Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform plan/apply fail with invalid count/for_each if Subnets or KMS keys created in same configuration but outside module #918

Open
houseinh opened this issue Apr 19, 2024 · 0 comments
Open

Terraform plan/apply fail with invalid count/for_each if Subnets or KMS keys created in same configuration but outside module #918

houseinh opened this issue Apr 19, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@houseinh
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

terraform -v: Terraform v1.8.1 on darwin_amd64
oracle/oci: ~> 5.32.0

Affected Resource(s)

oci_identity_dynamic_group.cluster
null_resource.validate_subnets
oci_core_security_list.oke

Terraform Configuration Files

module "oke" {
  source                            = "oracle-terraform-modules/oke/oci"
  version                           = "5.1.5"
  compartment_id                    = var.compartment_id
  create_vcn                        = false
  vcn_id                            = var.vcn_id
  cluster_name                      = var.cluster_name
  kubernetes_version                = var.kubernetes_version
  control_plane_is_public           = true
  assign_public_ip_to_control_plane = true
  control_plane_allowed_cidrs       = var.kubernetes_authorized_ip_ranges
  create_bastion                    = false
  create_drg                        = false
  create_operator                   = false
  cluster_kms_key_id                = var.cluster_kms_key_id != null ? var.cluster_kms_key_id : null
  nsgs = {
    cp      = {}
    pub_lb  = {}
    workers = {}
  }
  subnets = {
    cp      = { id = "${var.vcn_public_subnet_id}" }
    pub_lb  = { id = "${var.vcn_public_subnet_id}" }
    workers = { id = "${var.vcn_private_subnet_id}" }
  }
  worker_pool_size = var.kubernetes_node_count
  worker_pool_mode = "node-pool"
  worker_shape = {
    shape            = var.vm_shape
    ocpus            = var.flex_vm_type_cpus
    memory           = var.flex_vm_type_memory
    boot_volume_size = var.boot_volume_size
  }

  worker_pools = var.cluster_node_pools
  providers = {
    oci.home = oci.home
  }
}

Debug Output

╷
│ Error: Invalid count argument
│ 
│   on .terraform/modules/k8s.oke/modules/iam/group-cluster.tf line 22, in resource "oci_identity_dynamic_group" "cluster":
│   22:   count          = var.create_iam_resources && var.create_iam_kms_policy ? 1 : 0
│ 
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only the resources that the count depends on.
╵
╷
│ Error: Invalid count argument
│ 
│   on .terraform/modules/k8s.oke/modules/network/subnets.tf line 103, in resource "null_resource" "validate_subnets":
│  103:   count = anytrue([for k, v in local.subnet_cidrs_new : contains(["netnum", "newbits", "cidr"], v.type)
│  104:     if lookup(v, "create", "auto") != "never"
│  105:   ]) ? 1 : 0
│ 
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only the resources that the count depends on.
╵
╷
│ Error: Invalid for_each argument
│ 
│   on .terraform/modules/k8s.oke/modules/network/subnets.tf line 148, in resource "oci_core_security_list" "oke":
│  148:   for_each = {
│  149:     for k, v in local.subnets_to_create : k => v
│  150:     if tobool(lookup(v, "create_seclist", false))
│  151:   }
│     ├────────────────
│     │ local.subnets_to_create will be known only after apply
│ 
│ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full
│ set of keys that will identify the instances of this resource.
│ 
│ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only
│ in the map values.
│ 
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a
│ second time to fully converge.

Panic Output

Expected Behavior

Terraform builds the plan successfully

Actual Behavior

Terraform exits during planning with an error

Steps to Reproduce

  1. terraform apply

Important Factoids

References
@houseinh houseinh added the bug Something isn't working label Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@houseinh