terrascan
terrascan copied to clipboard
tenable
Incorrectly Flagging optional as Experimental
- terrascan version: v1.18.1
- Operating System: Linux (Amazon Linux 2)
- terraform 1.5.0
Description
I want to use the optional function, as shown below
patch_manager_service_role_config = object({ create_role = bool role_name = string principal_type = string principal_service = string managed_policies_config = list(object({ managed_policy_name = string })) custom_policies_config = list(object({ custom_policy_name = string custom_policy_description = string effect = string actions = list(string) resources_arns = list(string) condition = optional(object({ StringEquals = map(list(string)) })) })) })
This works fine with doing my terraform apply
What I Did
Now when I run
pre-commit run -a
I get
terrascan................................................................Failed
- hook id: terrascan
- exit code: 1
2023-06-23T14:09:08.861Z warn commons/load-dir.go:300 failed to build unified config. errors: /home/ec2-user/environment/consumer-repo-v6/terraform-consumer/IaC/modules/iam_role/variables.tf:1,1-23: Optional object type attributes are experimental; This feature is currently an opt-in experiment, subject to change in future releases based on feedback.
Activate the feature for this module by adding module_variable_optional_attrs to the list of active experiments. /home/ec2-user/environment/consumer-repo-v6/terraform-consumer/IaC/modules/iam_role/variables.tf:1,1-23: Optional object type attributes are experimental; This feature is currently an opt-in experiment, subject to change in future releases based on feedback.
Activate the feature for this module by adding module_variable_optional_attrs to the list of active experiments. /home/ec2-user/environment/consumer-repo-v6/terraform-consumer/IaC/modules/iam_role/variables.tf:1,1-23: Optional object type attributes are experimental; This feature is currently an opt-in experiment, subject to change in future releases based on feedback.
Activate the feature for this module by adding module_variable_optional_attrs to the list of active experiments.
2023-06-23T14:09:09.078Z error cli/run.go:141 scan run failed{error 26 0 2 errors occurred: * diagnostic errors while loading terraform config dir '/home/ec2-user/environment/consumer-repo-v6/terraform-consumer/IaC/environments/1-test'. error from terraform: /home/ec2-user/environment/consumer-repo-v6/terraform-consumer/IaC/environments/1-test/ssm-patch-manager-variables.tf:19,1-40: Optional object type attributes are experimental; This feature is currently an opt-in experiment, subject to change in future releases based on feedback.
Activate the feature for this module by adding module_variable_optional_attrs to the list of active experiments.
* failed to build terraform allResourcesConfig
}
When I followed the instructions and added the experiment and tried to run terraform apply I received this:
Admin:~/environment/consumer-repo-v6/terraform-consumer/IaC/environments/1-test (features/govcloud) $ terraform destroy ╷ │ Error: Experiment has concluded │ │ on providers.tf line 3, in terraform: │ 3: experiments = [module_variable_optional_attrs] │ │ Experiment "module_variable_optional_attrs" is no longer available. The final feature corresponding to this experiment differs from the experimental form and is available in the Terraform language from Terraform │ v1.3.0 onwards.
I would love a mechanism to disable checking for experiments. Googling I find nothing!
same here, would terrascan be broken for tf 1.3 and up when using optional(x) on variable{} in your tf code?
Any new notice about optional flag in vars? It is already in prod state in terraform so it should be fixed...
waiting for this feature as well, i have to disable terrascan in pre-commit for now :/
We're also waiting for this, it's been an issue for so long that we consider stopping usage of terrascan in favor of e.g. checkov.
