search

stelligent / config-lint

Command line tool to validate configuration files
https://stelligent.github.io/config-lint/#/
MIT License
195 stars 39 forks source link

Panic: Can't use ElementIterator on unknown value #193

Open aabouzaid opened 4 years ago

aabouzaid commented 4 years ago

Hello, Using config-lint v1.1.0 (latest release), with this TF file:

locals {
  buckets = [
    "public",
    "private"
  ]
}

output "gsb" {
  value = {
    buckets = values(google_storage_bucket.bucket)[*]["url"]
  }
}

resource "google_storage_bucket" "bucket" {
  for_each = toset(local.buckets)
  name     = each.value
}

And this command

config-lint -debug  -terraform .
Looking for file terraform in Box: {./assets /home/foo/git/oss/config-lint/cli map[] map[]}
New Box: {./assets/terraform /home/foo/git/oss/config-lint/cli map[] map[]}
Adding rule set: aws/api_gateway/api_gateway_domain_name/security_policy/rule.yml
*reducted*
Adding rule set: aws/waf/waf_web_acl/default_action_type/tests/test.yml
Exclude patterns: []
Filenames to scan: [main.tf]
panic: can't use ElementIterator on unknown value

goroutine 1 [running]:
github.com/zclconf/go-cty/cty.Value.ElementIterator(0xd38b60, 0xc000401520, 0xa467c0, 0x1115440, 0xc00041b948, 0xc0003ef460)
    /home/foo/.asdf/installs/golang/1.13.9/packages/pkg/mod/github.com/zclconf/go-cty@v1.4.0/cty/value_ops.go:1035 +0x11d
github.com/stelligent/config-lint/linter.iterateElements(0xc000418d80, 0xc00039aca0, 0x7, 0xd38b60, 0xc000401520, 0xa467c0, 0x1115440)
    /home/foo/git/oss/config-lint/linter/terraform_v12.go:215 +0x157
github.com/stelligent/config-lint/linter.iterateElements(0xc000418c00, 0xc00039acc0, 0x5, 0xd38ae0, 0xc0005606e8, 0xa417a0, 0xc000418d20)
    /home/foo/git/oss/config-lint/linter/terraform_v12.go:219 +0x2a4
github.com/stelligent/config-lint/linter.attributesToMap(0xc0000a4340, 0xc00036fda0, 0x0, 0x0, 0x6)
    /home/foo/git/oss/config-lint/linter/terraform_v12.go:201 +0x91b
github.com/stelligent/config-lint/linter.getBlocksOfType(0xc000401240, 0x3, 0x4, 0xae8a94, 0x6, 0x0, 0x0, 0x0)
    /home/foo/git/oss/config-lint/linter/terraform_v12.go:122 +0x15a
github.com/stelligent/config-lint/linter.loadHCLv2(0xc00035b980, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /home/foo/git/oss/config-lint/linter/terraform_v12.go:95 +0x21e
github.com/stelligent/config-lint/linter.Terraform12ResourceLoader.LoadMany(0xc00035b980, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /home/foo/git/oss/config-lint/linter/terraform_v12.go:68 +0x9f
github.com/stelligent/config-lint/linter.FileLinter.Validate(0xc00035b960, 0x1, 0x1, 0xd2a9e0, 0xc000263410, 0xd32680, 0x1115668, 0xc0000b95f0, 0x9, 0xc0000b9540, ...)
    /home/foo/git/oss/config-lint/linter/file_linter.go:50 +0x1d4
main.applyRules(0xc0004e20a0, 0x1, 0x1, 0xc0000c0030, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
    /home/foo/git/oss/config-lint/cli/app.go:336 +0x555
main.main()
    /home/foo/git/oss/config-lint/cli/app.go:153 +0x67e

When I remove the ["url"] part to be like this:

buckets = values(google_storage_bucket.bucket)[*]

It works but the debug data doesn't look the same as in Terraform:

loaded.Resources
[
  {
    "ID": "0",
    "Type": "locals",
    "Category": "locals",
    "Properties": {
      "buckets": [
        "public",
        "private"
      ]
    },
    "Filename": "main.tf",
    "LineNumber": 1
  },
  {
    "ID": "gsb",
    "Type": "output",
    "Category": "output",
    "Properties": {
      "__name__": "gsb",
      "value": [
        {
          "buckets": [
            {
              "0": [
                {
                  "private": "private",
                  "public": "public"
                }
              ],
              "1": "UNDEFINED"
            }
          ]
        }
      ]
    },
    "Filename": "main.tf",
    "LineNumber": 8
  },
  {
    "ID": "bucket",
    "Type": "google_storage_bucket",
    "Category": "resource",
    "Properties": {
      "__name__": "bucket",
      "__type__": "google_storage_bucket",
      "for_each": [
        {
          "private": "private",
          "public": "public"
        }
      ],
      "name": "UNDEFINED"
    },
    "Filename": "main.tf",
    "LineNumber": 14
  }
]

The values in local.buckets looks weird, also and the for_each in the resource.

I've tried to upgrade libs mentioned in the trace to latest version and recompile, but it's the same result.

  github.com/hashicorp/hcl/v2 v2.4.0
  github.com/zclconf/go-cty v1.4.0

The mentioned syntax works with Terraform 0.12.20 and the output is the url of the buckets. BTW, this issue happenes since v0.0.44 (at least).

Thanks.

JeanFred commented 2 years ago

I can reproduce this with config-lint 1.6.0 with the example file given by @aabouzaid :

panic: can't use ElementIterator on unknown value

goroutine 1 [running]:
github.com/zclconf/go-cty/cty.Value.ElementIterator(0xd2bc20, 0xc0004ef6a0, 0xa2d4a0, 0x10ff5e0, 0xc00058a2c8, 0xc00058c850)
    /home/runner/go/pkg/mod/github.com/zclconf/go-cty@v1.1.1/cty/value_ops.go:919 +0xec
github.com/stelligent/config-lint/linter.iterateElements(0xc0000ccd50, 0xc0005588e0, 0x7, 0xd2bc20, 0xc0004ef6a0, 0xa2d4a0, 0x10ff5e0)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:215 +0x157
github.com/stelligent/config-lint/linter.iterateElements(0xc0000ccb10, 0xc000558900, 0x5, 0xd2bba0, 0xc0003f03d8, 0xa285a0, 0xc0000cccf0)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:219 +0x2a4
github.com/stelligent/config-lint/linter.attributesToMap(0xc000083860, 0xc00045a400, 0x0, 0x0, 0x6)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:201 +0x91b
github.com/stelligent/config-lint/linter.getBlocksOfType(0xc0004ef3a0, 0x3, 0x4, 0xace591, 0x6, 0x0, 0x0, 0x0)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:122 +0x15a
github.com/stelligent/config-lint/linter.loadHCLv2(0xc0003f3f80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:95 +0x21e
github.com/stelligent/config-lint/linter.Terraform12ResourceLoader.LoadMany(0xc0003f3f80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:68 +0x9f
github.com/stelligent/config-lint/linter.FileLinter.Validate(0xc0003f3f60, 0x1, 0x1, 0xd1e6e0, 0xc00022b920, 0xd25b20, 0x10ff808, 0xc000470093, 0x9, 0xc000470060, ...)
    /home/runner/work/config-lint/config-lint/linter/file_linter.go:50 +0x1d4
main.applyRules(0xc00042ec80, 0x1, 0x1, 0xc0000a0070, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
    /home/runner/work/config-lint/config-lint/cli/app.go:340 +0x555
main.main()
    /home/runner/work/config-lint/config-lint/cli/app.go:157 +0x67e

I am also hitting this with the following example (taken from an actual TF file, just with pieces removed so long as the error was still there:

locals {
  namespaces = [
    "workspaces",
    "xray"
  ]

  account_specific_namespace_rules = length(var.allowlisted_namespaces) > 0 ? {
    for n in local.namespaces :
    n => contains(var.allowlisted_namespaces, n)
  } : {}
}

resource "datadog_integration_aws" "main" {
  account_specific_namespace_rules = local.account_specific_namespace_rules
}

resource "datadog_integration_aws_tag_filter" "filter" {
  depends_on = [datadog_integration_aws.main]
}
panic: can't use ElementIterator on unknown value

goroutine 1 [running]:
github.com/zclconf/go-cty/cty.Value.ElementIterator(0xd2bb60, 0xc0004a9260, 0xa2d4a0, 0x10ff5e0, 0xc0003ef958, 0xc000401c40)
    /home/runner/go/pkg/mod/github.com/zclconf/go-cty@v1.1.1/cty/value_ops.go:919 +0xec
github.com/stelligent/config-lint/linter.iterateElements(0xc00041f7d0, 0xc000486020, 0x20, 0xd2bb60, 0xc0004a9260, 0xa2d4a0, 0x10ff5e0)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:215 +0x157
github.com/stelligent/config-lint/linter.iterateElements(0xc00041f770, 0xc000476034, 0xa, 0xd2bba0, 0xc0000b95d0, 0xa285a0, 0xc0003c9260)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:219 +0x2a4
github.com/stelligent/config-lint/linter.attributesToMap(0xc00009bad0, 0xc00020b460, 0x0, 0x0, 0xc0003ef738)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:194 +0x597
github.com/stelligent/config-lint/linter.getBlocksOfType(0xc0004e8900, 0xb, 0x10, 0xacf27d, 0x8, 0x1, 0x1, 0x1)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:122 +0x15a
github.com/stelligent/config-lint/linter.loadHCLv2(0xc00042a020, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:95 +0x21e
github.com/stelligent/config-lint/linter.Terraform12ResourceLoader.LoadMany(0xc00042a020, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /home/runner/work/config-lint/config-lint/linter/terraform_v12.go:68 +0x9f
github.com/stelligent/config-lint/linter.FileLinter.Validate(0xc00042a000, 0x1, 0x1, 0xd1e6e0, 0xc00021da70, 0xd25b20, 0x10ff808, 0xc000023510, 0x9, 0xc0000234b0, ...)
    /home/runner/work/config-lint/config-lint/linter/file_linter.go:50 +0x1d4
main.applyRules(0xc0003fb360, 0x1, 0x1, 0xc0000bc070, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
    /home/runner/work/config-lint/config-lint/cli/app.go:340 +0x555
main.main()
    /home/runner/work/config-lint/config-lint/cli/app.go:157 +0x67e