search

terraform-linters / tflint-ruleset-aws

TFLint ruleset for terraform-provider-aws
Mozilla Public License 2.0
336 stars 72 forks source link

Rule aws_route_not_specified_target seems to be not working properly #131

Closed klaphi closed 3 years ago

klaphi commented 3 years ago

Hi,

we have the following code:

...
resource "aws_route" "private_tgw_egress" {
  count = var.enable_nat_gateway == false && var.enable_transit_egress == true ? local.private_subnet_count : 0

  route_table_id         = element(aws_route_table.private.*.id, count.index)
  destination_cidr_block = "0.0.0.0/0"
  transit_gateway_id     = var.transit_gateway_id

  timeouts {
    create = "5m"
  }

  depends_on = [aws_ec2_transit_gateway_vpc_attachment.this]
}
...

This result in the following error:

1 issue(s) found:

Error: The routing target is not specified, each aws_route must contain either egress_only_gateway_id, gateway_id, instance_id, nat_gateway_id, network_interface_id, transit_gateway_id, vpc_peering_connection_id or vpc_endpoint_id. (aws_route_not_specified_target)

  on main.tf line 330:
 330: resource "aws_route" "private_tgw_egress" {

Reference: https://github.com/terraform-linters/tflint-ruleset-aws/blob/v0.4.1/docs/rules/aws_route_not_specified_target.md

I think this is wrong because the parameter _transit_gatewayid is specified:

I tried running tflint from VScode or shell but this does not change anything.

Version

Example:

$ tflint --version
TFLint version 0.29.1
+ ruleset.aws (0.4.3)
$ terraform version
Terraform v1.0.1
wata727 commented 3 years ago

Isn't the value of var.transit_gateway_id null? If the value is null, even if it is specified, it will be ignored when running terraform apply, so this rule considers that attribute to be unspecified if the value is null.

Example:

variable "transit_gateway_id" {
  default = null
}

resource "aws_route" "private_tgw_egress" {
  transit_gateway_id = var.transit_gateway_id
}
$ tflint --only aws_route_not_specified_target
1 issue(s) found:

Error: The routing target is not specified, each aws_route must contain either egress_only_gateway_id, gateway_id, instance_id, nat_gateway_id, network_interface_id, transit_gateway_id, vpc_peering_connection_id or vpc_endpoint_id. (aws_route_not_specified_target)

  on route.tf line 5:
   5: resource "aws_route" "private_tgw_egress" {

Reference: https://github.com/terraform-linters/tflint-ruleset-aws/blob/v0.4.1/docs/rules/aws_route_not_specified_target.md
variable "transit_gateway_id" {}

resource "aws_route" "private_tgw_egress" {
  transit_gateway_id = var.transit_gateway_id
}
$ tflint --only aws_route_not_specified_target
// No issues