config-lint Panic: Can't use ElementIterator on unknown value

Panic: Can't use ElementIterator on unknown value

Open aabouzaid opened this issue 4 years ago • 1 comments

Hello, Using config-lint v1.1.0 (latest release), with this TF file:

locals {
  buckets = [
    "public",
    "private"
  ]
}

output "gsb" {
  value = {
    buckets = values(google_storage_bucket.bucket)[*]["url"]
  }
}

resource "google_storage_bucket" "bucket" {
  for_each = toset(local.buckets)
  name     = each.value
}

And this command

config-lint -debug  -terraform .

Looking for file terraform in Box: {./assets /home/foo/git/oss/config-lint/cli map[] map[]}
New Box: {./assets/terraform /home/foo/git/oss/config-lint/cli map[] map[]}
Adding rule set: aws/api_gateway/api_gateway_domain_name/security_policy/rule.yml
*reducted*
Adding rule set: aws/waf/waf_web_acl/default_action_type/tests/test.yml
Exclude patterns: []
Filenames to scan: [main.tf]
panic: can't use ElementIterator on unknown value

goroutine 1 [running]:
github.com/zclconf/go-cty/cty.Value.ElementIterator(0xd38b60, 0xc000401520, 0xa467c0, 0x1115440, 0xc00041b948, 0xc0003ef460)
	/home/foo/.asdf/installs/golang/1.13.9/packages/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:1035 +0x11d
github.com/stelligent/config-lint/linter.iterateElements(0xc000418d80, 0xc00039aca0, 0x7, 0xd38b60, 0xc000401520, 0xa467c0, 0x1115440)
	/home/foo/git/oss/config-lint/linter/terraform_v12.go:215 +0x157
github.com/stelligent/config-lint/linter.iterateElements(0xc000418c00, 0xc00039acc0, 0x5, 0xd38ae0, 0xc0005606e8, 0xa417a0, 0xc000418d20)
	/home/foo/git/oss/config-lint/linter/terraform_v12.go:219 +0x2a4
github.com/stelligent/config-lint/linter.attributesToMap(0xc0000a4340, 0xc00036fda0, 0x0, 0x0, 0x6)
	/home/foo/git/oss/config-lint/linter/terraform_v12.go:201 +0x91b
github.com/stelligent/config-lint/linter.getBlocksOfType(0xc000401240, 0x3, 0x4, 0xae8a94, 0x6, 0x0, 0x0, 0x0)
	/home/foo/git/oss/config-lint/linter/terraform_v12.go:122 +0x15a
github.com/stelligent/config-lint/linter.loadHCLv2(0xc00035b980, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/home/foo/git/oss/config-lint/linter/terraform_v12.go:95 +0x21e
github.com/stelligent/config-lint/linter.Terraform12ResourceLoader.LoadMany(0xc00035b980, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/home/foo/git/oss/config-lint/linter/terraform_v12.go:68 +0x9f
github.com/stelligent/config-lint/linter.FileLinter.Validate(0xc00035b960, 0x1, 0x1, 0xd2a9e0, 0xc000263410, 0xd32680, 0x1115668, 0xc0000b95f0, 0x9, 0xc0000b9540, ...)
	/home/foo/git/oss/config-lint/linter/file_linter.go:50 +0x1d4
main.applyRules(0xc0004e20a0, 0x1, 0x1, 0xc0000c0030, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
	/home/foo/git/oss/config-lint/cli/app.go:336 +0x555
main.main()
	/home/foo/git/oss/config-lint/cli/app.go:153 +0x67e

When I remove the ["url"] part to be like this:

buckets = values(google_storage_bucket.bucket)[*]

It works but the debug data doesn't look the same as in Terraform:

loaded.Resources
[
  {
    "ID": "0",
    "Type": "locals",
    "Category": "locals",
    "Properties": {
      "buckets": [
        "public",
        "private"
      ]
    },
    "Filename": "main.tf",
    "LineNumber": 1
  },
  {
    "ID": "gsb",
    "Type": "output",
    "Category": "output",
    "Properties": {
      "__name__": "gsb",
      "value": [
        {
          "buckets": [
            {
              "0": [
                {
                  "private": "private",
                  "public": "public"
                }
              ],
              "1": "UNDEFINED"
            }
          ]
        }
      ]
    },
    "Filename": "main.tf",
    "LineNumber": 8
  },
  {
    "ID": "bucket",
    "Type": "google_storage_bucket",
    "Category": "resource",
    "Properties": {
      "__name__": "bucket",
      "__type__": "google_storage_bucket",
      "for_each": [
        {
          "private": "private",
          "public": "public"
        }
      ],
      "name": "UNDEFINED"
    },
    "Filename": "main.tf",
    "LineNumber": 14
  }
]

The values in local.buckets looks weird, also and the for_each in the resource.

I've tried to upgrade libs mentioned in the trace to latest version and recompile, but it's the same result.

  github.com/hashicorp/hcl/v2 v2.4.0
  github.com/zclconf/go-cty v1.4.0

The mentioned syntax works with Terraform 0.12.20 and the output is the url of the buckets. BTW, this issue happenes since v0.0.44 (at least).

Thanks.

Apr 16 '20 22:04 aabouzaid

I can reproduce this with config-lint 1.6.0 with the example file given by @aabouzaid :

panic: can't use ElementIterator on unknown value

goroutine 1 [running]:
github.com/zclconf/go-cty/cty.Value.ElementIterator(0xd2bc20, 0xc0004ef6a0, 0xa2d4a0, 0x10ff5e0, 0xc00058a2c8, 0xc00058c850)
	/home/runner/go/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:919 +0xec
github.com/stelligent/config-lint/linter.iterateElements(0xc0000ccd50, 0xc0005588e0, 0x7, 0xd2bc20, 0xc0004ef6a0, 0xa2d4a0, 0x10ff5e0)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:215 +0x157
github.com/stelligent/config-lint/linter.iterateElements(0xc0000ccb10, 0xc000558900, 0x5, 0xd2bba0, 0xc0003f03d8, 0xa285a0, 0xc0000cccf0)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:219 +0x2a4
github.com/stelligent/config-lint/linter.attributesToMap(0xc000083860, 0xc00045a400, 0x0, 0x0, 0x6)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:201 +0x91b
github.com/stelligent/config-lint/linter.getBlocksOfType(0xc0004ef3a0, 0x3, 0x4, 0xace591, 0x6, 0x0, 0x0, 0x0)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:122 +0x15a
github.com/stelligent/config-lint/linter.loadHCLv2(0xc0003f3f80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:95 +0x21e
github.com/stelligent/config-lint/linter.Terraform12ResourceLoader.LoadMany(0xc0003f3f80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:68 +0x9f
github.com/stelligent/config-lint/linter.FileLinter.Validate(0xc0003f3f60, 0x1, 0x1, 0xd1e6e0, 0xc00022b920, 0xd25b20, 0x10ff808, 0xc000470093, 0x9, 0xc000470060, ...)
	/home/runner/work/config-lint/config-lint/linter/file_linter.go:50 +0x1d4
main.applyRules(0xc00042ec80, 0x1, 0x1, 0xc0000a0070, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
	/home/runner/work/config-lint/config-lint/cli/app.go:340 +0x555
main.main()
	/home/runner/work/config-lint/config-lint/cli/app.go:157 +0x67e

I am also hitting this with the following example (taken from an actual TF file, just with pieces removed so long as the error was still there:

locals {
  namespaces = [
    "workspaces",
    "xray"
  ]

  account_specific_namespace_rules = length(var.allowlisted_namespaces) > 0 ? {
    for n in local.namespaces :
    n => contains(var.allowlisted_namespaces, n)
  } : {}
}

resource "datadog_integration_aws" "main" {
  account_specific_namespace_rules = local.account_specific_namespace_rules
}

resource "datadog_integration_aws_tag_filter" "filter" {
  depends_on = [datadog_integration_aws.main]
}

panic: can't use ElementIterator on unknown value

goroutine 1 [running]:
github.com/zclconf/go-cty/cty.Value.ElementIterator(0xd2bb60, 0xc0004a9260, 0xa2d4a0, 0x10ff5e0, 0xc0003ef958, 0xc000401c40)
	/home/runner/go/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:919 +0xec
github.com/stelligent/config-lint/linter.iterateElements(0xc00041f7d0, 0xc000486020, 0x20, 0xd2bb60, 0xc0004a9260, 0xa2d4a0, 0x10ff5e0)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:215 +0x157
github.com/stelligent/config-lint/linter.iterateElements(0xc00041f770, 0xc000476034, 0xa, 0xd2bba0, 0xc0000b95d0, 0xa285a0, 0xc0003c9260)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:219 +0x2a4
github.com/stelligent/config-lint/linter.attributesToMap(0xc00009bad0, 0xc00020b460, 0x0, 0x0, 0xc0003ef738)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:194 +0x597
github.com/stelligent/config-lint/linter.getBlocksOfType(0xc0004e8900, 0xb, 0x10, 0xacf27d, 0x8, 0x1, 0x1, 0x1)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:122 +0x15a
github.com/stelligent/config-lint/linter.loadHCLv2(0xc00042a020, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:95 +0x21e
github.com/stelligent/config-lint/linter.Terraform12ResourceLoader.LoadMany(0xc00042a020, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/home/runner/work/config-lint/config-lint/linter/terraform_v12.go:68 +0x9f
github.com/stelligent/config-lint/linter.FileLinter.Validate(0xc00042a000, 0x1, 0x1, 0xd1e6e0, 0xc00021da70, 0xd25b20, 0x10ff808, 0xc000023510, 0x9, 0xc0000234b0, ...)
	/home/runner/work/config-lint/config-lint/linter/file_linter.go:50 +0x1d4
main.applyRules(0xc0003fb360, 0x1, 0x1, 0xc0000bc070, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
	/home/runner/work/config-lint/config-lint/cli/app.go:340 +0x555
main.main()
	/home/runner/work/config-lint/config-lint/cli/app.go:157 +0x67e

Nov 04 '22 09:11 JeanFred

config-lint config-lint copied to clipboard

Panic: Can't use ElementIterator on unknown value

config-lint
config-lint copied to clipboard