terraform-cdk icon indicating copy to clipboard operation
terraform-cdk copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Using external modules: Invalid count argument when count argument is defined before apply

Open mimozell opened this issue 3 years ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

cdktf & Language Versions

0.12.2 typescript

Affected Resource(s)

Use of external modules

Debug Output

│ Error: Invalid count argument
│ 
│   on .terraform/modules/fargate.vpc/main.tf line 21, in resource "aws_vpc" "this":
│   21:   count = local.create_vpc ? 1 : 0
│ 
│ The "count" value depends on resource attributes that cannot be determined
│ until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.

Expected Behavior

I'm currently trying to set up a simple example where I use externally provided modules (open-source or private). Following one of the examples in the documentation, I'm trying this:

        const vpc = new Vpc(this, 'MyVpc', {
                name: 'my-vpc',
                cidr: '10.0.0.0/16',
                azs: ['us-west-2a', 'us-west-2b', 'us-west-2c'],
                privateSubnets: ['10.0.1.0/24', '10.0.2.0/24', '10.0.3.0/24'],
                publicSubnets: ['10.0.101.0/24', '10.0.102.0/24', '10.0.103.0/24'],
                enableNatGateway: true
            }
        )

and importing the VPC module like this:

  "terraformModules": [
    {
      "name": "vpc",
      "source": "terraform-aws-modules/vpc/aws",
      "version": "3.14.4"
    }
  ],

I would expect to be able to deploy the VPC above with the given parameters.

Actual Behavior

Instead, I am getting a lot of errors (for any resource where count depends on a local value), starting with the one in Debug Output above. According to the error, the value of "count" cannot be determined until after apply, but that isn't true, as the value of it is well known. The module code seen as problematic is the following:

variable "create_vpc" {
  description = "Controls if VPC should be created (it affects almost all resources)"
  type        = bool
  default     = true
}

variable "putin_khuylo" {
  description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
  type        = bool
  default     = true
}

locals {
   create_vpc = var.create_vpc && var.putin_khuylo
}

resource "aws_vpc" "this" {
  count = local.create_vpc ? 1 : 0
  ...
}

which shows that the value is true by default and hence there should be no issue planning. I also tried explicitly setting the values for those two variables, but it made no difference.

Steps to Reproduce

  1. Import the VPC above
  2. Use it as specified above
  3. Run cdktf diff

Important Factoids

References

  • #0000

mimozell avatar Sep 21 '22 11:09 mimozell

Hmm, I discovered that this is actually happening because I am referencing the Id of the vpc in another (private) module like this:

            vpcId: vpc.vpcIdOutput,

if I set this value as a random string, it will plan as expected, but not when using the output of a module that hasn't been applied yet (although the error is pointing to the source code of the VPC module, not of the second module where I use the value).

mimozell avatar Sep 21 '22 12:09 mimozell

And upon further investigation it turns out that the issue is not with the VPC mentioned above, but the VPC module that the second, private, module is referencing. To visualize:

We have:

  • vpc module above
  • private module: uses Id of vpc above if it is provided, otherwise it creates a vpc using the same open-source vpc module (https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest).

The error is actually pointing to the main.tf file of the vpc module referenced by the private module

Screenshot 2022-09-21 at 15 21 14 Still not sure why this should happen as the vpc module that is causing the issue shouldn't be "invoked" considering that I am providing the vpcId of the vpc defined first.

mimozell avatar Sep 21 '22 13:09 mimozell

I realized that this issue would've happened if it had been implemented in the same way in HCL as well. The first VPC module has to be created first (in another stack) and then the output from it passed to the second module in the second stack so that plan can be calculated.

mimozell avatar Sep 26 '22 14:09 mimozell

I'm going to lock this issue because it has been closed for 30 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Nov 24 '22 01:11 github-actions[bot]