search

terraform-compliance / cli

a lightweight, security focused, BDD test framework against terraform.
https://terraform-compliance.com
MIT License
1.36k stars 152 forks source link

terraform-compliance failing in GitHub action when upgrading to TF 1.0 #509

Open TomTucka opened 3 years ago

TomTucka commented 3 years ago

Description

Heya, Since when upgrading to Terraform 1.0 our pipeline has started failing with the below error. We're using the latest version of your github action. Any ideas as to what could be the issue?

To Reproduce

Used terraform-compliance Parameters: terraform-compliance --features tests --planfile my.plan

Error Output:

ERROR: Failed to convert terraform plan file to JSON format via terraform. Here is the error :
terraform-compliance v1.3.18 initiated

. Converting terraform plan file.
None
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0xb8 pc=0x215613d]

goroutine 1 [running]:
github.com/hashicorp/terraform/internal/command/jsonplan.marshalPlanResources(0xc0020342a0, 0xc0005c6a00, 0x29, 0x43, 0xc000f66af0, 0xc000a970a0, 0xc000491900, 0xc000540c00, 0x0, 0xc0016a4f30)
    /home/circleci/project/project/internal/command/jsonplan/values.go:161 +0xfd
github.com/hashicorp/terraform/internal/command/jsonplan.marshalPlanModules(0xc0020342a0, 0xc000f66af0, 0xc0009a4e40, 0x4, 0x4, 0xc0016a5190, 0xc0016a51c0, 0x92, 0x0, 0x0, ...)
    /home/circleci/project/project/internal/command/jsonplan/values.go:243 +0x1ba
github.com/hashicorp/terraform/internal/command/jsonplan.marshalPlannedValues(0xc0020342a0, 0xc000f66af0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /home/circleci/project/project/internal/command/jsonplan/values.go:142 +0xaaa
github.com/hashicorp/terraform/internal/command/jsonplan.(*plan).marshalPlannedValues(0xc00011c380, 0xc0020342a0, 0xc000f66af0, 0x0, 0x0)
    /home/circleci/project/project/internal/command/jsonplan/plan.go:539 +0x70
github.com/hashicorp/terraform/internal/command/jsonplan.Marshal(0xc0009ce0d0, 0xc0005800a0, 0xc000660e10, 0xc000f66af0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /home/circleci/project/project/internal/command/jsonplan/plan.go:127 +0x172
github.com/hashicorp/terraform/internal/command.(*ShowCommand).Run(0xc00056a000, 0xc00004c0b0, 0x1, 0x2, 0xc00054e170)
    /home/circleci/project/project/internal/command/show.go:152 +0x966
github.com/mitchellh/cli.(*CLI).Run(0xc000552280, 0xc00054c000, 0x282d57d, 0x4)
    /home/circleci/go/pkg/mod/github.com/mitchellh/cli@v1.1.2/cli.go:262 +0x41a
main.wrappedMain(0x0)
    /home/circleci/project/project/main.go:384 +0x1112
main.realMain(0x0)
    /home/circleci/project/project/main.go:115 +0x554
main.main()
    /home/circleci/project/project/main.go:58 +0x25

Expected Behavior:

Tested Versions:

Shocktrooper commented 3 years ago

I think it has to do with the following

terraform-compliance will have to be tweaked a bit more to be able to process the plan output of any terraform >= 15.4 more effectively as a past release was supposed to support terraform 1.0 plans

I believe my error might be similar

terraform-compliance v1.3.18 initiated
. Converting terraform plan file.
. Downloading terraform v0.15.4 from https://releases.hashicorp.com/terraform/0.15.4/terraform_0.15.4_linux_amd64.zip ...
. Unpacking /tmp/terraform_0.15.4_linux_amd64.zip
. Converting terraform plan file.
. Using /tmp/terraform_0.15.4_linux_amd64 as terraform executable.
None
╷
│ Error: Could not load plugin
│ 
│ 
│ Plugin reinitialization required. Please run "terraform init".
│ 
│ Plugins are external binaries that Terraform uses to access and manipulate
│ resources. The configuration provided requires plugins which can't be
│ located,
│ don't satisfy the version constraints, or are otherwise incompatible.
│ 
│ Terraform automatically discovers provider requirements from your
│ configuration, including providers used in child modules. To see the
│ requirements and constraints, run "terraform providers".
│ 
│ 2 problems:
│ 
│ - failed to instantiate provider "registry.terraform.io/hashicorp/archive"
│ to obtain schema: unknown provider
│ "registry.terraform.io/hashicorp/archive"
│ - failed to instantiate provider "registry.terraform.io/hashicorp/aws" to
│ obtain schema: unknown provider "registry.terraform.io/hashicorp/aws"
│ 
╵
. Plan file has been created by terraform v0.15.4, but you have v1.0.0
ERROR: Failed to convert terraform plan file to JSON format via terraform. Here is the error :

terraform-compliance version: v1.3.18 terraform version: v0.15.4

eerkunt commented 3 years ago

This could be similar. Looks like 1.0.x releases are creating quite a lot problem.

Will have a deeper look on this.

eerkunt commented 3 years ago

Hi @TomTucka , did you try the same with the latest 1.x version of terraform ? It looks like its fixed on the terraform side.

@Shocktrooper can you also run which terraform please ? It looks like, you have the plan.out file only. In order to get it parsed by terraform-compliance, we use terraform executable to convert it to a JSON file. (command: terraform show -json plan.out > plan.out.json) terraform requires a terraform init before converting it to JSON file, unfortunately this is not a functionality where terraform-compliance can interfere. On the other hand, if you convert it to JSON and give plan.out.json instead of plan.out to terraform-compliance, we won't need any conversion and this problem won't occur.

Shocktrooper commented 3 years ago

@eerkunt I have verified that passing in the JSON works with the latest version of terraform-compliance with terraform 15.4 . It appears that since we use terragrunt that terraform-compliance was unable to do anything when it tried to auto init what was in the directory