Cannot conditionally define subnet ipv6 cidr blocks when conditionally defining ipv6 cidr block for vpc

[philipl]

I am attempting to extend our common module for vpc definition to optionally include ipv6 support. To do that, I must associate an ipv6 cidr block with the vpc and then sub-blocks with each subnet. I tried using a ternary construct to conditionally associate the subnet blocks, but terraform is fully evaluating the un-taken branch of the ternary, which then fails due to the vpc not having an ipv6_cidr_block attribute.

It seems the only way I could make this work is by always associating an ipv6 cidr block to the vpc, whether I want it or not, and then the conditional would correctly evaluate for the subnets. That's not the end of the world, but it prevents this work gracefully handling existing vpcs that don't require ipv6. And that's because of #13588 which makes turning ipv6 on a highly manual process.

For example:

* module.networking.aws_subnet.public_subnet: 3 error(s) occurred:

* module.networking.aws_subnet.public_subnet[1]: Resource 'aws_vpc.vpc' does not have attribute 'ipv6_cidr_block' for variable 'aws_vpc.vpc.ipv6_cidr_block'
* module.networking.aws_subnet.public_subnet[2]: Resource 'aws_vpc.vpc' does not have attribute 'ipv6_cidr_block' for variable 'aws_vpc.vpc.ipv6_cidr_block'
* module.networking.aws_subnet.public_subnet[0]: Resource 'aws_vpc.vpc' does not have attribute 'ipv6_cidr_block' for variable 'aws_vpc.vpc.ipv6_cidr_block'

Terraform Version

0.9.2

Affected Resource(s)

• aws_vpc
• aws_subnet

Terraform Configuration Files

resource "aws_vpc" "vpc" {
    cidr_block = "${var.vpc_cidr}"
    instance_tenancy = "default"

    enable_dns_hostnames = true
    enable_dns_support = true

    assign_generated_ipv6_cidr_block = "${var.use_ipv6}"
    lifecycle {
        prevent_destroy = true
    }

    tags {
        Name = "${var.vpc_name}"
    }
}

# Public Subnets
resource "aws_subnet" "public_subnet" {
    count = "${var.public_subnets_count}"

    vpc_id = "${aws_vpc.vpc.id}"

    cidr_block = "${element(split(",", var.public_subnets), count.index)}"
    ipv6_cidr_block = "${var.use_ipv6 == 0 ? "" :
                         cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, count.index)}"

    availability_zone = "${element(split(",", var.availability_zones), count.index)}"

    map_public_ip_on_launch = "${var.public_subnet_map_public_ip_on_launch}"
    assign_ipv6_address_on_creation = "${var.use_ipv6}"                                                                              

    tags {
        Name = "${format("%s.external.%s", var.vpc_name, element(split(",", var.availability_zones), count.index) )}"
    }
}

Expected Behavior

Terraform should be able to evaluate the ternary and see that use_ipv6 is 0 and then not evaluate aws_vpc.vpc.ipv6_cidr_block.

Actual Behavior

Terraform evaluates both branches of the ternary and returns the error pasted above.

Steps to Reproduce

1. terraform plan

References

#13588

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.