terraform-aws-alb icon indicating copy to clipboard operation
terraform-aws-alb copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

"Error: Invalid count argument" when enabled = false

Open dknell opened this issue 4 years ago • 2 comments
trafficstars

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

When enabled = false is set on this module, it produces the following error:

Error: Invalid count argument

  on .terraform/modules/alb.access_logs.s3_bucket/main.tf line 163, in resource "aws_s3_bucket_policy" "default":
 163:   count      = module.this.enabled && (var.allow_ssl_requests_only || var.allow_encrypted_uploads_only || var.policy != "") ? 1 : 0

Expected Behavior

It should produce a valid plan

Steps to Reproduce

Steps to reproduce the behavior:

  1. Run init and apply on the .tf file below
  2. The first time this runs, it says there are no changes, but each subsequent apply, will yield the error above
  3. Run apply again
  4. See error

Screenshots

If applicable, add screenshots or logs to help explain your problem.

Environment (please complete the following information):

  • This fails on terraform 0.13.7
  • It seems to work on 0.14.x and above

Anything that will help us triage the bug will help. Here are some ideas:

  • OS: OSX
  • Version 11.5.2

Additional Context

Here's a simple .tf file to reproduce the issue

variable "vpc_id" {
  type        = string
  description = "The VPC ID"
}

variable "subnet_ids" {
  type        = list(string)
  description = "The Subnet IDs"
  default     = []
}

module "label" {
  source    = "cloudposse/label/null"
  version   = "0.25.0"
  namespace = "my"
  name      = "alb"
  stage     = "test"
}

module "alb" {
  source  = "cloudposse/alb/aws"
  version = "0.35.3"

  enabled = false
  context = module.label.context

  vpc_id                      = var.vpc_id
  subnet_ids                  = var.subnet_ids
  https_enabled               = false
  access_logs_enabled         = false
  http2_enabled               = false
  deletion_protection_enabled = false
}

dknell avatar Sep 05 '21 17:09 dknell

I am seeing the same issue, though the logs are enabled. Looks like there is a dependency on the policy being known prior to creating the s3-bucket.

joechimo avatar Sep 30 '21 14:09 joechimo

@joechimo +1 a module that's worked for a couple years across a handful of cloudposse module versions (logs enabled) suddenly fails with this on past few alb module versions:

Error: Invalid count argument
  on .terraform/modules/keycloak.alb.access_logs.s3_bucket/main.tf line 163, in resource "aws_s3_bucket_policy" "default":
 163:   count      = module.this.enabled && (var.allow_ssl_requests_only || var.allow_encrypted_uploads_only || var.policy != "") ? 1 : 0

The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the target argument to first apply only the resources that the count depends on.

walking back to 0.33.1 works, so something >= 0.33.2 "update terraform cloudposse/lb-s3-bucket/aws to v0.13.0" is suspect.

i submitted a prior PR which required touching the entire alb -> access_logs -> s3_bucket dependency chain so if no one gets to it first i can try to find time to fix this as well (sure everyone's busy playing new year's catch up!).

deadlysyn avatar Jan 02 '22 20:01 deadlysyn