Blocks of type "provisioner" are not expected here.

[littlejo]

Hello,

I see that dynamic block is supported for provisioner: https://www.terraform.io/docs/configuration/expressions.html#dynamic-blocks

But i didnot succed in doing that

How to reproduce?

terraform_0.12 -v
Terraform v0.12.0
+ provider.aws v2.11.0

My code:

resource "aws_instance" "vpn_client" {
  ami                         = "blabla"
  ebs_optimized               = false
  instance_type               = "t3a.nano"
  monitoring                  = false
  key_name                    = "test"
  associate_public_ip_address = true
  source_dest_check           = false

  dynamic provisioner {
    for_each = ["openvpn.crt", "openvpn.key", "ca.crt", "ta.key"]
    content file {
      source      = "files/vpn_client/test/${provisioner.value}"
      destination = "/tmp/${provisioner.value}"
      connection {
        bastion_user = "ubuntu"
        bastion_host = aws_instance.bastion.public_ip
        user = "ec2-user"
        host = self.private_ip
        timeout = "60s"
      }
    }
  }
}


resource "aws_instance" "bastion" {
  ami                         = "blabla"
  ebs_optimized               = false
  instance_type               = "t3a.nano"
  monitoring                  = false
  key_name                    = "test"
  associate_public_ip_address = true
  source_dest_check           = false
}

terraform_0.12 validate

Error: Unsupported block type

  on ec2.tf line 10, in resource "aws_instance" "vpn_client":
  10:   dynamic provisioner {

Blocks of type "provisioner" are not expected here.

[mildwonkey]

Hi @littlejo !
The document you've linked specifies that you can use dynamic blocks inside provisioners, which is not the same thing as the top-level provisioner block:

You can dynamically construct repeatable nested blocks like ingress using a special dynamic block type, which is supported inside resource, data, provider, and provisioner blocks ...

[emphasis mine]

I will make a note so we can check that the documentation is clear. Thanks for reporting this!

[littlejo]

ok but my case is not possible for the moment?

Thank you.

[apparentlymart]

Hi @littlejo,

The dynamic block does not work for provisioner, as described in the docs:

A dynamic block can only generate arguments that belong to the resource type, data source, provider or provisioner being configured. It is not possible to generate meta-argument blocks such as lifecycle and provisioner blocks, since Terraform must process these before it is safe to evaluate expressions.

As the documentation suggests, provisioner blocks are processed early in Terraform's configuration parsing, long before expression evaluation is possible, so that Terraform can predict the full set of changes required and build the dependency graph.

For your use-case of uploading several files, I'd suggest instead placing all four of those files in a subdirectory and uploading the directory as a whole to your remote server, which would achieve the same result.

[littlejo]

Ok thank you for your answer.

For your use-case of uploading several files, I'd suggest instead placing all four of those files in a subdirectory and uploading the directory as a whole to your remote server, which would achieve the same result.

Yes i found this workaround.

A last question:

      connection {
        bastion_user = "ubuntu"
        bastion_host = aws_instance.bastion.public_ip
        user = "ec2-user"
        host = self.private_ip
        timeout = "60s"
      }

In my project, i have a lot of this code. Is it possible to factorize this code? If not, will it be possible in the future ?

[mildwonkey]

The docs have been updated since this was originally opened, so I am going to close this. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.