provider_missing_default_tags: correctly handle unknown values #851
+48
−13
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wata727
reviewed
Mar 28, 2025
| @@ -141,7 +140,8 @@ func (r *AwsProviderMissingDefaultTagsRule) Check(runner tflint.Runner) error { | |||
| }, nil) | |||
|
|
|||
| if err != nil { | |||
| return nil | |||
| logger.Warn("Could not evaluate tags, skipping %s.%s.%s.%s: %s", provider.Labels[0], providerAlias, providerDefaultTagsBlockName, providerTagsAttributeName, err) | |||
| continue | |||
There was a problem hiding this comment.
Considering that feedback may be lost in case of simple evaluation errors (e.g. undefined variables), would it be better to only short circuit in the tflint.ErrUnknownValue case?
There was a problem hiding this comment.
Yes, this is an option, that's what I did originally. Ignoring null variable values would be a separate case. What do you think about erroring there, versus trying to ignore it?
There was a problem hiding this comment.
I think unknown and null values should be ignored, but other errors should not be ignored. How about the following?
if errors.Is(err, tflint.ErrUnknownValue) {
logger.Warn("Could not evaluate tags, skipping %s.%s.%s.%s: %s", provider.Labels[0], providerAlias, providerDefaultTagsBlockName, providerTagsAttributeName, err)
continue
}There was a problem hiding this comment.
In spirit I agree, but the null case comes in as a raw diagnostic and not a wrapped/simple error:
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes a bug where
provider_missing_default_tagsdoes not correctly handle unknown tags. Adds the missing test coverage and then fixes the failing tests by correcting the control flow for unknown values.Cases
Unknown
The incorrect flow:
Doing this inside the
EvaluateExprcallback effectively ignores the value and leavesproviderTagsempty before checking for unset tags. Instead, unknown values need to short circuit the comparison. So I've returned an error, borrowingtflint.UnknownError.Null
The multiple cases where errors are silently discarded was a red flag:
Now, all errors are returned except evaluation errors of the
tagsattribute. This could be due to an explicit unknown value error or it could be a null value. As in:This is technically not valid configuration, as
var.tagisnull, andnullis not a valid map key. We could just return this error and insist users pass a variable value to TFLint or set a default to make the configuration valid. I initially went that path.But for the sake of backward compatibility, any error will short circuit checking (as before). But now, the warning log happens outside of the
EvalauteExprcallback, for all errors, such that they are no longer wholly silent. If the rule is skipping a tag map because of a null key error, it will print that error in a warning.Related
Closes #850