Replies: 1 comment 5 replies
-
|
Hi @dgudi135 ! We are converting plan to terraform, so the logs contain main.tf. Could you please share plan JSON to investigate the problem? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @nikpivkin Couldn't share plan JSON as it has some data that is deemed sensitive. You've mentioned that you are converting plan to terraform right. Could you please elaborate more or let me know the steps to investigate more into the issue. |
Beta Was this translation helpful? Give feedback.
-
|
@simar7 I think we should improve terraform's parsing error message. This would be especially useful when scanning Terraform Plan JSON, since we are converting it to HCL and have no way to track the location of the error. We can add, for example, a cause field on logging that contains the source code of the location where the error occurred: 2024-09-28T09:47:17+06:00 DEBUG [terraform parser] Parsing module="root" file_path="main.tf"
2024-09-28T09:47:17+06:00 ERROR [terraform parser] Error parsing file module="root" file_path="main.tf"
cause="\tbucket = <" err="main.tf:2,11-12: Invalid expression; Expected the start of an expression, but found an invalid expression token." |
Beta Was this translation helpful? Give feedback.
-
|
@nikpivkin @simar7 Yes, it would be helpful if we would be able to track exact location of the error from the logs. Can you let me know any ETA for this enhancement so that we can plan our onboarding cycle effectively. |
Beta Was this translation helpful? Give feedback.
-
Fair enough, we can add that in. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Question
This is my infra code structure
When I run the following command, we are seeing WARN and ERROR logs in the cosonle
trivy config --tf-vars environments/envA/folA/terraform.tfvars ./
2024-09-27T17:24:17+05:30 WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="aws_acct_id, aws_profile, aws_region, dns_zones, env, hostnames"
2024-09-27T17:24:17+05:30 ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_route53_zone.main" value="cty.NilVal"
2024-09-27T17:24:17+05:30 ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks_network.aws_eip.nat_gw_eip" value="cty.NilVal"
2024-09-27T17:24:17+05:30 ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks_network.aws_nat_gateway.nat_gw" value="cty.NilVal"
All those variables stated in WARN statement were defined in terragrunt.hcl. But trivy is not able to scan terragrunt.hcl files which might be resulting in those ERROR's
We have tried other approach by generating the plan and converting plan.binary in to the json file. But scanning the json file is resulting in below error
trivy config --debug output.json
2024-09-27T00:12:00+05:30 DEBUG [terraform parser] Setting project/module root module="root" file_path="."
2024-09-27T00:12:00+05:30 DEBUG [terraform parser] Parsing FS module="root" file_path="."
2024-09-27T00:12:00+05:30 DEBUG [terraform parser] Parsing module="root" file_path="main.tf"
2024-09-27T00:12:00+05:30 ERROR [terraform parser] Error parsing file module="root" file_path="main.tf" err="main.tf:609,2-3: Invalid expression; Expected the start of an expression, but found an invalid expression token."
I'm trying to scan only json file. But not sure from where main.tf file is getting picked. And none of our main.tf files has 600
lines of code. Also tried copying json file to different location that doesn't have any terraform structure. But still getting Invalid expression error in main.tf file.
Has anyone already faced these issues? Or any idea how to fix any of these approaches?
Best Regards,
Deekshitha Gudi
Target
None
Scanner
None
Output Format
None
Mode
None
Operating System
No response
Version
Beta Was this translation helpful? Give feedback.
All reactions