Problem
When a Terraform template uses a check block that references a data source (e.g. data "external" or data "docker_network"), workspace creation fails with:
Panic occurred in preview. This should not happen, please report this to Coder.
panic in preview: value is null
The template imports fine and terraform plan/apply handles the check block correctly, but coder create fails at the preview/parameter validation step.
Steps to reproduce
- Create a template with a
check block that references a data source:
check "docker_is_reachable" {
data "external" "docker_check" {
program = ["sh", "-c", "echo '{\"status\":\"ok\"}'"]
}
assert {
condition = data.external.docker_check.result.status == "ok"
error_message = "Docker is not reachable."
}
}
- Push the template with
coder templates push (succeeds)
- Run
coder create against the template
- Preview panics
Root cause
The Preview() function in preview.go uses trivy's HCL parser to evaluate the Terraform configuration. The parser can't execute providers, so data sources like data.external.docker_check resolve to a null cty.Value.
When the parser evaluates the check block's assert condition:
condition = data.external.docker_check.result.status == "ok"
accessing .result.status on the null value triggers a panic in go-cty at value_ops.go:1162:
if val.IsNull() {
panic("value is null")
}The recover() at preview.go:148 catches this and wraps it as the diagnostic the user sees.
Proposed fix
Terraform check blocks are non-blocking validation that runs as the last step of plan/apply. They have no bearing on parameter extraction, presets, tags, or any other preview concern. The preview should either:
- Skip
check blocks entirely during evaluation, or
- Guard against null values from unresolved data sources when evaluating expressions inside
check blocks
Option 1 seems cleanest since check blocks are irrelevant to the preview's purpose.
Context
This came up while adding a Docker connectivity check to Coder's starter Docker template. The check block verifies the Docker daemon is reachable and surfaces a clear warning with setup docs instead of a generic provider error. The check works perfectly in Terraform itself but breaks Coder's workspace creation flow.
This issue was created by Coder Agents on behalf of @bpmct.
Problem
When a Terraform template uses a
checkblock that references a data source (e.g.data "external"ordata "docker_network"), workspace creation fails with:The template imports fine and
terraform plan/applyhandles the check block correctly, butcoder createfails at the preview/parameter validation step.Steps to reproduce
checkblock that references a data source:coder templates push(succeeds)coder createagainst the templateRoot cause
The
Preview()function inpreview.gouses trivy's HCL parser to evaluate the Terraform configuration. The parser can't execute providers, so data sources likedata.external.docker_checkresolve to a nullcty.Value.When the parser evaluates the
checkblock'sassertcondition:accessing
.result.statuson the null value triggers a panic ingo-ctyatvalue_ops.go:1162:The
recover()atpreview.go:148catches this and wraps it as the diagnostic the user sees.Proposed fix
Terraform
checkblocks are non-blocking validation that runs as the last step of plan/apply. They have no bearing on parameter extraction, presets, tags, or any other preview concern. The preview should either:checkblocks entirely during evaluation, orcheckblocksOption 1 seems cleanest since check blocks are irrelevant to the preview's purpose.
Context
This came up while adding a Docker connectivity check to Coder's starter Docker template. The
checkblock verifies the Docker daemon is reachable and surfaces a clear warning with setup docs instead of a generic provider error. The check works perfectly in Terraform itself but breaks Coder's workspace creation flow.This issue was created by Coder Agents on behalf of @bpmct.