terraformer icon indicating copy to clipboard operation
terraformer copied to clipboard

Published 20 hours ago verified publisher icon GoogleCloudPlatform

import plan with aws securityhub failed, error: object expected closing RBRACE got: EOF

Open bluet opened this issue 2 years ago • 7 comments

When using plan and then import plan to get aws securityhub settings, it failed with the error message: "At 3:2: object expected closing RBRACE got: EOF".

But if importing aws securityhub directly, it works fine.

plan is fine:

$ terraformer plan aws --resources="securityhub" --regions=us-east-1
2022/05/12 05:28:29 aws importing region us-east-1
2022/05/12 05:28:33 aws importing... securityhub
2022/05/12 05:28:35 aws done importing securityhub
2022/05/12 05:28:35 Number of resources for service securityhub: 3
2022/05/12 05:28:35 Refreshing state... aws_securityhub_standards_subscription.tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-aws-foundational-security-best-practices-002F-v-002F-1-002E-0-002E-0
2022/05/12 05:28:35 Refreshing state... aws_securityhub_standards_subscription.tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-cis-aws-foundations-benchmark-002F-v-002F-1-002E-2-002E-0
2022/05/12 05:28:35 Refreshing state... aws_securityhub_account.tfer--994276127279
2022/05/12 05:28:37 Filtered number of resources for service securityhub: 3
2022/05/12 05:28:37 Saving planfile to generated/aws/terraformer/plan.json

import plan failed:

$ terraformer import plan ./generated/aws/terraformer/plan.json
2022/05/12 05:28:57 aws Connecting.... 
2022/05/12 05:28:57 aws save securityhub
2022/05/12 05:28:57 At 3:2: object expected closing RBRACE got: EOF

if retrieving directly, works fine:

$ terraformer import aws --resources="securityhub" --regions=us-east-1 --profile="ipi"
2022/05/12 05:36:42 aws importing region us-east-1
2022/05/12 05:36:47 aws importing... securityhub
2022/05/12 05:36:50 aws done importing securityhub
2022/05/12 05:36:50 Number of resources for service securityhub: 3
2022/05/12 05:36:50 Refreshing state... aws_securityhub_account.tfer--994276127279
2022/05/12 05:36:50 Refreshing state... aws_securityhub_standards_subscription.tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-aws-foundational-security-best-practices-002F-v-002F-1-002E-0-002E-0
2022/05/12 05:36:50 Refreshing state... aws_securityhub_standards_subscription.tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-cis-aws-foundations-benchmark-002F-v-002F-1-002E-2-002E-0
2022/05/12 05:36:52 Filtered number of resources for service securityhub: 3
2022/05/12 05:36:52 aws Connecting.... 
2022/05/12 05:36:52 aws save securityhub
2022/05/12 05:36:52 aws save tfstate for securityhub

bluet avatar May 11 '22 21:05 bluet

The result if importing directly.

$ cat outputs.tf 
output "aws_securityhub_account_tfer--994276127279_id" {
  value = "${aws_securityhub_account.tfer--994276127279.id}"
}

output "aws_securityhub_standards_subscription_tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-aws-foundational-security-best-practices-002F-v-002F-1-002E-0-002E-0_id" {
  value = "${aws_securityhub_standards_subscription.tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-aws-foundational-security-best-practices-002F-v-002F-1-002E-0-002E-0.id}"
}

output "aws_securityhub_standards_subscription_tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-cis-aws-foundations-benchmark-002F-v-002F-1-002E-2-002E-0_id" {
  value = "${aws_securityhub_standards_subscription.tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-cis-aws-foundations-benchmark-002F-v-002F-1-002E-2-002E-0.id}"
}


$ cat provider.tf
provider "aws" {
  region = "us-east-1"
}

terraform {
	required_providers {
		aws = {
	    version = "~> 3.75.1"
		}
  }
}


$ cat resources.tf
resource "aws_securityhub_account" "tfer--994276127279" {}

resource "aws_securityhub_standards_subscription" "tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-aws-foundational-security-best-practices-002F-v-002F-1-002E-0-002E-0" {
  depends_on    = ["aws_securityhub_account.tfer--994276127279"]
  standards_arn = "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0"
}

resource "aws_securityhub_standards_subscription" "tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-cis-aws-foundations-benchmark-002F-v-002F-1-002E-2-002E-0" {
  depends_on    = ["aws_securityhub_account.tfer--994276127279"]
  standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
}


$ cat securityhub_standards_subscription.tf 
resource "aws_securityhub_standards_subscription" "tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-aws-foundational-security-best-practices-002F-v-002F-1-002E-0-002E-0" {
  depends_on    = ["aws_securityhub_account.tfer--994276127279"]
  standards_arn = "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0"
}

resource "aws_securityhub_standards_subscription" "tfer--arn-003A-aws-003A-securityhub-003A-us-east-1-003A-994276127279-003A-subscription-002F-cis-aws-foundations-benchmark-002F-v-002F-1-002E-2-002E-0" {
  depends_on    = ["aws_securityhub_account.tfer--994276127279"]
  standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
}

bluet avatar May 11 '22 21:05 bluet

Not sure if this is similar to #1208 and #1276 ?

bluet avatar May 11 '22 21:05 bluet

version info:

$ terraform --version
Terraform v1.1.9
on linux_amd64
$ terraformer --version
version v0.8.20
$ tree .terraform/
.terraform/
└── providers
    └── registry.terraform.io
        └── hashicorp
            ├── aws
            │   └── 3.75.1
            │       └── linux_amd64
            │           └── terraform-provider-aws_v3.75.1_x5
            └── google
                └── 4.20.0
                    └── linux_amd64
                        └── terraform-provider-google_v4.20.0_x5

9 directories, 2 files

Also tried updating aws provider to 4.14.0 but did not make any difference.

terraformer was built with commit f4c92505279794f807f74c52a797be239e1bdb58 (the latest as of now), and built for all providers go build -v

$ git log -n 1
commit f4c92505279794f807f74c52a797be239e1bdb58 (HEAD -> master, origin/master, origin/HEAD)
Author: Sergey Lanzman <[email protected]>
Date:   Wed May 11 22:55:36 2022 +0300

    Update version.go (#1319)

bluet avatar May 15 '22 19:05 bluet

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days.

github-actions[bot] avatar Jul 15 '22 02:07 github-actions[bot]

This bug still persists.

Versions:

bluet@ocisly:~/workspace/terraformer/tmp$ terraform --version && terraformer --version && tree .terraform/
Terraform v1.2.5
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v4.22.0
+ provider registry.terraform.io/hashicorp/google v4.29.0
version v0.8.21
.terraform/
└── providers
    └── registry.terraform.io
        └── hashicorp
            ├── aws
            │   └── 4.22.0
            │       └── linux_amd64
            │           └── terraform-provider-aws_v4.22.0_x5
            └── google
                └── 4.29.0
                    └── linux_amd64
                        └── terraform-provider-google_v4.29.0_x5

9 directories, 2 files

Commit number:

$ git log -n 1
commit ce7b49f4ce6163f8c87934eccc41a20706e5af56 (HEAD -> master, origin/master, origin/HEAD)
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Sat Jul 9 20:16:33 2022 +0300

    build(deps): bump k8s.io/client-go from 0.21.0 to 0.24.2 (#1363)
    
    Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.21.0 to 0.24.2.
    - [Release notes](https://github.com/kubernetes/client-go/releases)
    - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/kubernetes/client-go/compare/v0.21.0...v0.24.2)
    
    ---
    updated-dependencies:
    - dependency-name: k8s.io/client-go
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <[email protected]>
    
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

bluet avatar Jul 19 '22 07:07 bluet

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days.

github-actions[bot] avatar Sep 18 '22 02:09 github-actions[bot]

Still the same.

$ terraform --version
Terraform v1.2.9
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v4.31.0
$ terraformer --version
version v0.8.21

bluet avatar Sep 19 '22 05:09 bluet

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days.

github-actions[bot] avatar Nov 20 '22 02:11 github-actions[bot]

This issue was closed because it has been stalled for 7 days with no activity.

github-actions[bot] avatar Nov 28 '22 02:11 github-actions[bot]