service_accounts_iam doesn't work with computed values

[red8888]

TL;DR

You already fixed this here: https://github.com/terraform-google-modules/terraform-google-iam/issues/75\

You need to apply the same fix to this module

Expected behavior

Works with computed values

Observed behavior

│ 50: for_each = module.helper.set_additive
│ ├────────────────
│ │ module.helper.set_additive is a set of dynamic, known only after apply
│
│ The "for_each" set includes values derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of
│ this resource.

Terraform Configuration

module "my_acct" {
  source           = "terraform-google-modules/iam/google//modules/service_accounts_iam"
  service_accounts = [data.google_service_account.my_acct.email]
  project          = var.project_id
  mode             = "additive"
  bindings = {
    "roles/iam.serviceAccountTokenCreator" = [
      "serviceAccount:${google_service_account.aaaa.email}",
    ]
    "roles/iam.serviceAccountUser" = [
      "serviceAccount:${google_service_account.aaaa.email}",
    ]
  }
}

Terraform Version

Terraform v1.9.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v6.10.0
+ provider registry.terraform.io/hashicorp/google-beta v6.10.0

Additional information

No response

[zope]

I faced the same issue and couldn’t use the service_accounts_iam module.

So, I opted to use google_service_account_iam_member directly.

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days