Route table IDs output uses function and therefore count cannot rely on it

[mkozal]

Description

Commit 19fcf0d introduces changes to outputs from simple types to using a function. Therefore Terraform is unable to use them as basis for count. Error is as follows. Downgrading to v3.11.1 made it work.

│ Error: Invalid count argument
│ 
│   on .terraform/modules/network/vpc_route.tf line 48, in module "database_vpn_via_tgw":
│   48:   count = length(module.vpc.database_route_table_ids)
│ 
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot
│ predict how many instances will be created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.
╵
Releasing state lock. This may take a few moments...

Versions

• Module version [Required]: 3.14.0

• Terraform version:
  v0.15.0, same behaviour with 1.1.9

• Provider version(s):
  AWS v4.12.1

Reproduction Code [Required]

# yaml
customer_cidrs:
  - 10.0.0.0/16

# code
module "database_vpn_via_tgw" {
  source = "./vpc_tgw_routes"
  count = length(module.vpc.database_route_table_ids)

  routes             = local.vpc.customer_cidrs
  route_table_id     = module.vpc.database_route_table_ids[count.index]
  transit_gateway_id = local.vpc.tgw_id
}
# module
resource "aws_route" "this" {
  count                  = length(var.routes)
  route_table_id         = var.route_table_id
  destination_cidr_block = var.routes[count.index]
  transit_gateway_id     = var.transit_gateway_id
}

Steps to reproduce the behavior:

Are you using workspaces? Yes!!!
Have you cleared the local cache (see Notice section above)? Done.
List steps in order that led up to the issue you encountered: VPC module bump.

Expected behavior

Count based on output will work as previously (as the code is already a workaround for not having setproduct() or for loop producing reliable output.

Actual behavior

Count cannot rely on output anymore.

Additional context

Targeting module.vpc didn't produce any changes.

[antonbabenko]

Hi,

You need to replace the value in count to something computed/known (e.g. a number of routes). This is a well-known issue in Terraform - hashicorp/terraform#30937 (hashicorp/terraform#4149).

Please consider asking generic questions about Terraform on https://discuss.hashicorp.com

There is not much we can do in this module, so I am going to close this issue.

[mkozal]

Fair point, obviously there's an issue with how functions proceed.
…however: previous output works just fine. Otherwise I wouldn't report that issues as in my view that would be a regression.

BTW number of routes already serves as the secondary (nested) count but I don't think switching order will help any.

Is there any other output/input mix you can think of that could be used for that purpose?

[antonbabenko]

source = "./vpc_tgw_routes" - this is not the current module but probably some wrapper around it (I don't see the source code).

You should be able to get better generic support by asking questions about Terraform on discuss.hashicorp.com.

[mkozal]

With due respect:

• source code is in the first post. I skipped over module.vpc which is terraform-aws-vpc because the issue is with the output and not how the resources in the module behave and attached the code to demonstrate it
• terraform limitation of known values suggest targeting but that happens even when whole module.vpc is targeted and applied
• it used to work up to v3.11.1 (and I pointed to a commit that breaks it) so it's not a "generic support" but terraform-aws-vpc question about the change to the outputs
  Take the following:
  value = length(aws_route_table.database.*.id) > 0 ? aws_route_table.database.*.id : aws_route_table.private.*.id
  vs
  value = try(coalescelist(aws_route_table.database[*].id, aws_route_table.private[*].id), [])

The first one uses just pure splat, the second does use coalescelist. If this is fine, it was well thought out decision and we don't want to limit ourselves with function usage just because Terraform is buggy so therefore Closed & won't fix then it's alright. Just please don't make me feel like what I reported is not terraform-aws-vpc related at all.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.