Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

count is not working on certificate with multiple names #6557

Closed
ghost opened this issue Nov 22, 2018 · 4 comments
Closed

count is not working on certificate with multiple names #6557

ghost opened this issue Nov 22, 2018 · 4 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/acm Issues and PRs that pertain to the acm service.

Comments

@ghost
Copy link

ghost commented Nov 22, 2018

This issue was originally opened by @voroniys as hashicorp/terraform#19436. It was migrated here as a result of the provider split. The original body of the issue is below.


Terraform Version

Terraform v0.11.10

  • provider.aws v1.41.0

Terraform Configuration Files

resource "aws_acm_certificate" "my_cert" {
  domain_name       = "${var.dns_name}.${aws_route53_zone.myzone.name}"
  subject_alternative_names = [
    "prefix1-${var.dns_name}.${aws_route53_zone.myzone.name}",
    prefix2r-${var.dns_name}.${aws_route53_zone.myzone.name}",
    "prefix3-${var.dns_name}.${aws_route53_zone.myzone.name}"
  ]
  validation_method = "DNS"
}

resource "aws_route53_record" "cert_validation_dns_record" {
  depends_on = ["aws_acm_certificate.my_cert"]
  count   = "${length(aws_acm_certificate.my_cert.domain_validation_options)}"
  name    = "${lookup(aws_acm_certificate.my_cert.domain_validation_options[count.index], "resource_record_name")}"
  type    = "${lookup(aws_acm_certificate.my_cert.domain_validation_options[count.index], "resource_record_type")}"
  records = ["${lookup(aws_acm_certificate.my_cert.domain_validation_options[count.index], "resource_record_value")}"]
  zone_id = "${aws_route53_zone.myzone.zone_id}"
  ttl     = 300
}
...

Debug Output

  • aws_route53_record.cert_validation_dns_record: aws_route53_record.cert_validation_dns_record: value of 'count' cannot be computed

Expected Behavior

It should just work

Actual Behavior

Error about counter. The code above works if I create a certificate first. depend_on does not help.

Steps to Reproduce

terraform apply with the code above

@bflad bflad added the service/acm Issues and PRs that pertain to the acm service. label Nov 25, 2018
@zdoherty
Copy link

Also hitting this issue with provider version 1.56.

Given these resources:

resource "aws_acm_certificate" "this" {
  domain_name       = "zack-test.__REDACTED__"
  validation_method = "DNS"

  subject_alternative_names = [
    "zach-test.__REDACTED__",
  ]
}

resource "aws_route53_record" "validate" {
  zone_id = "__REDACTED__"
  name    = "${element(aws_acm_certificate.this.domain_validation_options.*.resource_record_name, count.index)}"
  type    = "${element(aws_acm_certificate.this.domain_validation_options.*.resource_record_type, count.index)}"
  ttl     = 300
  records = ["${element(aws_acm_certificate.this.domain_validation_options.*.resource_record_value, count.index)}"]

  depends_on = [ "aws_acm_certificate.this" ]
  count      = "${length(aws_acm_certificate.this.domain_validation_options)}"
}

I get the following error when trying to run apply:

Error: Error running plan: 1 error(s) occurred:

* aws_route53_record.validate: aws_route53_record.validate: value of 'count' cannot be computed

After running an apply with -target=aws_acm_certificate.this successfully, the error remains, though the domain_validation_options attribute appears in the state file:

id                                                = arn:aws:acm:us-east-1:__REDACTED__:certificate/__REDACTED__
arn                                               = arn:aws:acm:us-east-1:__REDACTED__:certificate/__REDACTED__
domain_name                                       = zack-test.__REDACTED__
domain_validation_options.#                       = 2
domain_validation_options.0.domain_name           = zack-test.__REDACTED__
domain_validation_options.0.resource_record_name  = __REDACTED__.zack-test.__REDACTED__.
domain_validation_options.0.resource_record_type  = CNAME
domain_validation_options.0.resource_record_value = __REDACTED__.acm-validations.aws.
domain_validation_options.1.domain_name           = zach-test.__REDACTED__
domain_validation_options.1.resource_record_name  = __REDACTED__.zach-test.__REDACTED__.
domain_validation_options.1.resource_record_type  = CNAME
domain_validation_options.1.resource_record_value = __REDACTED__.acm-validations.aws.
subject_alternative_names.#                       = 1
subject_alternative_names.0                       = zach-test.__REDACTED__
tags.%                                            = 0
validation_emails.#                               = 0
validation_method                                 = DNS

@goetzc
Copy link

goetzc commented Jan 19, 2019

See hashicorp/terraform#12570 (comment)

By now this issue is covering quite a number of different root problems that all happen to have the same symptoms. The root problem that Terraform cannot support a computed count will unfortunately remain true until #4149 can be addressed in a later release, but in the v0.12-alpha1 the most common cases where Terraform would unnecessarily consider a value to be "computed" have been addressed.
...

@nywilken nywilken added the enhancement Requests to existing resources that expand the functionality or scope. label Apr 23, 2019
@bflad
Copy link
Contributor

bflad commented Aug 5, 2019

Hi folks 👋 Given the version of Terraform is before 0.12 in the original post here, please try this in more recent versions of Terraform such as Terraform 0.12.6. The upstream code handling with count has been reworked in Terraform 0.12. If nothing else, the error reporting should hopefully be improved in this scenario.

It is worth nothing that the aws_acm_certificate resource itself does not make any upfront assumptions about the length of the domain_validation_options attribute and therefore cannot meaningfully contribute to the downstream value of the count during plan. There may be rules about calculating that length ahead of time, however the complexity of maintaining those in the resource (with the expense of Terraform returning errors when the resource provides an incorrect value between plan and apply), generally means that we avoid introducing this complexity and encourage practitioners to shy away from overly generic Terraform configurations in these cases.

If you are still encountering issues, please feel free to open a new Bug Report following the issue template for further triage. Thanks!

@ghost
Copy link
Author

ghost commented Nov 2, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Nov 2, 2019
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/acm Issues and PRs that pertain to the acm service.
Projects
None yet
Development

No branches or pull requests

4 participants