search

terraform-linters / tflint-ruleset-azurerm

TFLint ruleset for terraform-provider-azurerm
Mozilla Public License 2.0
116 stars 24 forks source link

`azurerm_storage_account_invalid_access_tier` - Invalid function argument #282

Closed lonegunmanb closed 1 year ago

lonegunmanb commented 1 year ago

I was using tflint azurerm plugin to check the following code:

locals {
  blob_a_record = local.private_endpoint_enabled ? {} : { for n, t in var.storage_container : n => {
    name = t.name
  } }
  blob_endpoint            = length(var.storage_container) == 0 ? [] : ["blob"]
  endpoints                = toset(concat(local.blob_endpoint, local.queue_endpoint, local.table_endpoint))
  private_endpoint_enabled = var.new_private_endpoint != null
  # vnet id:  /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/virtualNetworks/myvnet1
  # subnet id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/virtualNetworks/myvnet1/subnets/mysubnet1
  private_endpoint_virtual_network_id = try(join("/", slice(split("/", var.new_private_endpoint.subnet_id), 0, 9)), "")
  private_endpoints                   = local.private_endpoint_enabled ? local.endpoints : toset({})
  queue_a_record = local.private_endpoint_enabled ? {} : { for n, t in var.storage_queue : n => {
    name = t.name
  } }
  queue_endpoint = length(var.storage_queue) == 0 ? [] : ["queue"]
  table_a_record = local.private_endpoint_enabled ? {} : { for n, t in var.storage_table : n => {
    name = t.name
  } }
  table_endpoint           = length(var.storage_table) == 0 ? [] : ["table"]
  table_private_dns_record = try(var.storage_table.private_dns == null ? {} : tomap({ table = var.storage_table.private_dns }), {})
}

And I got the following error:

Failed to check ruleset; Failed to check `azurerm_storage_account_invalid_access_tier` rule: locals.tf:11,98-99: Invalid function argument; Invalid value for "v" parameter: cannot convert object to set of any single type., and 3 other diagnostic(s)

I was using the latest tag version:

Installed `azurerm` (source: github.com/terraform-linters/tflint-ruleset-azurerm, version: 0.24.0)

The same error occured when I skipped this rule for azurerm_storage_account_invalid_resource_group_name and azurerm_storage_account_invalid_account_kind, I guess there're more rules like this one.

lonegunmanb commented 1 year ago

A minimum example to reproduce this issue:

variable "storage_container" {
  type = list(string)
  default = []
}

variable "new_private_endpoint" {
  type = string
  default = null
}

variable "storage_queue" {
  type = list(string)
  default = []
}

variable "storage_table" {
  type = list(string)
  default = []
}

variable "storage_account" {
  type = object({
    access_tier                       = optional(string)
    account_kind                      = optional(string)
    account_replication_type          = string
    account_tier                      = string
    location                          = string
    name                              = string
    resource_group_name               = string
  })
  description = ""
  nullable    = false
}

locals {
  blob_endpoint            = length(var.storage_container) == 0 ? [] : ["blob"]
  endpoints                = toset(concat(local.blob_endpoint, local.queue_endpoint, local.table_endpoint))
  private_endpoint_enabled = var.new_private_endpoint != null
  private_endpoints                   = local.private_endpoint_enabled ? local.endpoints : toset({})
  queue_endpoint = length(var.storage_queue) == 0 ? [] : ["queue"]
  table_endpoint           = length(var.storage_table) == 0 ? [] : ["table"]
}

resource "azurerm_storage_account" "this" {
  for_each = local.private_endpoints

  account_replication_type          = var.storage_account.account_replication_type
  account_tier                      = var.storage_account.account_tier
  location                          = var.storage_account.location
  name                              = var.storage_account.name
  resource_group_name               = var.storage_account.resource_group_name
  access_tier                       = var.storage_account.access_tier
  account_kind                      = var.storage_account.account_kind
}
lonegunmanb commented 1 year ago

I think I've figured out the error... Incorrect type conversion, apology for the false alarm...