Why are the double slash in this parameter definition on Terraform required?

Question

Currently struggling writing a Terraform module to deploy a Helm chart, I was getting:

│ Error: YAML parse error on external-dns/templates/serviceaccount.yaml: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal object into Go struct field .metadata.annotations of type string

with a resource definition like this one:

resource "helm_release" "external_dns" {
  name       = "externaldns"
  namespace  = var.external_dns_namespace
  repository = "https://charts.bitnami.com/bitnami"
  chart      = "external-dns"
  version    = "5.3.0"

  set {
    name  = "serviceAccount.annotations.eks.amazonaws.com/role-arn"
    value = resource.aws_iam_role.external_dns_role.arn
  }
}

When I found a public repository with a similar module: https://github.com/lablabs/terraform-aws-eks-external-dns/blob/master/main.tf and see that it has the last parameter defined as

  set {
    name  = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
    value = aws_iam_role.external_dns[0].arn
  }

I tried adding those double slashes (\) and everything works! Now I would like to understand... why are these double slash required before the last two "." but not in the other two?

I understand that, in Terraform, the double slash means literally a slash... but I cannot understand why would it be required there.

This is what I am trying to put into the Terraform module.

Any help with an explanation for this issue will be appreciated :)

"but not in the other two" - which other two? I don't see any other backslashes. (Backslashes are typically escape characters, but forward slashes aren't.) — Jon Skeet
Sorry @JonSkeet, I mean the other two points ("."), the repository that I mentioned adds double backslashes before the point on '.amazonaws' and the point on '.com' as if a backslash were required there, but why is it required in those keywords and not in others? Right before the points. Maybe is because those words are inside of the final key in the yaml map? Something like this? And you need the backslash to scape the point so you add two backslash to scape the one that will scape the point? — spotHound
I would expect it's because "eks.amazonaws.com" is effectively a single segment in the name, but I can't say for sure. Thanks for clarifying though - it's clearer now. — Jon Skeet

aherve aherve · Accepted Answer · 2021-08-10T08:57:58

in name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" you want to define 3 groups, that are separated by dots:

serviceAccount -> annotations -> eks.amazonaws.com/role-arn

Since your third group happens to contain dots, you successfully found out that you must escape the dot characters in order to preserve proper structure.

Without escaping, the string would somehow mean

serviceAccount -> annotations -> eks -> amazonaws-> com/role-arn, which makes no sense here

Why are the double slash in this parameter definition on Terraform required?

1 Answers