Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic: cannot refine an unknown value of an unknown type #1831

Closed
1 of 3 tasks
ahmad-hamade opened this issue Aug 28, 2023 · 4 comments · Fixed by #1833
Closed
1 of 3 tasks

Panic: cannot refine an unknown value of an unknown type #1831

ahmad-hamade opened this issue Aug 28, 2023 · 4 comments · Fixed by #1833
Labels
bug

Comments

@ahmad-hamade
Copy link

Summary

TFLint started crashing after we upgraded from 0.46.1 to 0.47.0

Command

tflint --config=/infra/.tflint.hcl -f compact

Terraform Configuration

module "eks_common_01" {
  source  = "terraform-aws-modules/eks/aws"
  version = "~> 19.15"

  cluster_name                    = "${var.prefix}-${var.environment_name}-${var.aws_region}-common-01-eks"
  iam_role_name                   = "${var.environment_name}-common-01"
  cluster_version                 = "1.26"
  cluster_endpoint_private_access = true
  cluster_endpoint_public_access  = true

  cluster_addons = {
    coredns = {
      resolve_conflicts = "OVERWRITE"
    }
    kube-proxy = {
      resolve_conflicts = "OVERWRITE"
    }
    vpc-cni = {
      resolve_conflicts = "OVERWRITE"
    }
  }

  create_kms_key                = true
  kms_key_administrators        = data.aws_iam_roles.admin_roles.arns
  kms_key_enable_default_policy = true

  cloudwatch_log_group_retention_in_days = var.cloudwatch_log_retention_days

  cluster_encryption_config = {
    resources = ["secrets"]
  }

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  eks_managed_node_group_defaults = {
    ami_type       = "AL2_x86_64"
    disk_size      = 50
    instance_types = var.eks_common_01_config.instance_types
  }

  # Create nodegroup for each az
  eks_managed_node_groups = {
    for index, subnet_id in module.vpc.private_subnets :
    "${var.environment_name}-common-01-node-${index}" => {
      min_size     = var.eks_common_01_config.worker_min_size_per_az
      max_size     = var.eks_common_01_config.worker_max_size_per_az
      desired_size = var.eks_common_01_config.worker_min_size_per_az

      instance_types = var.eks_common_01_config.instance_types
      capacity_type  = var.eks_common_01_config.capacity_type
      tags           = var.tags
      subnet_ids     = [subnet_id]
    }
  }

  manage_aws_auth_configmap = false

  tags = var.tags
}

TFLint Configuration

config {
    module = true
    force = false
    disabled_by_default = false
}

plugin "terraform" {
    enabled = true
    preset = "all"
    version = "0.4.0"
    source = "github.com/terraform-linters/tflint-ruleset-terraform"
}

plugin "aws" {
    enabled = true
    version = "0.26.0"
    source = "github.com/terraform-linters/tflint-ruleset-aws"
}

Output

Panic: cannot refine an unknown value of an unknown type
 -> 0: main.main.func1: /main.go(25)
 -> 1: runtime.gopanic: /panic.go(884)
 -> 2: github.com/zclconf/go-cty/cty.Value.Refine: /unknown_refinement.go(47)
 -> 3: github.com/zclconf/go-cty/cty.Value.RefineNotNull: /unknown_refinement.go(123)
 -> 4: github.com/hashicorp/hcl/v2/ext/typeexpr.(*Defaults).apply: /defaults.go(99)
 -> 5: github.com/hashicorp/hcl/v2/ext/typeexpr.(*Defaults).Apply: /defaults.go(45)
 -> 6: github.com/terraform-linters/tflint/terraform.(*evaluationData).GetInputVariable: /evaluator.go(204)
 -> 7: github.com/terraform-linters/tflint/terraform/lang.(*Scope).evalContext: /eval.go(141)
 -> 8: github.com/terraform-linters/tflint/terraform/lang.(*Scope).EvalContext: /eval.go(81)
 -> 9: github.com/terraform-linters/tflint/terraform/lang.(*Scope).ExpandBlock: /eval.go(25)
 -> 10: github.com/terraform-linters/tflint/terraform.(*Evaluator).ExpandBlock: /evaluator.go(101)
 -> 11: github.com/terraform-linters/tflint/terraform.(*Module).PartialContent: /module.go(132)
 -> 12: github.com/terraform-linters/tflint/tflint.NewModuleRunners: /runner.go(110)
 -> 13: github.com/terraform-linters/tflint/tflint.NewModuleRunners: /runner.go(163)
 -> 14: github.com/terraform-linters/tflint/cmd.(*CLI).setupRunners: /inspect.go(251)
 -> 15: github.com/terraform-linters/tflint/cmd.(*CLI).inspectModule: /inspect.go(127)
 -> 16: github.com/terraform-linters/tflint/cmd.(*CLI).inspect.func1: /inspect.go(54)
 -> 17: github.com/terraform-linters/tflint/cmd.(*CLI).withinChangedDir: /cli.go(190)
 -> 18: github.com/terraform-linters/tflint/cmd.(*CLI).inspect: /inspect.go(35)
 -> 19: github.com/terraform-linters/tflint/cmd.(*CLI).Run: /cli.go(106)
 -> 20: main.main: /main.go(38)
 -> 21: runtime.main: /proc.go(250)
 -> 22: runtime.goexit: /asm_amd64.s(1598)

TFLint crashed... :(
Please attach an output log, describe the situation and version that occurred and post an issue to https://github.com/terraform-linters/tflint/issues
Error: Process completed with exit code 1.

TFLint Version

0.47.0

Terraform Version

1.5.2

Operating System

  • Linux
  • macOS
  • Windows
@ahmad-hamade
Copy link
Author

ahmad-hamade commented Aug 28, 2023
edited
Loading

Please note, the issue is reported only when I use a custom terraform module that has the following values:

  external_dns = {
    enabled          = true
    domain_names     = keys(module.base_dns_zone.route53_zone_name)
    domain_name_arns = values(module.base_dns_zone.route53_zone_zone_arn)  # <---- this line is what causing the problem
  }

If I omit the value for domain_name_arns property then tflint works just fine.

Below is the external_dns variable definition:

variable "external_dns" {
  type = object({
    enabled          = bool
    domain_names     = list(string)
    domain_name_arns = optional(list(string), [])
    helm_version     = optional(string, "1.13.0")
  })
  description = "External DNS configuration"
  default     = null
}

@wata727
Copy link
Member

wata727 commented Aug 29, 2023

Thank you for reporting this. This seems like a bug.

In TFLint an expression like module.base_dns_zone.route53_zone_zone_arn always resolves to an unknown value of an unknown type.

tflint/terraform/lang/eval.go

Line 189 in dcc49ce

vals["module"] = cty.UnknownVal(cty.DynamicPseudoType)

Next, HCL v2.17, which is used in TFLint v0.47, introduces the concept of refinements. This seems to apply implicit refinements when default values such as optional(list(string), []) are applied.

Unfortunately refinements for unknown values of unknown types don't seem to be supported.
https://github.com/zclconf/go-cty/blob/v1.13.3/cty/unknown_refinement.go#L46-L47

I'm not sure how to fix this, but it might be a good idea to fix the HCL to not apply the refinement in case of unknown values of unknown types.

The current workaround is to downgrade to TFLint v0.46.1.

@ahmad-hamade ahmad-hamade mentioned this issue Aug 30, 2023
Closed
1 task
@wata727 wata727 mentioned this issue Aug 30, 2023
Merged
@wata727
Copy link
Member

wata727 commented Aug 30, 2023

The upstream bug is fixed in hashicorp/hcl#625
This issue is expected to be resolved by updating to the latest HCL version (unreleased).

@wata727 wata727 mentioned this issue Sep 2, 2023
Merged
@ahmad-hamade
Copy link
Author

Thank you @wata727 for the fix.
I can confirm the issue is resolved in tflint v0.48.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump github.com/hashicorp/hcl to v2.18.0 terraform-linters/tflint
2 participants
@wata727 @ahmad-hamade