" {

# ending v1.4.4 action apply file logs/apply.20221026.1666788934.log stamp 20221026.1666788934 start 1666788934 end 1666788953 elapsed 19

# results in file logs/apply.20221026.1666788934.log stamp 20221026.1666788934 status=0

= Complete: 14 POLICY> | status=0
} Next: 15, continue [y|n: default=y]?`

[shaik005]

updated the code and reran tf-run plan 14. Getting this error.

A source was declared for provider aws. Terraform v0.12 does not support the
provider source attribute. It will be ignored.

(and 6 more similar warnings elsewhere)

Error: Invalid for_each argument

on .terraform/modules/group_cluster-admin/main.tf line 55, in resource "aws_iam_group_policy_attachment" "this":
55: for_each = toset(var.attached_policies)

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

Error: Invalid for_each argument

on .terraform/modules/role_cluster-admin/main.tf line 167, in resource "aws_iam_role_policy_attachment" "role":
167: for_each = var.create ? toset(var.attached_policies) : toset([])

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

Error: Invalid for_each argument

on .terraform/modules/role_eks-cluster/main.tf line 167, in resource "aws_iam_role_policy_attachment" "role":
167: for_each = var.create ? toset(var.attached_policies) : toset([])

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

ending v1.4.4 action plan file logs/plan.20221104.1667569575.log stamp 20221104.1667569575 start 1667569575 end 1667569591 elapsed 16