search

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
https://terragrunt.gruntwork.io/
MIT License
8.09k stars 981 forks source link

Unable to run TFlint for module that calls other modules #2420

Open ArchiFleKs opened 1 year ago

ArchiFleKs commented 1 year ago

I have tried using the new integrated tflint on the following configuration without issue and the terraform-aws-aurora module:

include "root" {
  path           = find_in_parent_folders()
  expose         = true
  merge_strategy = "deep"
}

terraform {
  source = "github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=v7.6.0"
}

dependency "vpc" {
  config_path = "../../../eks/vpc"
  mock_outputs = {
    vpc_id = "vpc-00000000"
    private_subnets = [
      "subnet-00000000",
    ]
  }
}

dependency "eks" {
  config_path = "../../../eks/eks"
  mock_outputs = {
    cluster_name           = "cluster"
    node_security_group_id = "sg-00000000"
  }
}

generate "provider" {
  path      = "provider.tf"
  if_exists = "overwrite"
  contents  = <<-EOF
    provider "kubernetes" {
      host                   = data.aws_eks_cluster.cluster.endpoint
      cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
      token                  = data.aws_eks_cluster_auth.cluster.token
    }
    data "aws_eks_cluster" "cluster" {
      name = "${dependency.eks.outputs.cluster_name}"
    }
    data "aws_eks_cluster_auth" "cluster" {
      name = "${dependency.eks.outputs.cluster_name}"
    }
  EOF
}

locals {
  full_name     = "${include.root.locals.merged.prefix}-${include.root.locals.merged.env}-${include.root.locals.merged.name}"
  database_name = "core"
}

inputs = {
  name                       = local.full_name
  database_name              = local.database_name
  engine                     = "aurora-postgresql"
  engine_version             = "13.4"
  auto_minor_version_upgrade = false
  vpc_id                     = dependency.vpc.outputs.vpc_id
  subnets                    = dependency.vpc.outputs.private_subnets
  instances = {
    1 = {
      promotion_tier = 1
    }
  }
  allowed_security_groups             = [dependency.eks.outputs.node_security_group_id]
  instance_class                      = "db.r6g.large"
  storage_encrypted                   = true
  apply_immediately                   = true
  monitoring_interval                 = 10
  enabled_cloudwatch_logs_exports     = ["postgresql"]
  db_parameter_group_name             = "default.aurora-postgresql13"
  db_cluster_parameter_group_name     = "ssl"
  iam_database_authentication_enabled = true

  security_group_description = "Managed by Terraform"
  copy_tags_to_snapshot      = true
  deletion_protection        = true
}

Now I'm trying with terraform-aws-eks and I get the following errors:

WARN[0000] No double-slash (//) found in source URL /particuleio/terraform-aws-kms.git. Relative paths in downloaded Terraform code may not work.  prefix=[/home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/encryption-config] 
WARN[0000] No double-slash (//) found in source URL /terraform-aws-modules/terraform-aws-vpc.git. Relative paths in downloaded Terraform code may not work.  prefix=[/home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/vpc] 
WARN[0007] No double-slash (//) found in source URL /terraform-aws-modules/terraform-aws-eks.git. Relative paths in downloaded Terraform code may not work. 
INFO[0009] Executing hook: tflint                        prefix=[/home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/eks] 
Plugin `terraform` is already installed
/home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/eks/.terragrunt-cache/0cHrdF6rxglStPnc458C9Z-zv-8/vo8pQqWUeCu_1_TBy7LGvx51SW0/node_groups.tf:242:1: error - `eks_managed_node_group` module is not found. Did you run `terraform init`?. 
/home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/eks/.terragrunt-cache/0cHrdF6rxglStPnc458C9Z-zv-8/vo8pQqWUeCu_1_TBy7LGvx51SW0/node_groups.tf:206:1: error - `fargate_profile` module is not found. Did you run `terraform init`?. 
/home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/eks/.terragrunt-cache/0cHrdF6rxglStPnc458C9Z-zv-8/vo8pQqWUeCu_1_TBy7LGvx51SW0/main.tf:119:1: error - `kms` module is not found. Did you run `terraform init`?. 
/home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/eks/.terragrunt-cache/0cHrdF6rxglStPnc458C9Z-zv-8/vo8pQqWUeCu_1_TBy7LGvx51SW0/node_groups.tf:349:1: error - `self_managed_node_group` module is not found. Did you run `terraform init`?. 
ERRO[0009] Error running hook tflint with message: Error while running tflint with args: [tflint --init --config /home/klefevre/git/iac/.tflint.hcl /home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/eks/.terragrunt-cache/0cHrdF6rxglStPnc458C9Z-zv-8/vo8pQqWUeCu_1_TBy7LGvx51SW0]  prefix=[/home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/eks] 
ERRO[0009] Errors encountered running before_hooks. Not running 'terraform'.  prefix=[/home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/eks] 
ERRO[0009] 1 error occurred:
    * Error while running tflint with args: [tflint --init --config /home/klefevre/git/iac/.tflint.hcl /home/klefevre/git/iac/aws/terragrunt/live/devnet/eu-west-1/eks/eks/.terragrunt-cache/0cHrdF6rxglStPnc458C9Z-zv-8/vo8pQqWUeCu_1_TBy7LGvx51SW0]

⚠️ The only difference is that the terraform-aws-eks is calling its own module.

I'm having trouble with how one should use the integrated linter (even with the docs) and what the default config is.

For example if I run manually tflint binary in the .terragrunt-cache folder (using the same .tflint.hcl config) it works without issue:

 tflint --config ../../../../../../../../../../.tflint.hcl .
4 issue(s) found:
theurichde commented 1 year ago

I ran into the same issue and digged into the code. I suppose it is due to relative paths that are passed to tflint via terragrunt.

I implemented the most recent version of tflint locally in terragrunt which solves the issue for me. The underlaying current working dir mode has changed in tflint since 0.44.0

2418 would fix the issue.

theurichde commented 1 year ago

I started working on #2418 with #2422

theurichde commented 1 year ago

Commit 9711bf8b39662fd490ecc3ad69889bceb4609de3 adds a test that fails for tflint v0.42.2 and passes for v0.44.1

theurichde commented 1 year ago

2422 is merged and v0.43.0 released. That should™️ fix your problem 🤔