Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed to read module directory #332

Closed
brenwhyte opened this issue Sep 17, 2020 · 4 comments · Fixed by #505
Closed

Failed to read module directory #332

brenwhyte opened this issue Sep 17, 2020 · 4 comments · Fixed by #505
Assignees
Labels

Comments

@brenwhyte
Copy link

  • terrascan version: version: v1.1.0
  • Operating System: Mac Catilina & Amazon Linux 2

Description

On Mac, installed via brew.
Linux, terrascan added to path

What I Did

> terrascan scan -t aws -o yaml
2020-09-17T01:59:19.003+0100	error	v12/load-dir.go:85	failed to build unified config. errors:
<nil>: Failed to read module directory; Module directory /Users/bwhyte/git_repos/infa/terraform/aws/test/eks/terraform-aws-modules/eks/aws does not exist or cannot be read., and 1 other diagnostic(s)

Actual repo path with tf files is /Users/bwhyte/git_repos/infa/terraform/aws/test/eks/ so I'm not sure why it's tagging on terraform-aws-modules/eks/aws

If i create the x2 "missing" folder I get a working scan.

> mkdir -p /Users/bwhyte/git_repos/infa/terraform/aws/test/eks/terraform-aws-modules/eks/aws
> mkdir -p /Users/bwhyte/git_repos/infa/terraform/aws/test/eks/terraform-aws-modules/vpc/aws
> ~/g/i/t/a/t/eks (master)> terrascan scan -t aws -o yaml
results:
  violations:
  - rule_name: s3EnforceUserACL
    description: S3 bucket Access is allowed to all AWS Account Users.
    rule_id: AWS.S3Bucket.DS.High.1043
    severity: HIGH
    category: S3
    resource_name: aws_flow_log
    resource_type: aws_s3_bucket
    file: vpc.tf
    line: 45
  count:
    low: 0
    medium: 0
    high: 1
    total: 1
@williepaul
Copy link
Contributor

Hi @brenwhyte, thanks for the bug report. Could you provide a bit more info about your setup?

When you ran the command above, what was your CWD?
You mentioned your repo path is /Users/bwhyte/git_repos/infa/terraform/aws/test/eks/. Running that command with an empty dir does a recursive search starting from CWD. Do you happen to have any stray .tf files outside of that dir?

Thanks,
-Willie

@kanchwala-yusuf
Copy link
Contributor

Hi @brenwhyte ,

The way terrascan works is, it reads all the terraform configuration files in the provided directory (in this case it's $PWD), and if there are any module calls (only local path source is currently supported) in any of the terraform files, those module paths are traversed, and all the tf files in that module are read as well. If these traversed modules have any more module calls those are traversed as well and so on...

It seems that there is a module call with source field pointing to /Users/bwhyte/git_repos/infa/terraform/aws/test/eks/terraform-aws-modules/eks/aws in your terraform file somewhere in some module.

If this is not the case, can you please share more information like your PWD, tf files with directory structure etc.

Thanks

@maxgio92
Copy link
Contributor

I have the same issue. I think that the module @brenwhyte is trying to target is a one provided by a public Terraform registry, referencing it as for the documentation (so, not a local one).

For instance I'm using the terraform-aws-modules/eks/aws module and it lookes for a local path with same name.

$ docker run --rm -it -v $PWD:/app alpine:latest sh -c 'apk add curl tar && curl --location https://github.com/accurics/terrascan/releases/download/v1.1.0/terrascan_1.1.0_Linux_x86_64.tar.gz --output terrascan.tar.gz && tar -xvf terrascan.tar.gz && install terrascan /usr/local/bin && terrascan init && terrascan scan -t aws -d /app'
[...]
2020-11-13T16:54:51.627Z        error   v12/load-dir.go:85      failed to build unified config. errors:
<nil>: Failed to read module directory; Module directory /app/terraform-aws-modules/eks/aws does not exist or cannot be read., and 4 other diagnostic(s)

The fact that only local paths are supported is the answer to this issue I think.

Maybe it could be checked if the module source is formatted as for local path (e.g. starting with "./" as for the Terrraform documentation) and ignoring the others module sources?
Because it seems that this is an issue when we use "remote" modules, blocking from using terrascan as it exits with errors.

Thank you

@indistinctTalk
Copy link

I'm a little confused, #345 has been merged but but I'm seeing much the same error as above so, remote terraform modules are not actually supported? I'm running 1.2.0 and am referencing remote modules in the form of source = "terraform-aws-modules/vpc/aws".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants