tflint icon indicating copy to clipboard operation
tflint copied to clipboard

Published 20 hours ago verified publisher icon terraform-linters

TFLint skips expressions that reference static local values

Open daftping opened this issue 5 years ago • 3 comments

We use locals very heavily in our code, TFLint skips these resources. Is it expected behavior? Thanks in advance.

main.tf

provider "aws" {
  region  = "us-east-1"
}

locals {
  instance_type = "t1.2xlarge" # invalid type!
}

resource "aws_instance" "foo" {
  ami           = "ami-0ff8a91507f77f867"
  instance_type = local.instance_type
}

TFLINT_LOG=debug tflint -f json

19:59:02 config.go:71: [INFO] Load config: .tflint.hcl
19:59:02 config.go:83: [INFO] Default config file is not found. Ignored
19:59:02 config.go:92: [INFO] Load fallback config: /home/otymchyshyn/.tflint.hcl
19:59:02 config.go:100: [INFO] Fallback config file is not found. Ignored
19:59:02 config.go:102: [INFO] Use default config
19:59:02 option.go:51: [DEBUG] CLI Options
19:59:02 option.go:52: [DEBUG]   Module: false
19:59:02 option.go:53: [DEBUG]   DeepCheck: false
19:59:02 option.go:54: [DEBUG]   Force: false
19:59:02 option.go:55: [DEBUG]   IgnoreModules: map[string]bool{}
19:59:02 option.go:56: [DEBUG]   EnableRules: []string(nil)
19:59:02 option.go:57: [DEBUG]   DisableRules: []string(nil)
19:59:02 option.go:58: [DEBUG]   Varfiles: []string{}
19:59:02 option.go:59: [DEBUG]   Variables: []string{}
19:59:02 loader.go:55: [INFO] Initialize new loader
19:59:02 loader.go:80: [INFO] Load configurations under .
19:59:02 loader.go:88: [INFO] Module inspection is disabled. Building a root module without children...
19:59:02 loader.go:136: [INFO] Load values files
19:59:02 runner.go:52: [INFO] Initialize new runner for root
19:59:02 provider.go:50: [INFO] Checking rules
19:59:02 provider.go:63: [INFO]   788 (784) rules total
19:59:02 provider.go:74: [INFO] Prepare rules
19:59:02 provider.go:101: [INFO]   758 rules enabled
19:59:02 runner.go:506: [DEBUG] Walk `aws_instance.foo.instance_type` attribute
19:59:02 runner.go:238: [WARN] Unevaluable expression found in main.tf:11; TFLint ignores an unevaluable expression.
19:59:02 runner.go:506: [DEBUG] Walk `aws_instance.foo.instance_type` attribute
19:59:02 runner.go:238: [WARN] Unevaluable expression found in main.tf:11; TFLint ignores an unevaluable expression.
{"issues":[],"errors":[]}

daftping avatar Jan 03 '20 17:01 daftping

Yes. TFLint skips inspection for expression containing local values because the expression may contain unknown values like the following:

locals {
  # Ids for multiple sets of EC2 instances, merged together
  instance_ids = concat(aws_instance.blue.*.id, aws_instance.green.*.id)
}

https://www.terraform.io/docs/configuration/locals.html

However, in simple cases, such as your example, we may be able to evaluate local values. In that case, we should build a local value reference graph, and evaluate it only if we can confirm that the unknown value is not included in the edge.

wata727 avatar Jan 04 '20 13:01 wata727

Thank you, for the reply. Most of our locals are simple, we use them in order to gather configurations in one place and control changes through pull requests. It would be a nice improvement for tflint.

daftping avatar Jan 04 '20 15:01 daftping

I believe this is happening for for_each as well. When doing hydration from a var-file we are providing an array of say... ec2's and using a for_each block to create all the ec2's. I've entered in some bad values for instance_type and tflint doesn't pick them up.

michaellarocca90 avatar Nov 23 '20 17:11 michaellarocca90