failed to check "aws_resource_missing_tags" rule: The aws provider with alias "backup_replication" doesn't exist
kayman-mk opened this issue · 3 comments
kayman-mk commented
Hi,
I have a problem with one of the rules: aws_resource_missing_tags rule complains about a missing provider, but terraform apply is able to create everything. So the provider is there. I enabled the debug logs but didn't found anything suspicious.
The problem was introduced with an update to the newest version. The last version working on our side is 0.23.1.
OS: Windows and Alpine Linux (Docker)
Terraform version: 1.3.2
Tflint version: 0.47
ruleset.aws: 0.24.2
Here is a minimal example:
main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.7.0"
}
}
required_version = ">= 0.13.0"
}
provider "aws" {
region = "eu-central-1"
}
provider "aws" {
region = "eu-west-1"
alias = "backup_replication"
}
locals {
tags = {
app: "a"
environment: "b"
service: "c"
team: "d"
}
}
module "m" {
source = "./m"
providers = {
aws = aws
aws.backup_replication = aws.backup_replication
}
}
resource "aws_security_group" "a" {
name = "xyz"
vpc_id = "<your vpc>"
tags = local.tags
}
resource "aws_security_group" "b" {
name = "xyz-a"
vpc_id = "<your-vpc>"
tags = local.tags
provider = aws.backup_replication
}
m/main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.7.0"
configuration_aliases = [aws.backup_replication]
}
}
required_version = ">= 0.13.0"
}
locals {
tags = {
app: "a"
environment: "b"
service: "c"
team: "d"
}
}
resource "aws_security_group" "a" {
name = "xyz-m"
vpc_id = "<your vpc>"
tags = local.tags
}
resource "aws_security_group" "b" {
name = "xyz-m-a"
vpc_id = "<your voc>"
tags = local.tags
provider = aws.backup_replication
}.tflint.hcl
config {
force = false
disabled_by_default = false
}
plugin "aws" {
source = "github.com/terraform-linters/tflint-ruleset-aws"
# renovate: datasource=github-tags depName=terraform-linters/tflint-ruleset-aws
version = "0.24.2"
enabled = true
deep_check = true
region = "eu-central-1"
}
rule "aws_resource_missing_tags" {
enabled = true
tags = ["team", "service", "app", "environment"]
}
rule "terraform_required_version" {
enabled = false
}
debug log
$ TFLINT_LOG=debug tflint --config .tflint.hcl --recursive --module
16:44:11 config.go:137: [INFO] Load config: .tflint.hcl
16:44:11 config.go:269: [DEBUG] Config loaded
16:44:11 config.go:270: [DEBUG] Module: false
16:44:11 config.go:271: [DEBUG] ModuleSet: false
16:44:11 config.go:272: [DEBUG] Force: false
16:44:11 config.go:273: [DEBUG] ForceSet: true
16:44:11 config.go:274: [DEBUG] DisabledByDefault: false
16:44:11 config.go:275: [DEBUG] DisabledByDefaultSet: true
16:44:11 config.go:276: [DEBUG] PluginDir:
16:44:11 config.go:277: [DEBUG] PluginDirSet: false
16:44:11 config.go:278: [DEBUG] Format:
16:44:11 config.go:279: [DEBUG] FormatSet: false
16:44:11 config.go:280: [DEBUG] Varfiles:
16:44:11 config.go:281: [DEBUG] Variables:
16:44:11 config.go:282: [DEBUG] Only:
16:44:11 config.go:283: [DEBUG] IgnoreModules:
16:44:11 config.go:287: [DEBUG] Rules:
16:44:11 config.go:289: [DEBUG] aws_resource_missing_tags: true
16:44:11 config.go:289: [DEBUG] terraform_required_version: false
16:44:11 config.go:291: [DEBUG] Plugins:
16:44:11 config.go:293: [DEBUG] aws: enabled=true, version=0.24.2, source=github.com/terraform-linters/tflint-ruleset-aws
16:44:11 config.go:320: [INFO] The `terraform` plugin block is not found. Enable the plugin `terraform` automatically
16:44:11 option.go:71: [DEBUG] CLI Options
16:44:11 option.go:72: [DEBUG] Module: true
16:44:11 option.go:73: [DEBUG] Force: false
16:44:11 option.go:74: [DEBUG] Format:
16:44:11 option.go:75: [DEBUG] Varfiles:
16:44:11 option.go:76: [DEBUG] Variables:
16:44:11 option.go:77: [DEBUG] EnableRules:
16:44:11 option.go:78: [DEBUG] DisableRules:
16:44:11 option.go:79: [DEBUG] Only:
16:44:11 option.go:80: [DEBUG] EnablePlugins:
16:44:11 option.go:81: [DEBUG] IgnoreModules:
16:44:11 loader.go:38: [INFO] Initialize new loader
16:44:11 module_mgr.go:63: [INFO] Module manifest file found. Initializing...
16:44:11 loader.go:80: [INFO] Module inspection is enabled. Building the root module with children...
16:44:11 loader.go:114: [DEBUG] Trying to load the module: key=m, version=, dir=m
16:44:11 runner.go:46: [INFO] Initialize new runner for root
16:44:11 runner.go:46: [INFO] Initialize new runner for module.m
16:44:11 discovery.go:33: [INFO] Plugin `terraform` is not installed, but the bundled plugin is available.
16:44:11 discovery.go:54: [INFO] Plugin `terraform` found
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:604: starting plugin: path=C:\hlag\Users\kayma\bin\tflint.exe args=["C:\\hlag\\Users\\kayma\\bin\\tflint.exe", "--act-as-bundled-plugin"]
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:612: plugin started: path=C:\hlag\Users\kayma\bin\tflint.exe pid=20548
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:707: waiting for RPC address: path=C:\hlag\Users\kayma\bin\tflint.exe
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint.exe: 16:44:11 [DEBUG] go-plugin@v1.4.10/server.go:404: plugin address: network=tcp address=127.0.0.1:10000
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:752: using plugin: version=11
16:44:11 discovery.go:90: [DEBUG] Find plugin path: C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe
16:44:11 discovery.go:54: [INFO] Plugin `aws` found
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:604: starting plugin: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe args=["C:\\hlag\\Users\\kayma\\.tflint.d\\plugins\\github.com\\terraform-linters\\tflint-ruleset-aws\\0.24.2\\tflint-ruleset-aws.exe"]
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:612: plugin started: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe pid=12480
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:707: waiting for RPC address: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:12 [DEBUG] go-plugin@v1.4.10/server.go:404: plugin address: network=tcp address=127.0.0.1:10001
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:752: using plugin: version=11
16:44:12 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
16:44:12 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
16:44:12 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:12 [INFO] aws/client.go:58: Initialize AWS Client
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [INFO] AWS Auth provider used: "EnvProvider"
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [DEBUG] Trying to get account information via sts:GetCallerIdentity
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:12 [INFO] aws/client.go:58: Initialize AWS Client
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [INFO] AWS Auth provider used: "EnvProvider"
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [DEBUG] Trying to get account information via sts:GetCallerIdentity
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:13 [DEBUG] rules/aws_resource_missing_tags.go:204: Walk `%s` attribute: EXTRA_VALUE_AT_END=aws_security_group.a.tags
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:13 [ERROR] rules/aws_resource_missing_tags.go:186: Error querying provider tags: %s: EXTRA_VALUE_AT_END="The aws provider with alias \"backup_replication\" doesn't exist."
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:13 [ERROR] interceptor/logging.go:18: failed to gRPC request: direction=host2plugin method=/proto.RuleSet/Check err="rpc error: code = Aborted desc = failed to check \"aws_resource_missing_tags\" rule: The aws provider with alias \"backup_replication\" doesn't exist."
16:44:13 [DEBUG] go-plugin@v1.4.10/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
16:44:13 [INFO] go-plugin@v1.4.10/client.go:665: plugin process exited: path=C:\hlag\Users\kayma\bin\tflint.exe pid=20548
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:472: plugin exited
16:44:13 [DEBUG] go-plugin@v1.4.10/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: read tcp 127.0.0.1:52754->127.0.0.1:10001: wsarecv: An existing connection was forcibly closed by the remote host."
16:44:13 [INFO] go-plugin@v1.4.10/client.go:665: plugin process exited: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe pid=12480
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:472: plugin exited
Failed to check ruleset; failed to check "aws_resource_missing_tags" rule: The aws provider with alias "backup_replication" doesn't exist.
Steps to reproduce:
terraform inittflint --init --config .tflint.hclterraform apply# works finetflint --config .tflint.hcl --module --recursive# doesn't work
tflint --config .tflint.hcl --chdir m is working.
wata727 commented
Thank you for reporting this.
Probably, this is a bug due to a lack of consideration of provider aliases within modules.