Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

failed to check "aws_resource_missing_tags" rule: The aws provider with alias "backup_replication" doesn't exist #518

Closed
kayman-mk opened this issue Jul 21, 2023 · 3 comments · Fixed by #519
Closed

failed to check "aws_resource_missing_tags" rule: The aws provider with alias "backup_replication" doesn't exist #518

kayman-mk opened this issue Jul 21, 2023 · 3 comments · Fixed by #519
Labels
bug Something isn't working

Comments

@kayman-mk
Copy link

kayman-mk commented Jul 21, 2023
edited

Hi,

I have a problem with one of the rules: aws_resource_missing_tags rule complains about a missing provider, but terraform apply is able to create everything. So the provider is there. I enabled the debug logs but didn't found anything suspicious.

The problem was introduced with an update to the newest version. The last version working on our side is 0.23.1.

OS: Windows and Alpine Linux (Docker)
Terraform version: 1.3.2
Tflint version: 0.47
ruleset.aws: 0.24.2

Here is a minimal example:

main.tf

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "5.7.0"
    }

  }

  required_version = ">= 0.13.0"
}

provider "aws" {
  region = "eu-central-1"
}

provider "aws" {
  region = "eu-west-1"
  alias  = "backup_replication"
}

locals {
  tags = {
    app: "a"
    environment: "b"
    service: "c"
    team: "d"
  }
}

module "m" {
  source = "./m"

  providers = {
    aws = aws
    aws.backup_replication = aws.backup_replication
  }
}

resource "aws_security_group" "a" {
  name = "xyz"
  vpc_id = "<your vpc>"

  tags = local.tags
}

resource "aws_security_group" "b" {
  name = "xyz-a"
  vpc_id = "<your-vpc>"

  tags = local.tags

  provider = aws.backup_replication
}

m/main.tf

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "5.7.0"

      configuration_aliases = [aws.backup_replication]
    }

  }

  required_version = ">= 0.13.0"
}

locals {
  tags = {
    app: "a"
    environment: "b"
    service: "c"
    team: "d"
  }
}

resource "aws_security_group" "a" {
  name = "xyz-m"
  vpc_id = "<your vpc>"

  tags = local.tags
}

resource "aws_security_group" "b" {
  name = "xyz-m-a"
  vpc_id = "<your voc>"

  tags = local.tags

  provider = aws.backup_replication
}

.tflint.hcl

config {
  force               = false
  disabled_by_default = false
}

plugin "aws" {
  source  = "github.com/terraform-linters/tflint-ruleset-aws"
  # renovate: datasource=github-tags depName=terraform-linters/tflint-ruleset-aws
  version = "0.24.2"

  enabled    = true
  deep_check = true
  region     = "eu-central-1"
}

rule "aws_resource_missing_tags" {
  enabled = true
  tags    = ["team", "service", "app", "environment"]
}

rule "terraform_required_version" {
  enabled = false
}

debug log

$ TFLINT_LOG=debug tflint --config .tflint.hcl --recursive --module
16:44:11 config.go:137: [INFO] Load config: .tflint.hcl
16:44:11 config.go:269: [DEBUG] Config loaded
16:44:11 config.go:270: [DEBUG]   Module: false
16:44:11 config.go:271: [DEBUG]   ModuleSet: false
16:44:11 config.go:272: [DEBUG]   Force: false
16:44:11 config.go:273: [DEBUG]   ForceSet: true
16:44:11 config.go:274: [DEBUG]   DisabledByDefault: false
16:44:11 config.go:275: [DEBUG]   DisabledByDefaultSet: true
16:44:11 config.go:276: [DEBUG]   PluginDir:
16:44:11 config.go:277: [DEBUG]   PluginDirSet: false
16:44:11 config.go:278: [DEBUG]   Format:
16:44:11 config.go:279: [DEBUG]   FormatSet: false
16:44:11 config.go:280: [DEBUG]   Varfiles:
16:44:11 config.go:281: [DEBUG]   Variables:
16:44:11 config.go:282: [DEBUG]   Only:
16:44:11 config.go:283: [DEBUG]   IgnoreModules:
16:44:11 config.go:287: [DEBUG]   Rules:
16:44:11 config.go:289: [DEBUG]     aws_resource_missing_tags: true
16:44:11 config.go:289: [DEBUG]     terraform_required_version: false
16:44:11 config.go:291: [DEBUG]   Plugins:
16:44:11 config.go:293: [DEBUG]     aws: enabled=true, version=0.24.2, source=github.com/terraform-linters/tflint-ruleset-aws
16:44:11 config.go:320: [INFO] The `terraform` plugin block is not found. Enable the plugin `terraform` automatically
16:44:11 option.go:71: [DEBUG] CLI Options
16:44:11 option.go:72: [DEBUG]   Module: true
16:44:11 option.go:73: [DEBUG]   Force: false
16:44:11 option.go:74: [DEBUG]   Format:
16:44:11 option.go:75: [DEBUG]   Varfiles:
16:44:11 option.go:76: [DEBUG]   Variables:
16:44:11 option.go:77: [DEBUG]   EnableRules:
16:44:11 option.go:78: [DEBUG]   DisableRules:
16:44:11 option.go:79: [DEBUG]   Only:
16:44:11 option.go:80: [DEBUG]   EnablePlugins:
16:44:11 option.go:81: [DEBUG]   IgnoreModules:
16:44:11 loader.go:38: [INFO] Initialize new loader
16:44:11 module_mgr.go:63: [INFO] Module manifest file found. Initializing...
16:44:11 loader.go:80: [INFO] Module inspection is enabled. Building the root module with children...
16:44:11 loader.go:114: [DEBUG] Trying to load the module: key=m, version=, dir=m
16:44:11 runner.go:46: [INFO] Initialize new runner for root
16:44:11 runner.go:46: [INFO] Initialize new runner for module.m
16:44:11 discovery.go:33: [INFO] Plugin `terraform` is not installed, but the bundled plugin is available.
16:44:11 discovery.go:54: [INFO] Plugin `terraform` found
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:604: starting plugin: path=C:\hlag\Users\kayma\bin\tflint.exe args=["C:\\hlag\\Users\\kayma\\bin\\tflint.exe", "--act-as-bundled-plugin"]
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:612: plugin started: path=C:\hlag\Users\kayma\bin\tflint.exe pid=20548
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:707: waiting for RPC address: path=C:\hlag\Users\kayma\bin\tflint.exe
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint.exe: 16:44:11 [DEBUG] go-plugin@v1.4.10/server.go:404: plugin address: network=tcp address=127.0.0.1:10000
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:752: using plugin: version=11
16:44:11 discovery.go:90: [DEBUG] Find plugin path: C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe
16:44:11 discovery.go:54: [INFO] Plugin `aws` found
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:604: starting plugin: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe args=["C:\\hlag\\Users\\kayma\\.tflint.d\\plugins\\github.com\\terraform-linters\\tflint-ruleset-aws\\0.24.2\\tflint-ruleset-aws.exe"]
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:612: plugin started: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe pid=12480
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:707: waiting for RPC address: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:12 [DEBUG] go-plugin@v1.4.10/server.go:404: plugin address: network=tcp address=127.0.0.1:10001
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:752: using plugin: version=11
16:44:12 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
16:44:12 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
16:44:12 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:12 [INFO]  aws/client.go:58: Initialize AWS Client
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [INFO] AWS Auth provider used: "EnvProvider"
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [DEBUG] Trying to get account information via sts:GetCallerIdentity
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:12 [INFO]  aws/client.go:58: Initialize AWS Client
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [INFO] AWS Auth provider used: "EnvProvider"
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [DEBUG] Trying to get account information via sts:GetCallerIdentity
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:13 [DEBUG] rules/aws_resource_missing_tags.go:204: Walk `%s` attribute: EXTRA_VALUE_AT_END=aws_security_group.a.tags
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:13 [ERROR] rules/aws_resource_missing_tags.go:186: Error querying provider tags: %s: EXTRA_VALUE_AT_END="The aws provider with alias \"backup_replication\" doesn't exist."
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:13 [ERROR] interceptor/logging.go:18: failed to gRPC request: direction=host2plugin method=/proto.RuleSet/Check err="rpc error: code = Aborted desc = failed to check \"aws_resource_missing_tags\" rule: The aws provider with alias \"backup_replication\" doesn't exist."
16:44:13 [DEBUG] go-plugin@v1.4.10/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
16:44:13 [INFO]  go-plugin@v1.4.10/client.go:665: plugin process exited: path=C:\hlag\Users\kayma\bin\tflint.exe pid=20548
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:472: plugin exited
16:44:13 [DEBUG] go-plugin@v1.4.10/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: read tcp 127.0.0.1:52754->127.0.0.1:10001: wsarecv: An existing connection was forcibly closed by the remote host."
16:44:13 [INFO]  go-plugin@v1.4.10/client.go:665: plugin process exited: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe pid=12480
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:472: plugin exited
Failed to check ruleset; failed to check "aws_resource_missing_tags" rule: The aws provider with alias "backup_replication" doesn't exist.

Steps to reproduce:

  1. terraform init
  2. tflint --init --config .tflint.hcl
  3. terraform apply # works fine
  4. tflint --config .tflint.hcl --module --recursive # doesn't work

tflint --config .tflint.hcl --chdir m is working.
@kayman-mk
Copy link
Author

kayman-mk commented Jul 21, 2023
edited

Just checked the last releases. Maybe it was introduced with #489 ?

@wata727
Copy link
Member

wata727 commented Jul 22, 2023

Thank you for reporting this.
Probably, this is a bug due to a lack of consideration of provider aliases within modules.

@wata727 wata727 added the bug Something isn't working label Jul 22, 2023
@wata727 wata727 mentioned this issue Jul 22, 2023
Merged
@kayman-mk
Copy link
Author

Thanks for the quick fix, @wata727 It's working now as expected.

@kayman-mk kayman-mk mentioned this issue Jul 24, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

resource_missing_tags: Ignore non-existent provider aliases terraform-linters/tflint-ruleset-aws
2 participants
@wata727 @kayman-mk