You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In short, I am running tflint against a Terraform configuration that provisions 3 ECR repositories, all with invalid ECR names. I therefore expects tflint to report 3 issues with my Terraform configuration, but instead it reports only 2 issues.
According to the documentation here about local values, this behaviour seems unexpected?
Is there a limitation I am not aware of here? I did find this list of caveats, with the first point looking rather related to this case.
Command
tflint
Terraform Configuration
# My project structure (see referenced example repository!)# .# ├── README.md# ├── main.tf# └── modules# └── custom_ecr# └── main.tf### ./main.tfterraform {
required_providers {
aws={
source ="hashicorp/aws"
version =">= 5.0, < 6.0"
}
}
required_version="~> 1.8, < 2.0"
}
module"my_ecr_repository" {
source="./modules/custom_ecr"ecr_name="%%%"# Invalid ECR repository name
}
### ./modules/custom_ecr/main.tfvariable"ecr_name" {
type=string
}
# NOTE: The character "%" is not allowed in ECR repository names.# tflint will catch this errorresource"aws_ecr_repository""this" {
name=var.ecr_name
}
# tflint will catch this errorresource"aws_ecr_repository""this_too" {
name="${var.ecr_name}-hello-world"
}
# tflint will NOT catch this errorlocals {
ecr_name_abstraction="${var.ecr_name}-hello-world"
}
resource"aws_ecr_repository""this_three" {
name=local.ecr_name_abstraction
}
TFLint Configuration
config {
plugin_dir=".tflint.d/plugins"call_module_type="all"# have tried "local" as well, same results!disabled_by_default=false
}
plugin"terraform" {
enabled=truepreset="recommended"
}
plugin"aws" {
enabled=truedeep_check=falseversion="0.35.0"source="github.com/terraform-linters/tflint-ruleset-aws"
}
To fix this, we would need to check the local value in the expression to determine if it contains var.ecr_name. For that matter, perhaps similar bugs exist with count.*, each.*, dynamic blocks.
While it is possible to fix this bug in the short term, the inspection model for child modules makes excessive assumptions, so a redesign of the model as in terraform-linters/tflint-plugin-sdk#193 may be more effective.
wata727
changed the title
tflint does not handle locals as expected
TFLint cannot find issues in module calls caused by local values
Dec 31, 2024
Summary
Hello, I am playing around with tflint and encountered an unexpected behaviour when it comes to local values.
I have a minimal example here: https://github.com/TrongBYM/tflint-issue-example
In short, I am running tflint against a Terraform configuration that provisions 3 ECR repositories, all with invalid ECR names. I therefore expects tflint to report 3 issues with my Terraform configuration, but instead it reports only 2 issues.
According to the documentation here about local values, this behaviour seems unexpected?
Is there a limitation I am not aware of here? I did find this list of caveats, with the first point looking rather related to this case.
Command
tflint
Terraform Configuration
TFLint Configuration
Output
TFLint Version
0.54.0
Terraform Version
No response
Operating System
The text was updated successfully, but these errors were encountered: