terrascan
terrascan copied to clipboard
tenable
Also missing support for TF 1.3.0 optional() with second argument, the attribute default value.
Also missing support for TF 1.3.0 optional() with second argument, the attribute default value.
variables.tf:5,27-74: Invalid type specification; Optional attribute modifier expects only one argument: the attribute type.```
_Originally posted by @ambis in https://github.com/tenable/terrascan/issues/1331#issuecomment-1257892023_
First, linking https://github.com/tenable/terrascan/issues/1331#issuecomment-1257892023 to fix the cross referencing broken due to terrible formatting above.
Next, copying my https://github.com/tenable/terrascan/issues/1468#issuecomment-1423234053 below
The module_variable_optional_attrs is gone from Terraform 1.3 as per
- https://github.com/hashicorp/terraform/issues/31692
- https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides#concluding-the-optional-attributes-experiment
and the latest Terrascan v1.18 is complaining as it seems not support the built-in optional
(...)/terraform_azurerm_db_sql/variables.tf:234,1-42: Optional object type attributes are experimental;
This feature is currently an opt-in experiment, subject to change in future releases based on feedback.
where the variables.tf contains
variable "single_databases_configuration" {
description = "List of databases configurations"
type = list(object({
name = string
sku_name = optional(string)
license_type = optional(string)
collation = optional(string)
max_size_gb = optional(number)
zone_redundant = optional(bool)
min_capacity = optional(number)
auto_pause_delay_in_minutes = optional(number)
threat_detection_policy = optional(object({
state = bool
}))
retention_days = optional(number)
weekly_retention = optional(string)
monthly_retention = optional(string)
yearly_retention = optional(string)
week_of_year = optional(number)
database_extra_tags = optional(map(any))
}))
default = []
}
I just wanted to add a quick comment as I didn't think the comments in this thread outlined the issue clearly. Using Terrascan v1.18.1 In my setup the optional value in the strongly typed map works:
variable "single_databases_configuration" {
description = "List of databases configurations"
type = list(object({
name = string
sku_name = optional(string)
[...]
}))
}
However what I am seeing and I believe is the intent of this issue is that when we add the attribute default value to the variable definition Terrascan throws an error:
variable "single_databases_configuration" {
description = "List of databases configurations"
type = list(object({
name = string
sku_name = optional(string, "Standard")
[...]
}))
}
This is valid syntax from Terraform 1.3, however Terrascan complains:
Scan Errors -
-----------------------------------------------------------------------
IaC Type : terraform
Directory : [...]
Error Message : diagnostic errors while loading terraform config dir '[...]'. error from terraform:
[...]\variables.tf:44,32-45: Invalid type specification; Optional attribute modifier expects only one argument: the attribute type.
I use Terrascan as part of Github Super-Linter and due to the error parsing the Terraform code using this feature I am having to disable it completely from the run (i.e, I don't think I can fix this with an ignore rule).
FYA, as follow-up to this issue, I've asked about Terrascan status here
- https://github.com/tenable/terrascan/discussions/1569
