aws_resource_missing_tags panics on unknown tags #528
Description
Hi,
when enabling the aws_resource_missing_tags rule I get a Failed to check ruleset; error reading from server: EOF error. This happens apparantly because we use variables for tags. Instead of "not checking" the rule breaks. Here's a simple test setup:
Example
variable "tags" {
type = map(string)
description = "A mapping of tags to assign to resource"
}
resource "aws_ssm_parameter" "test_var" {
name = "/test"
type = "String"
value = "test"
tags = var.tags
}
resource "aws_ssm_parameter" "test_no_tags" {
name = "/test"
type = "String"
value = "test"
}
resource "aws_ssm_parameter" "tags" {
name = "/test"
type = "String"
value = "test"
tags = {
foo = "Bar"
bar = "Baz"
}
}.tflint.hcl:
plugin "terraform" {
enabled = true
preset = "all"
}
plugin "aws" {
enabled = true
version = "0.25.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
rule "aws_resource_missing_tags" {
enabled = true
tags = ["foo", "bar"]
}
# Test setup
rule "terraform_required_providers" {
enabled = false
}
rule "terraform_required_version" {
enabled = false
}
rule "terraform_standard_module_structure" {
enabled = false
}Debug output:
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: 15:28:51 [DEBUG] rules/aws_resource_missing_tags.go:180: Walk `%s` attribute: EXTRA_VALUE_AT_END=aws_ssm_parameter.test_var.tags
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: panic: can't use ElementIterator on unknown value
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: goroutine 53 [running]:
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/zclconf/go-cty/cty.Value.ElementIterator({{{0x1020eea70?, 0x14000a69230?}}, {0x101cd2ac0?, 0x102f7fe10?}})
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:1193 +0xc8
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/zclconf/go-cty/cty.Value.ForEachElement({{{0x1020eea70?, 0x14000a69230?}}, {0x101cd2ac0?, 0x102f7fe10?}}, 0x14000f0ec10)
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:1221 +0x58
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-ruleset-aws/rules.getKeysForValue({{{0x1020eea70?, 0x14000a69230?}}, {0x101cd2ac0?, 0x102f7fe10?}})
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/work/tflint-ruleset-aws/tflint-ruleset-aws/rules/aws_resource_missing_tags.go:386 +0x78
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-ruleset-aws/rules.(*AwsResourceMissingTagsRule).Check.func1({{{0x1020eea70?, 0x14000a69230?}}, {0x101cd2ac0?, 0x102f7fe10?}})
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/work/tflint-ruleset-aws/tflint-ruleset-aws/rules/aws_resource_missing_tags.go:186 +0x7c
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: reflect.Value.call({0x101c08940?, 0x14001062ff0?, 0xd5?}, {0x101659967, 0x4}, {0x14000f0f5e0, 0x1, 0x11?})
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /opt/hostedtoolcache/go/1.20.6/x64/src/reflect/value.go:586 +0x87c
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: reflect.Value.Call({0x101c08940?, 0x14001062ff0?, 0x14001057620?}, {0x14000f0f5e0?, 0x14001041800?, 0x0?})
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /opt/hostedtoolcache/go/1.20.6/x64/src/reflect/value.go:370 +0x90
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/internal/plugin2host.(*GRPCClient).EvaluateExpr(0x14000df5638?, {0x1020ee370, 0x14001057620}, {0x101c08940, 0x14001062ff0}, 0x5?)
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/github.com/terraform-linters/[email protected]/plugin/internal/plugin2host/client.go:323 +0x334
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-ruleset-aws/rules.(*AwsResourceMissingTagsRule).Check(0x102fb84e0, {0x102111060, 0x140005c6400})
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/work/tflint-ruleset-aws/tflint-ruleset-aws/rules/aws_resource_missing_tags.go:185 +0x78c
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/internal/host2plugin.(*GRPCServer).Check(0x14000bd5ad0, {0x1020ee060, 0x14000698b40}, 0x101b84240?)
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/github.com/terraform-linters/[email protected]/plugin/internal/host2plugin/server.go:145 +0x39c
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/internal/proto._RuleSet_Check_Handler.func1({0x1020ee060, 0x14000698b40}, {0x101e4c540?, 0x14000698b70})
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/github.com/terraform-linters/[email protected]/plugin/internal/proto/tflint_grpc.pb.go:354 +0x74
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/internal/interceptor.RequestLogging.func1({0x1020ee060, 0x14000698b40}, {0x101e4c540?, 0x14000698b70?}, 0x140006a8200, 0x14000696420)
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/github.com/terraform-linters/[email protected]/plugin/internal/interceptor/logging.go:16 +0x22c
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/internal/proto._RuleSet_Check_Handler({0x101fe7e20?, 0x14000bd5ad0}, {0x1020ee060, 0x14000698b40}, 0x140006b4230, 0x1400000c108)
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/github.com/terraform-linters/[email protected]/plugin/internal/proto/tflint_grpc.pb.go:356 +0x138
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: google.golang.org/grpc.(*Server).processUnaryRPC(0x140002385a0, {0x10210e7c0, 0x14000003d40}, 0x140000b65a0, 0x14000bd5b60, 0x102f6d4a0, 0x0)
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:1360 +0xcb4
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: google.golang.org/grpc.(*Server).handleStream(0x140002385a0, {0x10210e7c0, 0x14000003d40}, 0x140000b65a0, 0x0)
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:1737 +0x82c
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: google.golang.org/grpc.(*Server).serveStreams.func1.1()
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:982 +0x84
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: created by google.golang.org/grpc.(*Server).serveStreams.func1
15:28:51 [DEBUG] [email protected]/client.go:1046: tflint-ruleset-aws: /home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:980 +0x16c
15:28:51 [DEBUG] [email protected]/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
15:28:51 [ERROR] [email protected]/client.go:662: plugin process exited: path=/Users/xxxx/.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.25.0/tflint-ruleset-aws pid=33930 error="exit status 2"
15:28:51 [DEBUG] [email protected]/client.go:472: plugin exited
15:28:51 [DEBUG] [email protected]/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
15:28:51 [INFO] [email protected]/client.go:665: plugin process exited: path=/opt/homebrew/bin/tflint pid=33929
15:28:51 [DEBUG] [email protected]/client.go:472: plugin exited
Failed to check ruleset; error reading from server: EOF
When removing/commenting thattest_var I get a clean and normal message:
terraform/main.tf:1:1: Warning - variable "tags" is declared but not used (terraform_unused_declarations)
terraform/main.tf:13:1: Notice - The resource is missing the following tags: "bar", "foo". (aws_resource_missing_tags)
I'd expect/hope that the rule can at least check IF the tags are configured, even without checking the specific tags. I've tried enforcing this by removing the tags to validate (assuming it would just do a "missing tags" check):
rule "aws_resource_missing_tags" {
enabled = true
}But this throws an error as well: Failed to check ruleset; failed to check "aws_resource_missing_tags" rule: .tflint.hcl:12,34-34: Missing required argument; The argument "tags" is required, but no definition was found.
Changing to tags = [] also doesn't work, just doesn't check anything
Conclusion
Multiple ways to fix/support this I guess:
- Support just testing if tags are configured without a list of keys (by removing the
tagsfrom the rule configuration). - Handle the usage of variables for tags
- Sort of both of the above?