Adding depends_on to module using for_each fails with "Invalid for_each argument"

[iamnoah]

Terraform Version

Terraform v0.14.8
+ provider registry.terraform.io/hashicorp/aws v3.32.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.0.3
+ provider registry.terraform.io/kbst/kustomization v0.4.2

Terraform Configuration Files

https://github.com/iamnoah/tf-module-for-each-bug/

Debug Output

https://gist.github.com/iamnoah/b42f534e7c5e6d6d585f4d884f73150d

Crash Output

None

Expected Behavior

Applying a module using for_each that works without depends_on should still work when I add a depends_on to the module.

Actual Behavior

Error: Invalid for_each argument

  on modules/raw_k8s/main.tf line 22, in resource "kustomization_resource" "namespaces":
  22:   for_each = local.ids_1

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.

Adding a depends_on to a use of a module using for_each on variables results in an Invalid for_each argument error.

e.g., in my repo:

module "cert_manager" {
  source = "./modules/raw_k8s"
  yaml_files = ["k8s/cert-manager.yaml"]

  // works if this is removed!
  depends_on = [kubernetes_service_account.aws-load-balancer-controller]
}

This message seems incorrect. If the resource attributes can be known without a depends_on, then why can't they be known with a depends_on?

Steps to Reproduce

git clone https://github.com/iamnoah/tf-module-for-each-bug.git
cd tf-module-for-each-bug
terraform init
terraform apply

Comment out/remove the depends_on and everything will work as expected (aside from not running things in order.)

Additional Context

None.

References

N/A

[jbardin]

Hi @iamnoah,

When you add depends_on to the module, you are declaring that everything in the module must depend on the referenced resource, which means that data sources within that module cannot be read until after that resource is applied. Any outputs from those data sources are hence not valid for use within count or for_each expressions, because they are unknown during planning.

We use GitHub issues for tracking bugs and enhancements, rather than for questions. While we can sometimes help with certain simple problems here, it's better to use the community forum where there are more people ready to help. The GitHub issues here are monitored only by our few core maintainers.

Based on the information you've provided, it looks like this doesn't represent a specific bug or feature request, even though I understand that Terraform isn't doing what you expect it to, and so I'm going to close it. Please do feel free to ask your question in the community forum. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.