Getting "count" error with TF 1.0.7

[rstml]

Found a bug? Maybe our Slack Community can help.

Describe the Bug

Despite using terraform 1.0.7, I get "count" error:

│ Error: Invalid count argument
│ 
│   on .terraform/modules/proxy_service.alb_ingress/main.tf line 50, in resource "aws_lb_listener_rule" "unauthenticated_paths":
│   50:   count = module.this.enabled && length(var.unauthenticated_paths) > 0 && length(var.unauthenticated_hosts) == 0 ? length(var.unauthenticated_listener_arns) : 0
│ 
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To
│ work around this, use the -target argument to first apply only the resources that the count depends on.

Also, the minimum version should also be updated to 0.14:

terraform-aws-alb-ingress/versions.tf

Line 2 in ab6033c

required_version = ">= 0.13.0"

Expected Behavior

TF shouldn't complain about "count" and fail.

Steps to Reproduce

Steps to reproduce the behavior:

I'm using alb-ingress indirectly:

module "proxy_service" {
  source  = "cloudposse/ecs-web-app/aws"
  version = "0.65.2"

  launch_type = "FARGATE"
  vpc_id      = local.vpc_id

  desired_count    = 1
  container_image  = module.proxy_ecr.repository_url
  container_cpu    = 256
  container_memory = 512
  container_port   = local.container_port

  codepipeline_enabled = false
  webhook_enabled      = false
  badge_enabled        = false
  ecs_alarms_enabled   = false
  autoscaling_enabled  = false

  aws_logs_region        = data.aws_region.current.name
  ecs_cluster_arn        = aws_ecs_cluster.proxy.arn
  ecs_cluster_name       = aws_ecs_cluster.proxy.name
  ecs_private_subnet_ids = local.public_subnets # misleading name, can be public

  alb_security_group = module.proxy_alb.security_group_id
  alb_arn_suffix     = module.proxy_alb.alb_arn_suffix

  alb_ingress_healthcheck_path                 = "/"
  alb_ingress_health_check_timeout             = 3
  alb_ingress_health_check_healthy_threshold   = 2
  alb_ingress_health_check_unhealthy_threshold = 2
  alb_ingress_health_check_interval            = 30

  # All paths are unauthenticated
  alb_ingress_unauthenticated_paths         = ["/*"]
  alb_ingress_unauthenticated_listener_arns = module.proxy_alb.listener_arns

  context = module.proxy_label.context
}

NOTE: Commenting out alb_ingress_unauthenticated_paths = ["/*"] removes the error, but then no aws_lb_listener_rule is created.

Screenshots

If applicable, add screenshots or logs to help explain your problem.

Environment (please complete the following information):

% terraform -version

Terraform v1.0.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v3.60.0
+ provider registry.terraform.io/hashicorp/external v2.1.0
+ provider registry.terraform.io/hashicorp/github v3.0.0
+ provider registry.terraform.io/hashicorp/http v2.1.0
+ provider registry.terraform.io/hashicorp/local v2.1.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/template v2.2.0

Additional Context

Add any other context about the problem here.

[nitrocode]

@rstml I spoke with some colleagues at CloudPosse and this is a tricky problem to solve.

In the past, we've solved this using an additional input to pass in the count manually such as alb_ingress_unauthenticated_paths_count

or perhaps we can create the same logic without the length() function.

See issue cloudposse/docs#131

[Nuru]

The problem here most likely is that module.proxy_alb.listener_arns produces a list whose length is unknown at plan time. Do you know long the list will be? If so, converting the input into a list of known length should resolve the issue.