search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.36k stars 9.49k forks source link

cidrsubnets fails on all-zero subnet #35486

Open mxk opened 2 months ago

mxk commented 2 months ago

Terraform Version

Terraform v1.9.1
on windows_amd64

Terraform Configuration Files

locals {
  cidr = ["0.0.0.0/1", "128.0.0.0/1"]
}

output "cidrsubnet" {
  value = [for v in local.cidr : [cidrsubnet(v, 1, 0), cidrsubnet(v, 1, 1)]]
}

output "cidrsubnets" {
  value = [for v in local.cidr : try(cidrsubnets(v, 1, 1), "error")]
}

Debug Output

https://gist.github.com/mxk/c1b54ada0c08ecaae0296420904668f5

Expected Behavior

Both outputs should be identical.

Actual Behavior

cidrsubnets("0.0.0.0/1", 1, 1) fails with Invalid value for "newbits" parameter: not enough remaining address space for a subnet with a prefix of 2 bits after 192.0.0.0/2. (if the try call is removed).

Steps to Reproduce

  1. terraform plan

Additional Context

No response

References

No response

apparentlymart commented 2 months ago

Thanks for reporting this, @mxk.

I think the cause of this behavior is upstream in github.com/apparentlymart/go-cidr, in the NextSubnet function which seems to have a special case for all-zero addresses: https://github.com/apparentlymart/go-cidr/blob/d07067359aee8ee9101c1a79a4f286cf0cea059f/cidr/cidr.go#L195-L197

I don't recall what that special case was intending to achieve -- it's been a long time since that code was merged -- so I think it'll take some further poking to understand why that was there and whether it's load-bearing.