terraform_validate fails on already initialised module after adding a module

[sblask]

Describe the bug

• Assume you have a module that references other modules
• Run pre-commit-terraform on it (this will call terraform init)
• Add a reference to another module
• Run pre-commit-terraform again

I got this error:

Validation failed: modules/shared
╷
│ Error: Module not installed
│
│   on main.tf line 38:
│   38: module "something" {
│
│ This module is not yet installed. Run "terraform init" to install all
│ modules required by this configuration.

Presumably because terraform init wasn't run again as the terraform directories that pre-commit-terraform checks for are already there (https://github.com/antonbabenko/pre-commit-terraform/blob/master/hooks/_common.sh#L328)

How can we reproduce it?

See above.

Environment information

• OS: OS: MacOS

• uname -a and/or systeminfo | Select-String "^OS" output:

Darwin Kernel Version 23.1.0: Mon Oct  9 21:27:24 PDT 2023; root:xnu-10002.41.9~6/RELEASE_ARM64_T6000 arm64

• Tools availability and versions:

GNU bash, version 5.2.15(1)-release (aarch64-apple-darwin23.0.0)
pre-commit 3.5.0
Terraform v1.6.3
Python 3.11.6
Python 3.11.6
checkov checkov SKIPPED
terraform-docs version v0.16.0 darwin/arm64
terragrunt SKIPPED
terrascan terrascan SKIPPED
TFLint version 0.49.0
+ ruleset.terraform (0.5.0)
+ ruleset.aws (0.27.0)
tfsec v1.28.1
tfupdate tfupdate SKIPPED
hcledit hcledit SKIPPED

• .pre-commit-config.yaml:

file content

```bash repos: - repo: https://github.com/antonbabenko/pre-commit-terraform rev: v1.83.5 hooks: - id: terraform_docs args: - --args=--config=.terraform-docs.yml - id: terraform_fmt - id: terraform_tflint args: - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl - id: terraform_validate - repo: https://github.com/editorconfig-checker/editorconfig-checker.python rev: 2.7.1 hooks: - id: editorconfig-checker ```

[yermulnik]

Would what described as item 3 (--retry-once-with-cleanup=true) at https://github.com/antonbabenko/pre-commit-terraform?tab=readme-ov-file#terraform_validate help in your case?

[MaxymVlasov]

Work as expected. terraform validate will fail too in such conditions.

As George mentioned above, please use --retry-once-with-cleanup=true to deal with that kind of issue.

[sblask]

Thanks for the help! I think it would make a lot of sense to make the retry the default? Running terraform init is run by default to make things "just work" so running it again to make it "just work" in more situations would be consistent behaviour?

[MaxymVlasov]

1. terraform init does not always run

https://github.com/antonbabenko/pre-commit-terraform/blob/95fc56f84c6c0d2363c47dfec6c6e931d26e9f36/hooks/terraform_validate.sh#L113-L126

2. Addition to File System it +- save operation, when removal - is not, by definition. Manual changes in .terraform/ are rare, but still exist.

3. Making two full validations are time-consuming operation

4. For that flag additional deps (jq) is required, when other parts of hook able to work without it

Basically, all this stuff is already specified in README

In any case, that change can not be done until v2.0 which will come only when there are no other possibilities to continue making improvements to v1 (we will not support two versions in parallel)

To not forget, I added the next point to 2.0.0 [BREAKING CHANGES] milestone:

• Make hooks flags, which are highly used to tweak hooks, enabled by default