Terraform plan/apply fail with invalid count/for_each if compartment or VCN created in same configuration but outside module
chrizkim opened this issue ยท 3 comments
chrizkim commented
Community Note
- Please vote on this issue by adding a ๐ reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version and Provider Version
$ terraform -v
Terraform v1.6.5 on darwin_amd64
Affected Resource(s)
data.oci_core_vcn.okemodule.iam.data.oci_identity_tags.okemodule.network.oci_core_subnet.okemodule.network.oci_core_security_list.okedata.oci_identity_availability_domains.allmodule.workers.data.oci_identity_fault_domains.all
Terraform Configuration Files
https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/module-network.tf#L4-L5
data "oci_core_vcn" "oke" {
count = coalesce(var.vcn_id, "none") != "none" ? 1 : 0
...data "oci_identity_tags" "oke" {
count = var.create_iam_resources && local.tag_namespace_id_found != null ? 1 : 0
...resource "oci_core_security_list" "oke" {
for_each = {
for k, v in local.subnets_to_create : k => v
if tobool(lookup(v, "create_seclist", false))
}
...data "oci_identity_fault_domains" "all" {
for_each = var.ad_numbers_to_names
...Debug Output
โท
โ Error: Invalid count argument
โ
โ on .terraform/modules/oke/module-network.tf line 5, in data "oci_core_vcn" "oke":
โ 5: count = coalesce(var.vcn_id, "none") != "none" ? 1 : 0
โ
โ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many
โ instances will be created. To work around this, use the -target argument to first apply only the resources that the count
โ depends on.
โต
โท
โ Error: Invalid count argument
โ
โ on .terraform/modules/oke/modules/iam/tagging.tf line 17, in data "oci_identity_tags" "oke":
โ 17: count = var.create_iam_resources && local.tag_namespace_id_found != null ? 1 : 0
โ
โ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many
โ instances will be created. To work around this, use the -target argument to first apply only the resources that the count
โ depends on.
โต
โท
โ Error: Invalid for_each argument
โ
โ on .terraform/modules/oke/modules/network/subnets.tf line 148, in resource "oci_core_security_list" "oke":
โ 148: for_each = {
โ 149: for k, v in local.subnets_to_create : k => v
โ 150: if tobool(lookup(v, "create_seclist", false))
โ 151: }
โ โโโโโโโโโโโโโโโโโ
โ โ local.subnets_to_create is a object, known only after apply
โ
โ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform
โ cannot determine the full set of keys that will identify the instances of this resource.
โ
โ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place
โ apply-time results only in the map values.
โ
โ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on,
โ and then apply a second time to fully converge.
โต
โท
โ Error: Invalid for_each argument
โ
โ on .terraform/modules/oke/modules/workers/data-faultdomains.tf line 5, in data "oci_identity_fault_domains" "all":
โ 5: for_each = var.ad_numbers_to_names
โ โโโโโโโโโโโโโโโโโ
โ โ var.ad_numbers_to_names is a map of string, known only after apply
โ
โ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform
โ cannot determine the full set of keys that will identify the instances of this resource.
โ
โ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place
โ apply-time results only in the map values.
โ
โ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on,
โ and then apply a second time to fully converge.
โต
Panic Output
Expected Behavior
Terraform builds the plan successfully
Actual Behavior
Terraform exits during planning with an error
Steps to Reproduce
resource "oci_identity_compartment" "this" {
...
}
module "oke" {
source = "oracle-terraform-modules/oke/oci"
version = "5.1.0"
...
compartment_id = oci_identity_compartment.this.id
...
}
terraform apply
Important Factoids
References
houseinh commented
I have updated the module to the last version, the vcn_id is fixed, but still have the same issues with items like subnets and kms
Is there any fix for that?
โ Error: Invalid count argument
โ
โ on .terraform/modules/k8s.oke/modules/network/subnets.tf line 103, in resource "null_resource" "validate_subnets":
โ 103: count = anytrue([for k, v in local.subnet_cidrs_new : contains(["netnum", "newbits", "cidr"], v.type)
โ 104: if lookup(v, "create", "auto") != "never"
โ 105: ]) ? 1 : 0
โ
โ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that
โ the count depends on.
โต
โท
โ Error: Invalid for_each argument
โ
โ on .terraform/modules/k8s.oke/modules/network/subnets.tf line 148, in resource "oci_core_security_list" "oke":
โ 148: for_each = {
โ 149: for k, v in local.subnets_to_create : k => v
โ 150: if tobool(lookup(v, "create_seclist", false))
โ 151: }
โ โโโโโโโโโโโโโโโโโ
โ โ local.subnets_to_create will be known only after apply
โ
โ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
โ
โ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values.
โ
โ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.