`terraform_unused_required_providers` errors with implicit module passing

[tmatilai]

terraform-linters/tflint#1225 fixed the case where a provider was explicitly passed to a module, but stated:

It remains a lint error to declare a required provider when it is implicitly inherited by the child module, as that declaration is the child's responsibility.

But this in conflict with the Terraform best practices:

Terraform Core and Provider Versions

• Reusable modules should constrain only their minimum allowed versions of Terraform and providers, such as >= 0.12.0. This helps avoid known incompatibilities, while allowing the user of the module flexibility to upgrade to newer versions of Terraform without altering the module.

• Root modules should use a ~> constraint to set both a lower and upper bound on versions for each provider they depend on.

I.e. the root modules should specify a (stricter) version requirement. But tflint complains about it.

[bendrucker]

Yes, I've also run into this. Your notes/citations are accurate, this should be allowed. Short of disabling the rule entirely, it seems like walking the module tree and accumulating all required providers will be necessary.

This is only an issue when you use environment variables to configure your providers. When a provider block is used that will serve as a usage of the provider in the root module.

[tmatilai]

This is only an issue when you use environment variables to configure your providers.

And not all providers even need configuration. For example null or random.

[dmikalova]

Another time that this issue comes up is when the root module passes a provider alias into a child module, and that child module has no resources but implicitly passes to another child module. TF will complain if a module is passed a provider alias but doesn't require that provider, and tf will complain that the required provider is unused even though it is implicitly used by a child module.

If that's confusing: root module that sets provider alias > child module with no resources > module with resources

[d4n13lbc]

Hi guys, do you have any update about this? explicit passing is being now marked as deprecated (legacy)

https://developer.hashicorp.com/terraform/language/modules/develop/providers#implicit-provider-inheritance https://developer.hashicorp.com/terraform/language/modules/develop/providers#implicit-provider-inheritance

[bendrucker]

There is no change to the official Terraform guidance, as can be seen looking at that page's GitHub history.

[zachreborn]

This is still an issue and makes this rule of linting cause false-positives. This can be seen when required_providers is set in a module and uses account aliases

1 issue(s) found:

Warning: Missing version constraint for provider "aws" in "required_providers" (terraform_required_providers)

  on security.tf line 10:
  10: module "guardduty" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.2/docs/rules/terraform_required_providers.md

The module:

terraform {
  required_version = ">= 1.0.0"
  required_providers {
    aws = {
      source                = "hashicorp/aws"
      version               = ">= 4.0.0"
      configuration_aliases = [aws.organization_management_account, aws.organization_security_account]
    }
  }
}
...