Terraform plan/apply fail with invalid count/for_each if Subnets or KMS keys created in same configuration but outside module
houseinh opened this issue ยท 0 comments
houseinh commented
Community Note
- Please vote on this issue by adding a ๐ reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version and Provider Version
terraform -v: Terraform v1.8.1 on darwin_amd64
oracle/oci: ~> 5.32.0
Affected Resource(s)
oci_identity_dynamic_group.cluster
null_resource.validate_subnets
oci_core_security_list.oke
Terraform Configuration Files
module "oke" {
source = "oracle-terraform-modules/oke/oci"
version = "5.1.5"
compartment_id = var.compartment_id
create_vcn = false
vcn_id = var.vcn_id
cluster_name = var.cluster_name
kubernetes_version = var.kubernetes_version
control_plane_is_public = true
assign_public_ip_to_control_plane = true
control_plane_allowed_cidrs = var.kubernetes_authorized_ip_ranges
create_bastion = false
create_drg = false
create_operator = false
cluster_kms_key_id = var.cluster_kms_key_id != null ? var.cluster_kms_key_id : null
nsgs = {
cp = {}
pub_lb = {}
workers = {}
}
subnets = {
cp = { id = "${var.vcn_public_subnet_id}" }
pub_lb = { id = "${var.vcn_public_subnet_id}" }
workers = { id = "${var.vcn_private_subnet_id}" }
}
worker_pool_size = var.kubernetes_node_count
worker_pool_mode = "node-pool"
worker_shape = {
shape = var.vm_shape
ocpus = var.flex_vm_type_cpus
memory = var.flex_vm_type_memory
boot_volume_size = var.boot_volume_size
}
worker_pools = var.cluster_node_pools
providers = {
oci.home = oci.home
}
}
Debug Output
โท
โ Error: Invalid count argument
โ
โ on .terraform/modules/k8s.oke/modules/iam/group-cluster.tf line 22, in resource "oci_identity_dynamic_group" "cluster":
โ 22: count = var.create_iam_resources && var.create_iam_kms_policy ? 1 : 0
โ
โ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be
โ created. To work around this, use the -target argument to first apply only the resources that the count depends on.
โต
โท
โ Error: Invalid count argument
โ
โ on .terraform/modules/k8s.oke/modules/network/subnets.tf line 103, in resource "null_resource" "validate_subnets":
โ 103: count = anytrue([for k, v in local.subnet_cidrs_new : contains(["netnum", "newbits", "cidr"], v.type)
โ 104: if lookup(v, "create", "auto") != "never"
โ 105: ]) ? 1 : 0
โ
โ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be
โ created. To work around this, use the -target argument to first apply only the resources that the count depends on.
โต
โท
โ Error: Invalid for_each argument
โ
โ on .terraform/modules/k8s.oke/modules/network/subnets.tf line 148, in resource "oci_core_security_list" "oke":
โ 148: for_each = {
โ 149: for k, v in local.subnets_to_create : k => v
โ 150: if tobool(lookup(v, "create_seclist", false))
โ 151: }
โ โโโโโโโโโโโโโโโโโ
โ โ local.subnets_to_create will be known only after apply
โ
โ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full
โ set of keys that will identify the instances of this resource.
โ
โ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only
โ in the map values.
โ
โ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a
โ second time to fully converge.
Panic Output
Expected Behavior
Terraform builds the plan successfully
Actual Behavior
Terraform exits during planning with an error
Steps to Reproduce
terraform apply