search

terraform-linters / tflint-ruleset-aws

TFLint ruleset for terraform-provider-aws
Mozilla Public License 2.0
327 stars 71 forks source link

`resource_missing_tags` panic: value is unknown #516

Closed j-fraga closed 1 year ago

j-fraga commented 1 year ago

In v0.24.2 the following error occurs:

% tflint
Failed to check ruleset; error reading from server: EOF

The TFlint version used is v0.47.0.

Output with TFLINT_LOG=debug tflint:

discovery.go:54: [INFO] Plugin `aws` found
go-plugin@v1.4.10/client.go:604: starting plugin: path=../../../../../../.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.24.2/tflint-ruleset-aws args=["../../../../../../.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.24.2/tflint-ruleset-aws"]
go-plugin@v1.4.10/client.go:612: plugin started: path=../../../../../../.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.24.2/tflint-ruleset-aws pid=1537
go-plugin@v1.4.10/client.go:707: waiting for RPC address: path=../../../../../../.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.24.2/tflint-ruleset-aws
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: go-plugin@v1.4.10/server.go:404: plugin address: network=unix address=/tmp/plugin2985356507
go-plugin@v1.4.10/client.go:752: using plugin: version=11
discovery.go:33: [INFO] Plugin `terraform` is not installed, but the bundled plugin is available.
discovery.go:54: [INFO] Plugin `terraform` found
go-plugin@v1.4.10/client.go:604: starting plugin: path=/usr/bin/tflint args=["/usr/bin/tflint", "--act-as-bundled-plugin"]
go-plugin@v1.4.10/client.go:612: plugin started: path=/usr/bin/tflint pid=1547
go-plugin@v1.4.10/client.go:707: waiting for RPC address: path=/usr/bin/tflint
go-plugin@v1.4.10/client.go:752: using plugin: version=11
go-plugin@v1.4.10/client.go:1046: tflint: go-plugin@v1.4.10/server.go:404: plugin address: network=unix address=/tmp/plugin42334417
host2plugin/client.go:124: starting host-side gRPC server
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: plugin2host/client.go:398: unknown value found in ods2/.terraform/modules/lambda-event-source-mapping-ods2-fault-tolerance-critical-path/modules/aws/lambda/eventSQS/main.tf:2,40-60
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: plugin2host/client.go:398: unknown value found in ods2/.terraform/modules/lambda-event-source-mapping-ods2-fault-tolerance-critical-path/modules/aws/lambda/eventSQS/main.tf:3,40-57
host2plugin/client.go:124: starting host-side gRPC server
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: rules/aws_resource_missing_tags.go:204: Walk `%s` attribute: EXTRA_VALUE_AT_END=aws_sns_topic.main.tags
host2plugin/client.go:124: starting host-side gRPC server
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: rules/aws_resource_missing_tags.go:204: Walk `%s` attribute: EXTRA_VALUE_AT_END=aws_s3_bucket.main.tags
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: panic: value is unknown
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: goroutine 54 [running]:
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: github.com/zclconf/go-cty/cty.Value.AsString({{{0x1f9f868?, 0xc0001272b1?}}, {0x17b8b60?, 0xc0005f5220?}})
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/github.com/zclconf/go-cty@v1.13.2/cty/value_ops.go:1393 +0x111
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-ruleset-aws/rules.(*AwsResourceMissingTagsRule).Check.func1({{{0x1f9f948?, 0xc0005f5440?}}, {0x17caaa0?, 0xc000e05830?}})
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/work/tflint-ruleset-aws/tflint-ruleset-aws/rules/aws_resource_missing_tags.go:221 +0x44b
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: reflect.Value.call({0x16ef2e0?, 0xc000cb7380?, 0x10?}, {0x1bb6859, 0x4}, {0xc000edd580, 0x1, 0xa?})
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /opt/hostedtoolcache/go/1.20.5/x64/src/reflect/value.go:586 +0xb0b
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: reflect.Value.Call({0x16ef2e0?, 0xc000cb7380?, 0xc00055e1e0?}, {0xc000edd580?, 0xc000ca4b20?, 0x1?})
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /opt/hostedtoolcache/go/1.20.5/x64/src/reflect/value.go:370 +0xbc
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/plugin2host.(*GRPCClient).EvaluateExpr(0x0?, {0x1f9f130, 0xc00055e1e0}, {0x16ef2e0, 0xc000cb7380?}, 0x1?)
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/github.com/terraform-linters/tflint-plugin-sdk@v0.17.0/plugin/plugin2host/client.go:323 +0x376
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-ruleset-aws/rules.(*AwsResourceMissingTagsRule).Check(0x2e74b78, {0x1fc1f80, 0xc00139e060})
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/work/tflint-ruleset-aws/tflint-ruleset-aws/rules/aws_resource_missing_tags.go:209 +0x94b
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/host2plugin.(*GRPCServer).Check(0xc000aa36e0, {0x1f9ef00, 0xc0013d0030}, 0xc0013c8ae0?)
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/github.com/terraform-linters/tflint-plugin-sdk@v0.17.0/plugin/host2plugin/server.go:145 +0x46e
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/proto._RuleSet_Check_Handler.func1({0x1f9ef00, 0xc0013d0030}, {0x192f040?, 0xc0013d0060})
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/github.com/terraform-linters/tflint-plugin-sdk@v0.17.0/plugin/proto/tflint_grpc.pb.go:354 +0x78
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/interceptor.RequestLogging.func1({0x1f9ef00, 0xc0013d0030}, {0x192f040?, 0xc0013d0060?}, 0xc00139fce0, 0xc0013c2d20)
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/github.com/terraform-linters/tflint-plugin-sdk@v0.17.0/plugin/interceptor/logging.go:16 +0x20f
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: github.com/terraform-linters/tflint-plugin-sdk/plugin/proto._RuleSet_Check_Handler({0x1ac92e0?, 0xc000aa36e0}, {0x1f9ef00, 0xc0013d0030}, 0xc000e18000, 0xc00012e300)
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/github.com/terraform-linters/tflint-plugin-sdk@v0.17.0/plugin/proto/tflint_grpc.pb.go:356 +0x138
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: google.golang.org/grpc.(*Server).processUnaryRPC(0xc00067e3c0, {0x1fbf660, 0xc000502820}, 0xc0013c7320, 0xc000aa3770, 0x2e2f880, 0x0)
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/google.golang.org/grpc@v1.55.0/server.go:1337 +0xdf3
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: google.golang.org/grpc.(*Server).handleStream(0xc00067e3c0, {0x1fbf660, 0xc000502820}, 0xc0013c7320, 0x0)
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/google.golang.org/grpc@v1.55.0/server.go:1714 +0xa36
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: google.golang.org/grpc.(*Server).serveStreams.func1.1()
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/google.golang.org/grpc@v1.55.0/server.go:959 +0x98
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: created by google.golang.org/grpc.(*Server).serveStreams.func1
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws:   /home/runner/go/pkg/mod/google.golang.org/grpc@v1.55.0/server.go:957 +0x18c
go-plugin@v1.4.10/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
19:31:00 [ERROR] go-plugin@v1.4.10/client.go:662: plugin process exited: path=../../../../../../.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.24.2/tflint-ruleset-aws pid=1537 error="exit status 2"
go-plugin@v1.4.10/client.go:472: plugin exited
go-plugin@v1.4.10/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
go-plugin@v1.4.10/client.go:665: plugin process exited: path=/usr/bin/tflint pid=1547
go-plugin@v1.4.10/client.go:472: plugin exited
Failed to check ruleset; error reading from server: EOF

The .tflint.hcl:

config {
  plugin_dir = "../../../../../../.tflint.d/plugins"

  module              = true
  force               = false
  disabled_by_default = false
}

plugin "aws" {
  enabled = true
  version = "0.24.1"
  source  = "github.com/terraform-linters/tflint-ruleset-aws"
}

rule "aws_resource_missing_tags" {
  enabled = true
  tags    = ["Name", "Application"]
}

rule "terraform_typed_variables" {
  enabled = false
}

rule "terraform_unused_declarations" {
  enabled = false
}
bendrucker commented 1 year ago

Most important part—what is the Terraform config that caused this?

j-fraga commented 1 year ago

@bendrucker, the Terraform stack TFlint is failing on is too big to include here (9243 lines in total, not including modules!). However, I noticed that if I disable the rule aws_resource_missing_tags as follows:

rule "aws_resource_missing_tags" {
  enabled = false
  tags    = ["Name", "Application"]
}

the error does not occur.

I should mention that with v0.24.1 the error does not occur even with the rule aws_resource_missing_tags enabled.

bendrucker commented 1 year ago

the Terraform stack TFlint is failing on is too big to include here (9243 lines in total, not including modules!).

Sure, please don't include your whole configuration (too much noise, too little signal), just enough to reproduce the issue. Ideally one resource or something similarly minimal. This is a must-have so we can ensure a test case is added that matches the behavior you're seeing.

Failed to check ruleset; error reading from server: EOF

This is not actually the error, it's just what happens on subsequent requests once the plugin has crashed from the root cause:

go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: rules/aws_resource_missing_tags.go:204: Walk `%s` attribute: EXTRA_VALUE_AT_END=aws_sns_topic.main.tags
host2plugin/client.go:124: starting host-side gRPC server
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: rules/aws_resource_missing_tags.go:204: Walk `%s` attribute: EXTRA_VALUE_AT_END=aws_s3_bucket.main.tags
go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws: panic: value is unknown
bendrucker commented 1 year ago

Based on the error we at least need the config for aws_s3_bucket.main and anything it depends on. The cause of the panic is there and we need a sample/reproduction to proceed.

wata727 commented 1 year ago

I think maybe this issue is caused by AsValueMap. https://github.com/terraform-linters/tflint-ruleset-aws/blob/bcd0c2d7e76192b8d390a3e2506b3385f0cd7e46/rules/aws_resource_missing_tags.go#L118

This implicitly expects the key to be a known string, so this panic can occur when the tag's key is unknown. https://github.com/zclconf/go-cty/blob/v1.13.2/cty/value_ops.go#L1457