TFLint cannot find issues in module calls caused by local values #2169
Description
Summary
Hello, I am playing around with tflint and encountered an unexpected behaviour when it comes to local values.
I have a minimal example here: https://github.com/TrongBYM/tflint-issue-example
In short, I am running tflint against a Terraform configuration that provisions 3 ECR repositories, all with invalid ECR names. I therefore expects tflint to report 3 issues with my Terraform configuration, but instead it reports only 2 issues.
According to the documentation here about local values, this behaviour seems unexpected?
Is there a limitation I am not aware of here? I did find this list of caveats, with the first point looking rather related to this case.
Command
tflint
Terraform Configuration
# My project structure (see referenced example repository!)
# .
# ├── README.md
# ├── main.tf
# └── modules
# └── custom_ecr
# └── main.tf
### ./main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.0, < 6.0"
}
}
required_version = "~> 1.8, < 2.0"
}
module "my_ecr_repository" {
source = "./modules/custom_ecr"
ecr_name = "%%%" # Invalid ECR repository name
}
### ./modules/custom_ecr/main.tf
variable "ecr_name" {
type = string
}
# NOTE: The character "%" is not allowed in ECR repository names.
# tflint will catch this error
resource "aws_ecr_repository" "this" {
name = var.ecr_name
}
# tflint will catch this error
resource "aws_ecr_repository" "this_too" {
name = "${var.ecr_name}-hello-world"
}
# tflint will NOT catch this error
locals {
ecr_name_abstraction = "${var.ecr_name}-hello-world"
}
resource "aws_ecr_repository" "this_three" {
name = local.ecr_name_abstraction
}TFLint Configuration
config {
plugin_dir = ".tflint.d/plugins"
call_module_type = "all" # have tried "local" as well, same results!
disabled_by_default = false
}
plugin "terraform" {
enabled = true
preset = "recommended"
}
plugin "aws" {
enabled = true
deep_check = false
version = "0.35.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}Output
09:34:58 config.go:177: [INFO] Load config: .tflint.hcl
09:34:58 config.go:334: [DEBUG] Config loaded
09:34:58 config.go:335: [DEBUG] CallModuleType: all
09:34:58 config.go:336: [DEBUG] CallModuleTypeSet: true
09:34:58 config.go:337: [DEBUG] Force: false
09:34:58 config.go:338: [DEBUG] ForceSet: false
09:34:58 config.go:339: [DEBUG] DisabledByDefault: false
09:34:58 config.go:340: [DEBUG] DisabledByDefaultSet: true
09:34:58 config.go:341: [DEBUG] PluginDir: .tflint.d/plugins
09:34:58 config.go:342: [DEBUG] PluginDirSet: true
09:34:58 config.go:343: [DEBUG] Format:
09:34:58 config.go:344: [DEBUG] FormatSet: false
09:34:58 config.go:345: [DEBUG] Varfiles:
09:34:58 config.go:346: [DEBUG] Variables:
09:34:58 config.go:347: [DEBUG] Only:
09:34:58 config.go:348: [DEBUG] IgnoreModules:
09:34:58 config.go:352: [DEBUG] Rules:
09:34:58 config.go:356: [DEBUG] Plugins:
09:34:58 config.go:358: [DEBUG] aws: enabled=true, version=0.35.0, source=github.com/terraform-linters/tflint-ruleset-aws
09:34:58 config.go:358: [DEBUG] terraform: enabled=true, version=, source=
09:34:58 option.go:77: [DEBUG] CLI Options
09:34:58 option.go:78: [DEBUG] CallModuleType: local
09:34:58 option.go:79: [DEBUG] Force: false
09:34:58 option.go:80: [DEBUG] Format:
09:34:58 option.go:81: [DEBUG] Varfiles:
09:34:58 option.go:82: [DEBUG] Variables:
09:34:58 option.go:83: [DEBUG] EnableRules:
09:34:58 option.go:84: [DEBUG] DisableRules:
09:34:58 option.go:85: [DEBUG] Only:
09:34:58 option.go:86: [DEBUG] EnablePlugins:
09:34:58 option.go:87: [DEBUG] IgnoreModules:
09:34:58 loader.go:39: [INFO] Initialize new loader
09:34:58 module_mgr.go:63: [INFO] Module manifest file found. Initializing...
09:34:58 loader.go:78: [INFO] Building the root module while calling child modules...
09:34:58 loader.go:108: [DEBUG] Trying to load the local module: name=my_ecr_repository dir=modules/custom_ecr
09:34:58 runner.go:46: [INFO] Initialize new runner for root
09:34:58 runner.go:46: [INFO] Initialize new runner for module.my_ecr_repository
09:34:58 discovery.go:33: [INFO] Plugin "terraform" is not installed, but the bundled plugin is available.
09:34:58 discovery.go:54: [INFO] Plugin "terraform" found
09:34:58 [DEBUG] cmdrunner/cmd_runner.go:73: starting plugin: path=/usr/local/bin/tflint args=["/usr/local/bin/tflint", "--act-as-bundled-plugin"]
09:34:58 [DEBUG] cmdrunner/cmd_runner.go:80: plugin started: path=/usr/local/bin/tflint pid=38028
09:34:58 [DEBUG] [email protected]/client.go:827: waiting for RPC address: plugin=/usr/local/bin/tflint
09:34:58 [DEBUG] [email protected]/client.go:1216: tflint: 09:34:58 [DEBUG] [email protected]/server.go:419: plugin address: network=unix address=/tmp/plugin2381623722
09:34:58 [DEBUG] [email protected]/client.go:880: using plugin: version=11
09:34:58 discovery.go:90: [DEBUG] Find plugin path: .tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.35.0/tflint-ruleset-aws
09:34:58 discovery.go:54: [INFO] Plugin "aws" found
09:34:58 [DEBUG] cmdrunner/cmd_runner.go:73: starting plugin: path=.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.35.0/tflint-ruleset-aws args=[".tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.35.0/tflint-ruleset-aws"]
09:34:58 [DEBUG] cmdrunner/cmd_runner.go:80: plugin started: path=.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.35.0/tflint-ruleset-aws pid=38038
09:34:58 [DEBUG] [email protected]/client.go:827: waiting for RPC address: plugin=.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.35.0/tflint-ruleset-aws
09:34:58 [DEBUG] [email protected]/client.go:880: using plugin: version=11
09:34:58 [DEBUG] [email protected]/client.go:1216: tflint-ruleset-aws: 09:34:58 [DEBUG] [email protected]/server.go:419: plugin address: network=unix address=/tmp/plugin1597952239
09:34:58 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
09:34:58 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
09:34:58 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
09:34:58 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
09:34:58 [DEBUG] [email protected]/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
09:34:58 [INFO] [email protected]/client.go:780: plugin process exited: plugin=/usr/local/bin/tflint id=38028
09:34:58 [DEBUG] [email protected]/client.go:558: plugin exited
09:34:58 [DEBUG] [email protected]/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
09:34:58 [INFO] [email protected]/client.go:780: plugin process exited: plugin=.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.35.0/tflint-ruleset-aws id=38038
09:34:58 [DEBUG] [email protected]/client.go:558: plugin exited
2 issue(s) found:
Error: "%%!"(MISSING) does not match valid pattern ^(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*$ (aws_ecr_repository_invalid_name)
on main.tf line 13:
13: ecr_name = "%%%" # Invalid ECR repository name
Callers:
main.tf:13,14-19
modules/custom_ecr/main.tf:9,10-22
Error: "%%!h(MISSING)ello-world" does not match valid pattern ^(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*$ (aws_ecr_repository_invalid_name)
on main.tf line 13:
13: ecr_name = "%%%" # Invalid ECR repository name
Callers:
main.tf:13,14-19
modules/custom_ecr/main.tf:14,10-39TFLint Version
0.54.0
Terraform Version
No response
Operating System
- Linux
- macOS
- Windows