core: length of "splat variable" should not be computed #14677
Comments
|
Hi @ashb! Thanks for following up with this extra detail. If I'm understanding correctly, I think the way this violated your expectations is that even though the values of the list are computed, Terraform should know the length of the list, because that's derived from a variable. If so, then I agree: Terraform ought to be able to figure this out in an ideal world. Right now this information doesn't thread through properly because there is a rule that if a list contains any unknown values then it becomes entirely unknown when returned from an interpolation sequence; this is a limitation we've inherited from Terraform's core architecture, and so not something we can fix quickly. I think is is something we should be able to resolve as part of some holistic work we're hoping to do soon to improve consistency how Terraform passes values around. This should allow us to preserve details like "unknown" properly as they thread between different subsystems. That work is still in the early planning/prototyping phase right now, so I can't say for sure, but we'll keep this issue here for now and update when there's something more concrete and definite to say here. Thanks again for filing this! |
apparentlymart
changed the title
Yeah, that was why I was somewhat surprised that it didn't work, but when I wrote it all out in detail I realised why it wasn't working right now. In my case the work around was easy enough (just create a |
@apparentlymart, I would go a step further and say Terraform should know the length of the list if it is a fixed length, even if every value is computed. I've been looking around at the many variations on this issue and I certainly see that many times the length of the list is computed so it can't be known at plan time. I think there are times where the length of the list is fixed, but the values are computed. So the length isn't even from a variable, there's just two items, but they have computed values so terraform somehow doesn't know how many items are in the list. Example: resource "aws_iam_policy" "foo" { }
resource "aws_iam_policy" "bar" { }
module "baz" {
iam_policies = [
"${aws_iam_policy.foo.arn}",
"${aws_iam_policy.bar.arn}",
]
}
# then in the module
variable "iam_policies" {
type = "list"
default = []
}
resource "aws_iam_role_policy_attachment" "policy" {
policy_arn = "${var.iam_policies[count.index]}"
role = "${aws_iam_role.foo.name}"
count = "${length(var.iam_policies)}"
}The workaround is to just pass in the length in another variable, since I know what it is right there where I'm setting the value of the list. But that seems kinda silly. module "baz" {
iam_policies = [
"${aws_iam_policy.foo.arn}",
"${aws_iam_policy.bar.arn}",
]
iam_policy_count = 2
}Or the two-pass plan where I do an apply to make the policies and then the plan that passes them into the module. No matter what I pick it seems like a hack |
|
I am running into the same problem while trying to create aws_ssm_parameters by passing it a map. I have a map with fixed number of keys, but their values are coming from module outputs or other resources. When I am trying to use. The workaround is to pass another variable ssm_count = 4 but this doesn't feel right at all. |
This contains the full CRUD/tests/docs for the vsphere_datastore_cluster_vm_anti_affinity_rule resource. One thing to note here - during testing, it was found that a virtual_machine_ids length of less than 2 is essentially a no-op on the cluster, resulting in no rules created. This was causing issues where the apply was succeeding but not rule was being returned, resulting in odd errors post-creation. In addition to this, we cannot restrict this with MinItems, as there currently seems to be an issue calculating the length of a glob of computed values - ie: vsphere_virtual_machine.vm.*.id, even when the count in vsphere_virtual_machine is static. If I'm assuming correctly, this is because when the computed/unknown value is seen, the entire field becomes unknown with a length of 1, regardless of if the final length is known beforehand. Further reading can be found at: hashicorp/terraform#14677 (comment)
This contains the full CRUD/tests/docs for the vsphere_datastore_cluster_vm_anti_affinity_rule resource. One thing to note here - during testing, it was found that a virtual_machine_ids length of less than 2 is essentially a no-op on the cluster, resulting in no rules created. This was causing issues where the apply was succeeding but no rule was being returned, resulting in odd errors post-creation. In addition to this, we cannot restrict this with MinItems, as there currently seems to be an issue calculating the length of a glob of computed values - ie: vsphere_virtual_machine.vm.*.id, even when the count in vsphere_virtual_machine is static. If I'm assuming correctly, this is because when the computed/unknown value is seen, the entire field becomes unknown with a length of 1, regardless of if the final length is known beforehand. Further reading can be found at: hashicorp/terraform#14677 (comment)
This contains the full CRUD/tests/docs for the vsphere_datastore_cluster_vm_anti_affinity_rule resource. One thing to note here - during testing, it was found that a virtual_machine_ids length of less than 2 is essentially a no-op on the cluster, resulting in no rules created. This was causing issues where the apply was succeeding but no rule was being returned, resulting in odd errors post-creation. In addition to this, we cannot restrict this with MinItems, as there currently seems to be an issue calculating the length of a glob of computed values - ie: vsphere_virtual_machine.vm.*.id, even when the count in vsphere_virtual_machine is static. If I'm assuming correctly, this is because when the computed/unknown value is seen, the entire field becomes unknown with a length of 1, regardless of if the final length is known beforehand. Further reading can be found at: hashicorp/terraform#14677 (comment)
This contains the full CRUD/tests/docs for the vsphere_datastore_cluster_vm_anti_affinity_rule resource. One thing to note here - during testing, it was found that a virtual_machine_ids length of less than 2 is essentially a no-op on the cluster, resulting in no rules created. This was causing issues where the apply was succeeding but no rule was being returned, resulting in odd errors post-creation. In addition to this, we cannot restrict this with MinItems, as there currently seems to be an issue calculating the length of a glob of computed values - ie: vsphere_virtual_machine.vm.*.id, even when the count in vsphere_virtual_machine is static. If I'm assuming correctly, this is because when the computed/unknown value is seen, the entire field becomes unknown with a length of 1, regardless of if the final length is known beforehand. Further reading can be found at: hashicorp/terraform#14677 (comment)
|
@mildwonkey I don't really understand why 10857 was closed and merged into this one, considering that 10857 is more than a year older than this issue and has >5x the participants. Relatedly, I never got a reply to my question at #10857 (comment) |
|
Oh nevermind, it looks like #12570 has a lot of discussion on it (I think the two issues linked from #10857 (comment) actually have less conversation than that one) |
|
Hi all! Over in #10857 is a broader discussion about computed counts, but my latest comment includes my verification that the particular bug reported by this issue has been fixed in Terraform v0.12.0-alpha1. What fixed this is a removal of the rule that a known list may not contain a computed (now called "unknown") value: the list remains known, and thus its length is known, and only accessing the specific unknown element directly will result in an unknown value. This fix is already in |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
I found a case that I would have expected to be fixed by #1497 but that still gives me the same sort of error. It's this below (using the terraform-community-modules tf_aws_vpc and (my fork) of the tf_aws_nat modules):
Thinking a bit more about this I can see why its coming up as computed. The flow is as follows:
${slice()}interpolation as the input variable to a modulecount = "${length(var.public_subnets)}"inside the moduleaws_subnetresource with this count uses a splat in the outputoutput "public_subnets" { value = ["${aws_subnet.public.*.id}"] }${length(mod.vpc.public_subnets)}So I can make the inference between the
countandaws_subnet.public.*.idbut it's probably one level of indirection too muchTerraform v0.9.5, running
terraform planI get:The terraform code I'm using is:
The text was updated successfully, but these errors were encountered: