TFLint fails on parsing bare attributes in ignore_changes #2431
Description
Summary
When writing rules around ignore_changes terraform allows you to have bare attributes in the array
e.g.
resource "azurerm_linux_web_app_slot" "test" {
name = "test"
lifecycle {
ignore_changes = [
tags
]
}
}If you build a rule that requires certain changes to be ignore, e.g. hidden tags for azure web app slots (terraform-linters/tflint-ruleset-azurerm#430). TFLint will fail with a parsing error.
Failed to check ruleset; failed to check "azurerm_app_service_app_insights_hidden_link" rule: main.tf:5,7-11: Invalid reference; A reference to a resource type must be followed by at least one attribute access, specifying the resource name.
If you wrap the attributes in ignore_changes in double quotes, it parses as expected.
The root cause is that TFLint is currently interpreting those list elements using its general HCL expression evaluator, which treats a bare identifier like tags as a normal expression (a variable/traversal) that must resolve in scope. Since there’s no variable or symbol named tags, the evaluator reports an error.
Command
tflint
Terraform Configuration
resource "azurerm_linux_web_app_slot" "test" {
name = "test"
lifecycle {
ignore_changes = [
tags
]
}
}TFLint Configuration
plugin "terraform" {
enabled = true
}
plugin "azurerm" {
enabled = true
}Output
Failed to check ruleset; failed to check "azurerm_app_service_app_insights_hidden_link" rule: main.tf:5,7-11: Invalid reference; A reference to a resource type must be followed by at least one attribute access, specifying the resource name.TFLint Version
0.60.0
Terraform Version
No response
Operating System
- Linux
- macOS
- Windows