Describe the bug
Running terraform init
fails when using older specific version of the module lacework/config/aws (0.5.0) with older terraform 0.13.7.
The module loads a submodule lacework/iam-role/aws using a pessimistic version constraint of "~> 0.2" which allows it to download the latest 0.3.0 iam-role (released 3 weeks ago) which added a TF version constraint of >= 0.14. Running terraform init
has been broken for us for 3 weeks now.
Steps to reproduce
Using terraform 0.13.7, I cannot terraform init an application that loads the aws_config module:
module "aws_config" {
source = "lacework/config/aws"
version = "0.5.0"
}
Expected behavior
I pin version 0.5.0 in my module load of lacework/config/aws because it works with TF 0.13.7. I expect any submodules it loads to also allow TF 0.13.7.
Please complete the following information):
- Terraform Version: v0.13.7
- Module Version: 0.5.0
Additional context
I'd like to request a patch version 0.5.1 that loads the iam submodule using a more strict pessimistic version constraint (the version
line) :
module "lacework_cfg_iam_role" {
source = "lacework/iam-role/aws"
version = "~> 0.2.0"
create = var.use_existing_iam_role ? false : true
iam_role_name = var.iam_role_name
lacework_aws_account_id = var.lacework_aws_account_id
external_id_length = var.external_id_length
tags = var.tags
}
Making this change locally allows terraform init to succeed.
This same iam-role dependency exists in "lacework/cloudtrail/aws" (2.1.1) and "lacework/ecr/aws" (0.6.0) modules, and both are resolved by making the same change to the version
line above. If you are willing, I'd like to request a patch release for those as well (2.1.2 and 0.6.1, respectively) with the same version modification. I can create separate issue requests if necessary (and if you are willing to entertain this idea).
If you can advise some way of controlling the versioning of submodules when loading the main module, that would be great (but I don't think such a method exists as code is written.)
If the response is "we don't want to support an old version like this", then I will look at cloning your modules into my local terraform modules with the change made locally, but I'd like to avoid that if possible. (When we upgrade terraform -> 0.14 ->0.15 -> 1.x we will resolve all of these issues, but it's a complex code base.)