search

terraform-compliance / cli

a lightweight, security focused, BDD test framework against terraform.
https://terraform-compliance.com
MIT License
1.36k stars 150 forks source link

unavailable provider "registry.terraform.io/hashicorp/aws" #632

Open glenthomas opened 2 years ago

glenthomas commented 2 years ago

Description

I'm not sure if I have done something wrong but am experiencing this error:

docker run --rm -v $(pwd):/target -i -t eerkunt/terraform-compliance --features ./ --planfile ./plan.out          
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
terraform-compliance v1.3.33 initiated

. Converting terraform plan file.
ERROR: Failed to convert terraform plan file to JSON format via terraform. Here is the error :
None
╷
│ Error: Failed to load plugin schemas
│ 
│ Error while loading schemas for plugin components: Failed to obtain
│ provider schema: Could not load the schema for provider
│ registry.terraform.io/hashicorp/aws: failed to instantiate provider
│ "registry.terraform.io/hashicorp/aws" to obtain schema: unavailable
│ provider "registry.terraform.io/hashicorp/aws"..

To Reproduce

I am using an M1 MacBook

Feature File:

  Scenario Outline: Ensure that specific tags are defined
    Given I have resource that supports tags_all defined
    When it has tags_all
    Then it must contain tags_all
    Then it must contain "<tags>"
    And its value must match the "<value>" regex

    Examples:
      | tags        | value               |
      | Name        | .+                  |
      | Team        | .+                  |
      | environment | ^(prod\|test\|dev)$ |

Plan File:

Sample Terraform Code:

provider "aws" {
  alias = "has_valid_tags"
  default_tags {
    Team = "Engineering 1"
  }
  profile = "core"
  region  = "eu-west-1"
}

provider "aws" {
  alias = "has_invalid_tags"
  default_tags {
    People = "Engineering 1"
  }
  profile = "core"
  region  = "eu-west-1"
}

provider "aws" {
  alias   = "has_no_tags"
  profile = "core"
  region  = "eu-west-1"
}

resource "aws_iam_policy" "policy" {
  provider = aws.has_no_tags
  name     = "test-policy"
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "*",
        ]
        Effect   = "Allow"
        Resource = "*"
      },
    ]
  })
}

terraform {
  required_version = "~> 1.2"

  backend "s3" {
    bucket         = "terraform-state"
    key            = "terraform.tfstate"
    region         = "eu-west-1"
    encrypt        = true
    dynamodb_table = "terraform-state-lock"
    profile        = "core"
  }

  required_providers {
    aws = {
      version = "~> 4.2"
      source  = "hashicorp/aws"
    }
  }
}

Used terraform-compliance Parameters:

Running via Docker:

Error Output:

│ Error: Failed to load plugin schemas
│ 
│ Error while loading schemas for plugin components: Failed to obtain
│ provider schema: Could not load the schema for provider
│ registry.terraform.io/hashicorp/aws: failed to instantiate provider
│ "registry.terraform.io/hashicorp/aws" to obtain schema: unavailable
│ provider "registry.terraform.io/hashicorp/aws"..

Expected Behavior:

It runs my feature tests.

Tested Versions:

Additional Context:

caiodonascimento commented 1 year ago

I have same problem, but with "registry.terraform.io/hashicorp/azurerm":

$ terraform-compliance -p ./tfplan --features ./tests/
terraform-compliance v1.3.41 initiated

. Converting terraform plan file.
ERROR: Failed to convert terraform plan file to JSON format via terraform. Here is the error :
None
╷
│ Error: Failed to load plugin schemas
│ 
│ Error while loading schemas for plugin components: Failed to obtain
│ provider schema: Could not load the schema for provider
│ registry.terraform.io/hashicorp/azurerm: failed to instantiate provider
│ "registry.terraform.io/hashicorp/azurerm" to obtain schema: unavailable
│ provider "registry.terraform.io/hashicorp/azurerm"..
╵

Is there some missing action before execute terraform-compliance? Thanks!

eerkunt commented 1 year ago

Hello, sorry for having this issue.

When you use a plan.out file generated by terraform directly via terraform plan -out=plan.out, terraform-compliance executes terraform again to convert it to a JSON file. This sometimes take a bit of time and problems like this, as terraform might require to have an init and other stuff before converting it.

You can skip this step by converting the plan file by yourself with ;

terraform show -json plan.out > plan.out.json

and providing plan.out.json to terraform-compliance, instead of plan.out. terraform-compliance will detect that this is a converted plan and will skip any terraform execution. This will both speed up your process and hopefully solves the problem that you are having right now.