search

terraform-linters / tflint

A Pluggable Terraform Linter
Mozilla Public License 2.0
4.86k stars 354 forks source link

Panic: value is marked, so must be unmarked first #1447

Closed dr-yd closed 2 years ago

dr-yd commented 2 years ago

Introduction

This occurs in a complex project with multiple levels of nested modules etc. so the issue can't easily be isolated. What I can say is that the values that go into the specified expression are

Maybe that's already enough. I don't think they're marked sensitive, though, so I'm not sure what "marked" refers to. If this is not enough, I can share trace output and code snippets directly to the team.

Expected Behavior

Not crashing.

Actual behavior

Crashing.

Step to Reproduce

See above, likely complex to reproduce.

Additional Context

$ tflint -v
TFLint version 0.38.1
+ ruleset.aws (0.15.0)

$ terraform -v
Terraform v1.2.2
on darwin_arm64

Samie issue on Linux amd64 so it's not a platform thing. We're unable to use newer versions of Terraform due to an issue that's still being debated in their project.

Output:

Panic: value is marked, so must be unmarked first
 -> 0: main.main.func1: /main.go(21)
 -> 1: runtime.gopanic: /panic.go(838)
 -> 2: github.com/zclconf/go-cty/cty.Value.assertUnmarked: /marks.go(141)
 -> 3: github.com/zclconf/go-cty/cty.Value.AsBigFloat: /value_ops.go(1274)
 -> 4: github.com/zclconf/go-cty/cty/gocty.fromCtyNumber: /out.go(124)
 -> 5: github.com/zclconf/go-cty/cty/gocty.fromCtyValue: /out.go(85)
 -> 6: github.com/zclconf/go-cty/cty/gocty.FromCtyValue: /out.go(43)
 -> 7: github.com/terraform-linters/tflint/tflint.(*Runner).isEvaluableCountArgument: /runner_eval.go(164)
 -> 8: github.com/terraform-linters/tflint/tflint.(*Runner).isEvaluableResource: /runner_eval.go(128)
 -> 9: github.com/terraform-linters/tflint/tflint.NewRunner: /runner.go(145)
 -> 10: github.com/terraform-linters/tflint/tflint.NewModuleRunners: /runner.go(260)
 -> 11: github.com/terraform-linters/tflint/cmd.(*CLI).setupRunners: /inspect.go(152)
 -> 12: github.com/terraform-linters/tflint/cmd.(*CLI).inspect: /inspect.go(39)
 -> 13: github.com/terraform-linters/tflint/cmd.(*CLI).Run: /cli.go(101)
 -> 14: main.main: /main.go(34)
 -> 15: runtime.main: /proc.go(250)
 -> 16: runtime.goexit: /asm_amd64.s(1571)
TFLint crashed... :(
bendrucker commented 2 years ago

Hi, we probably can't investigate this let alone fix it without a reproduction. If you believe the details you shared are relevant to the outcome it should be possible to reproduce. If not, those details aren't relevant to the behavior.

dr-yd commented 2 years ago

Hi, thanks for the quick response! That's unfortunate, I had hoped maybe the stacktrace would point you in the right direction. I'll see if I can narrow it down. Can you clarify on the meaning of "marked" - is this actually about "marked as sensitive" as the error message would indicate with Terraform itself?

bendrucker commented 2 years ago

This is coming from cty, a dynamic type library that Terraform uses to manipulate its typed data in Go. IIRC, marking is a generic feature of cty, effectively an "annotation" on a type value. As far as I know marking is only used for sensitivity at the moment so I think it's very likely the root cause is related to a sensitive value.

wata727 commented 2 years ago

As far as I know marking is only used for sensitivity at the moment so I think it's very likely the root cause is related to a sensitive value.

Correct. The following is a minimum reproduction code:

variable "foo" {
  default = 1
  sensitive = true
}

resource "aws_instance" "foo" {
  count = var.foo
}

We probably need to unmark this as well: https://github.com/hashicorp/terraform/blob/v1.2.6/internal/terraform/eval_count.go#L61-L63