Specifying saml_metadata_document causes plan, apply and destroy to fail

[ikegentz]

Describe the Bug

First-time apply, plan, as well as destroy operations fail if saml_metadata_document is set to something that isn't a hard-coded local file. It fails with the following error:

Error: Invalid count argument

  on ***/***/***/main.tf line 144, in resource "aws_iam_saml_provider" "default":
 144:   count = local.enabled && var.saml_metadata_document != null ? 1 : 0

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be
created. To work around this, use the -target argument to first apply only
the resources that the count depends on.

Expected Behavior

You should be able to have saml_metadata_document refer to some other resource which creates that document.

Steps to Reproduce

Create some resource that generates the saml_metadata_document (in our case for example, we create an okta_app_saml resource, and set saml_metadata_document to okta_app_saml.example.metadata.

If okta_app_saml hasn't been apply'd prior to when you apply the module (or when running plan, you'll get that error. You'll also get that error anytime you try to destroy the module

Screenshots

No response

Environment

Module Version: 0.16.0
Terraform Version: 1.5.0

Additional Context

No response

[Nuru]

Yes, this kind of thing has been a source of great frustration with Terraform over the years. Unfortunately, the solution is a breaking change, changing the type of this and other optional variables to list. As such, it will likely be quite some time before we get to it.