Error: Invalid count argument

[scrossan]

I am trying to deploy a Big-IP VM using v1.1.2 of this module and Terraform 1.0.2 but I'm getting invalid count argument errors when I try to plan or apply:

│ Error: Invalid count argument
│
│   on .terraform/modules/bigip/main.tf line 149, in resource "google_project_iam_member" "gcp_role_member_assignment":
│  149:   count   = var.gcp_secret_manager_authentication && var.service_account == "" ? 1 : 0
│
│ The "count" value depends on resource attributes that cannot be determined
│ until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.
╵
╷
│ Error: Invalid count argument
│
│   on .terraform/modules/bigip/main.tf line 156, in resource "google_project_iam_custom_role" "gcp_custom_roles":
│  156:   count       = var.gcp_secret_manager_authentication && var.service_account == "" ? 1 : 0
│
│ The "count" value depends on resource attributes that cannot be determined
│ until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.

Unless I use GCP secret manager it doesn't seem that I'm able to work around this problem (I would rather not use it just for Big-IP as we don't use it for anything else). You can find my Terraform config here: https://gist.github.com/scrossan/42b108778adfdec3eba99a91b9c65d9f

[trinaths]

Created [INFRAANO-727] for internal tracking.

[RavinderReddyF5]

@scrossan is this issue reproducible, i used module like below, not noticed any issues. please let me know if i miss anything.

module "bigip" {
  source          = "F5Networks/bigip-module/gcp"
  version         = "v1.1.2"
  prefix          = format("%s-1nic", var.prefix)
  project_id      = var.project_id
  zone            = var.zone
  image           = var.image
  service_account = var.service_account
  mgmt_subnet_ids = [{ "subnet_id" = google_compute_subnetwork.mgmt_subnetwork.id, "public_ip" = true, "private_ip_primary" = "" }]
}

[smitha-ap]

I am facing the same error. Below is the module I am using.

module bigip { count = var.bigip.count source = "F5Networks/bigip-module/gcp" prefix = var.bigip.prefix project_id = var.project.id zone = var.bigip.bigip_zone image = var.bigip.image service_account = "${google_service_account.bigip.email}" mgmt_subnet_ids = [{ "subnet_id" = lookup(var.standalone_vpc_subnets_cidr, "public_resources"), "public_ip" = true, "private_ip_primary" = "" }] }

Can you please provide the details for the subnet that you have used. I am using a CIDR range in the "subnet_id" attribute in "mgmt_subnet_ids".

[RavinderReddyF5]

@smitha-ap as per example it should be ID of network created, google_compute_subnetwork.mgmt_subnetwork.id : ref: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork#id

[scrossan]

@scrossan is this issue reproducible, i used module like below, not noticed any issues. please let me know if i miss anything.

I notice that you're using a variable to set service_account but @smitha-ap and I are trying to interpolate the email from a google_service_account resource. I did find a workaround - target the service account and then you can apply the module since the service account exists in state at that point.

Please look at my gist for a sample of code that can reproduce this error. In the module currently you can't apply the service account and the module at the same time, the service account has to exist first.

Ideally Terraform would be able to work out that the module depends on the service account and ensure that the service account is created before creating the module, but due to Error: Invalid count argument Terraform just exits instead.