Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent results when evaluating multiple required_providers with override files #205

Closed
1 of 3 tasks
ccp-void opened this issue Aug 27, 2024 · 3 comments
Closed
1 of 3 tasks

Inconsistent results when evaluating multiple required_providers with override files #205

ccp-void opened this issue Aug 27, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@ccp-void
Copy link

ccp-void commented Aug 27, 2024
edited
Loading

Summary

There seems to be an issue with tflint when there exists multiple terraform blocks which terraform merges according to the override files feature. In my case I'm using Terragrunt and have a backend.tf, versions.tf and a versions_override.tf file when tflint is executed. When these three files exist with the example content tflint seems to suffer from a race condition or some other inconsistency in how it evaluates/merges the override file.

This issue manifests itself in that tflint will only intermittently report a linting error. Note how in the output provided I run tflint 7 times in a row in the shell, without any changes to the code in between, resulting in 2 out of those 7 executions reporting an error.

Command

tflint

Terraform Configuration

backend.tf

# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
terraform {
  backend "s3" {
    bucket         = "bucket"
    dynamodb_table = "tf-locks"
    encrypt        = true
    key            = "path/to/tf.tfstate"
    region         = "us-east-1"
  }
}

provider.tf

# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
provider "aws" {
  region              = "us-east-1"
  allowed_account_ids = ["111111111111"]
}

versions.tf

terraform {
  required_providers {
    kubectl = {
      source  = "gavinbunney/kubectl"
      version = ">= 1.14.0"
    }
  }
}

versions_override.tf

# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 5.64.0"
    }
  }
  required_version = ">= 0.19"
}

TFLint Configuration

plugin "terraform" {
  enabled = true
  preset  = "recommended"
  version = "0.9.1"
  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
}

plugin "aws" {
  enabled = true
  version = "0.32.0"
  source  = "github.com/terraform-linters/tflint-ruleset-aws"
}

config {
  module = true
}

Output

/tmp/tf                                                                                             
❯ tflint

/tmp/tf                                                                                             
❯ tflint

/tmp/tf                                                                                             
❯ tflint

/tmp/tf                                                                                             
❯ tflint
1 issue(s) found:

Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)

  on provider.tf line 2:
   2: provider "aws" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.8.0/docs/rules/terraform_required_providers.md

/tmp/tf                                                                                             
❯ tflint

/tmp/tf                                                                                             
❯ tflint

/tmp/tf                                                                                             
❯ tflint
1 issue(s) found:

Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)

  on provider.tf line 2:
   2: provider "aws" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.8.0/docs/rules/terraform_required_providers.md

TFLint Version

0.52.0, 0.53.0

Terraform Version

1.9.4

Operating System

  • Linux
  • macOS
  • Windows
@ccp-void ccp-void added the bug Something isn't working label Aug 27, 2024
@bendrucker bendrucker transferred this issue from terraform-linters/tflint Aug 28, 2024
@bendrucker bendrucker changed the title BUG: Inconsistent results when evaluating multiple required_providers with override files Inconsistent results when evaluating multiple required_providers with override files Aug 28, 2024
@wata727
Copy link
Member

wata727 commented Aug 29, 2024
edited
Loading

Thank you for reporting this, it seems to be a bug caused by overlooking that the terraform blocks can be declared multiple times.

I didn't know that you could define the terraform blocks multiple times outside of *_override.tf (overrides are resolved internally and are therefore irrelevant to this issue).
Looking at the upstream implementation, this appears to be the correct behavior.
https://github.com/hashicorp/terraform/blob/v1.5.7/internal/configs/parser_config.go#L60-L102

The current terraform_required_providers rule gives precedence to the last terraform block that appears, causing inconsistent results depending on the order of the terraform blocks that are retrieved.
https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/rules/terraform_required_providers.go#L151-L156

Perhaps merging the attributes of each terraform block will fix this issue.

@wata727
Copy link
Member

wata727 commented Sep 2, 2024
edited
Loading

After some more investigation, it appears there is a bug not only with multiple terraform blocks, but also with the behavior of overrides. In this issue, the latter is the case.

Terraform's merge behavior is defined as follows, but TFLint probably doesn't implement it strictly.
https://developer.hashicorp.com/terraform/language/files/override
https://github.com/terraform-linters/tflint/blob/v0.53.0/terraform/module.go#L155-L174

@wata727 wata727 mentioned this issue Sep 8, 2024
Closed
3 tasks
wata727 added a commit that referenced this issue Oct 16, 2024
@wata727
Fix issues caused by multiple terraform blocks
0b0ab60 
See also #205

Some rules that reference terraform blocks do not assume that
blocks can be defined multiple times and can lead to inconsistent results in that case.
@wata727 wata727 mentioned this issue Oct 16, 2024
Merged
wata727 added a commit that referenced this issue Nov 4, 2024
@wata727
Fix issues caused by multiple terraform blocks
bd99931 
See also #205

Some rules that reference terraform blocks do not assume that
blocks can be defined multiple times and can lead to inconsistent results in that case.
wata727 added a commit that referenced this issue Nov 4, 2024
@wata727
Fix issues caused by multiple terraform blocks
15a5db9 
See also #205

Some rules that reference terraform blocks do not assume that
blocks can be defined multiple times and can lead to inconsistent results in that case.
wata727 added a commit that referenced this issue Nov 4, 2024
@wata727
Fix issues caused by multiple terraform blocks
5d5c1a4 
See also #205

Some rules that reference terraform blocks do not assume that
blocks can be defined multiple times and can lead to inconsistent results in that case.
wata727 added a commit that referenced this issue Nov 4, 2024
@wata727
Fix issues caused by multiple terraform blocks (#216)
cc82ae2 
See also #205

Some rules that reference terraform blocks do not assume that
blocks can be defined multiple times and can lead to inconsistent results in that case.
@wata727
Copy link
Member

wata727 commented Nov 9, 2024

This bug has been fixed in TFLint v0.54.0 terraform-linters/tflint#2124

@wata727 wata727 closed this as completed Nov 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Milestone
No milestone
Development

No branches or pull requests
6 participants
@wata727 @ccp-void and others