Incorrectly Flagging optional as Experimental

Question

Incorrectly Flagging optional as Experimental

balq60 opened this issue 2 years ago · 7 comments

terrascan version: v1.18.1
Operating System: Linux (Amazon Linux 2)
terraform 1.5.0

Description

I want to use the optional function, as shown below

patch_manager_service_role_config = object({
create_role = bool
role_name = string
principal_type = string
principal_service = string
managed_policies_config = list(object({
managed_policy_name = string
}))
custom_policies_config = list(object({
custom_policy_name = string
custom_policy_description = string
effect = string
actions = list(string)
resources_arns = list(string)
condition = optional(object({
StringEquals = map(list(string))
}))
}))
})

This works fine with doing my terraform apply

What I Did

Now when I run

pre-commit run -a

I get

terrascan................................................................Failed

hook id: terrascan
exit code: 1

2023-06-23T14:09:08.861Z warn commons/load-dir.go:300 failed to build unified config. errors:
/home/ec2-user/environment/consumer-repo-v6/terraform-consumer/IaC/modules/iam_role/variables.tf:1,1-23: Optional object type attributes are experimental; This feature is currently an opt-in experiment, subject to change in future releases based on feedback.

Activate the feature for this module by adding module_variable_optional_attrs to the list of active experiments.
/home/ec2-user/environment/consumer-repo-v6/terraform-consumer/IaC/modules/iam_role/variables.tf:1,1-23: Optional object type attributes are experimental; This feature is currently an opt-in experiment, subject to change in future releases based on feedback.

Activate the feature for this module by adding module_variable_optional_attrs to the list of active experiments.

2023-06-23T14:09:09.078Z error cli/run.go:141 scan run failed{error 26 0 2 errors occurred:
* diagnostic errors while loading terraform config dir '/home/ec2-user/environment/consumer-repo-v6/terraform-consumer/IaC/environments/1-test'. error from terraform:
/home/ec2-user/environment/consumer-repo-v6/terraform-consumer/IaC/environments/1-test/ssm-patch-manager-variables.tf:19,1-40: Optional object type attributes are experimental; This feature is currently an opt-in experiment, subject to change in future releases based on feedback.

Activate the feature for this module by adding module_variable_optional_attrs to the list of active experiments.

    * failed to build terraform allResourcesConfig

}

When I followed the instructions and added the experiment and tried to run terraform apply I received this:

Admin:~/environment/consumer-repo-v6/terraform-consumer/IaC/environments/1-test (features/govcloud) $ terraform destroy
╷
│ Error: Experiment has concluded
│
│ on providers.tf line 3, in terraform:
│ 3: experiments = [module_variable_optional_attrs]
│
│ Experiment "module_variable_optional_attrs" is no longer available. The final feature corresponding to this experiment differs from the experimental form and is available in the Terraform language from Terraform
│ v1.3.0 onwards.

Answer 1 · 2023-06-23T14:45:10.000Z

I would love a mechanism to disable checking for experiments. Googling I find nothing!

Answer 2 · 2023-06-23T14:45:24.000Z

So for now, I have had to comment out terrascan.

Answer 3 · 2023-06-29T02:43:41.000Z

same here, would terrascan be broken for tf 1.3 and up when using optional(x) on variable{} in your tf code?

Answer 4 · 2023-11-14T12:05:16.000Z

Any new notice about optional flag in vars? It is already in prod state in terraform so it should be fixed...

Answer 5 · 2023-11-30T15:18:51.000Z

waiting for this feature as well, i have to disable terrascan in pre-commit for now :/

Answer 6 · 2024-03-21T12:04:32.000Z

We're also waiting for this, it's been an issue for so long that we consider stopping usage of terrascan in favor of e.g. checkov.