Use encode_expr instead of a hack to convert values to strings for te…

…rraform variables
alphagov · Jan 27, 2025 · 4afbb28 · 4afbb28
1 parent 46f2b5d
commit 4afbb28
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 14 deletions.
diff --git a/terraform/deployments/tfc-configuration/variable-set/main.tf b/terraform/deployments/tfc-configuration/variable-set/main.tf
@@ -1,3 +1,11 @@
+terraform {
+  required_providers {
+    terraform = {
+      source = "terraform.io/builtin/terraform"
+    }
+  }
+}
+
 resource "tfe_variable_set" "set" {
   name         = var.name
   organization = "govuk"
@@ -10,7 +18,7 @@ resource "tfe_variable" "vars" {
 
   variable_set_id = tfe_variable_set.set.id
   key             = each.key
-  value           = try(tostring(each.value), replace(jsonencode(each.value), ":", "="))
-  hcl             = try(tostring(each.value), "nostring") == "nostring" ? true : false
+  value           = provider::terraform::encode_expr(each.value)
+  hcl             = true
   category        = "terraform"
 }
diff --git a/terraform/deployments/tfc-configuration/variables-production.tf b/terraform/deployments/tfc-configuration/variables-production.tf
@@ -106,24 +106,14 @@ module "variable-set-ecr-production" {
   name = "ecr-production"
   tfvars = {
     emails = ["govuk-platform-engineering+ecr-inspector@digital.cabinet-office.gov.uk"]
-  }
-}
 
-# This has to be separate because the ':' get replaced with '='
-#  by the var set module
-resource "tfe_variable" "ecr-puller-arns" {
-  variable_set_id = module.variable-set-ecr-production.variable_set_id
-  key             = "puller_arns"
-  category        = "terraform"
-  value = jsonencode(
-    [
+    puller_arns = [
       "arn:aws:iam::172025368201:root", # Production
       "arn:aws:iam::696911096973:root", # Staging
       "arn:aws:iam::210287912431:root", # Integration
       "arn:aws:iam::430354129336:root", # Test
     ]
-  )
-  hcl = true
+  }
 }
 
 module "variable-set-chat-production" {