Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(terraform): expand dynamic blocks from top to bottom #7586

Closed
2 tasks done
nikpivkin opened this issue Sep 24, 2024 Discussed in #7583 · 0 comments · Fixed by #7612
Closed
2 tasks done

fix(terraform): expand dynamic blocks from top to bottom #7586

nikpivkin opened this issue Sep 24, 2024 Discussed in #7583 · 0 comments · Fixed by #7612
Assignees
@nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.57.0

Comments

@nikpivkin
Copy link
Contributor

Dynamic blocks are expanded from bottom to top, resulting in misleading error messages if the parent block is empty.

Discussed in #7583

Originally posted by wplj September 24, 2024

Description

Terraform evaluator shows language errors for valid configuration when using Microsoft Azure Verified Module for VM.

Desired Behavior

No errors of such kind are shown.

Actual Behavior

Evaluation errors are shown.

Reproduction Steps

1. use AVM in your configuration:
module "app_vm" {
  source                     = "Azure/avm-res-compute-virtualmachine/azurerm"
  version                    = "0.16.0"
  # 5 required paramaters ...
}
2. run `terraform init`
3. run `trivy conf .`

Target

Filesystem

Scanner

Misconfiguration

Output Format

Table

Mode

Standalone

Debug Output

2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Evaluating submodule      name="app_vm"
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Starting module evaluation...     path=".terraform/modules/app_vm"
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Starting iteration        iteration=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Starting iteration        iteration=1
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Starting iteration        iteration=2
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Starting iteration        iteration=3
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Context unchanged iteration=3
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.azurerm_key_vault_secret.admin_password" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.azurerm_key_vault_secret.admin_ssh_key" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.azurerm_linux_virtual_machine.this" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.azurerm_management_lock.this_linux_virtualmachine" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.azurerm_management_lock.this_windows_virtualmachine" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.azurerm_windows_virtual_machine.this" clones=1
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.data.azurerm_client_config.telemetry" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.data.modtm_module_source.telemetry" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.modtm_telemetry.telemetry" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.random_password.admin_password" clones=1
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.random_uuid.telemetry" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'count' attribute. block="module.app_vm.tls_private_key.this" clones=0
2024-09-24T10:39:14+02:00       ERROR   [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.  block="module.app_vm.azurerm_backup_protected_vm.this" value="cty.NilVal"
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_dev_test_global_vm_shutdown_schedule.this" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_maintenance_assignment_virtual_machine.this" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_managed_disk.this" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_management_lock.this_disk" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_management_lock.this_nic" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_management_lock.this_public_ip" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_monitor_diagnostic_setting.this_nic_diags" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_monitor_diagnostic_setting.this_vm_diags" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_network_interface.virtualmachine_network_interfaces" clones=1
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_network_interface_application_gateway_backend_address_pool_association.this" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_network_interface_application_security_group_association.this" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_network_interface_backend_address_pool_association.this" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_network_interface_nat_rule_association.this" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_network_interface_security_group_association.this" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_public_ip.virtualmachine_public_ips" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_role_assignment.disks" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_role_assignment.system_managed_identity" clones=2
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_role_assignment.this_network_interface" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_role_assignment.this_virtual_machine" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_virtual_machine_data_disk_attachment.this_linux" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_virtual_machine_data_disk_attachment.this_windows" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.azurerm_virtual_machine_extension.this_extension" clones=1
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.ip_configuration" clones=1
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.protected_settings_from_key_vault" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.diff_disk_settings" clones=0
2024-09-24T10:39:14+02:00       ERROR   [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.  block="module.app_vm.dynamic.certificate" value="cty.NilVal"
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.additional_capabilities" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.additional_unattend_content" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.boot_diagnostics" clones=1
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.gallery_application" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.identity" clones=1
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.plan" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.secret" clones=0 2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.source_image_reference" clones=1
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.termination_notification" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.winrm_listener" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.protected_settings_from_key_vault" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.diff_disk_settings" clones=0
2024-09-24T10:39:14+02:00       ERROR   [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.  block="module.app_vm.dynamic.certificate" value="cty.NilVal"
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.additional_capabilities" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.additional_unattend_content" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.gallery_application" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.plan" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.secret" clones=0 2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.termination_notification" clones=0
2024-09-24T10:39:14+02:00       DEBUG   [terraform evaluator] Expanded block into clones via 'for_each' attribute.      block="module.app_vm.dynamic.winrm_listener" clones=0

Operating System

Windows 10.0.19045

Version

Version: 0.55.2
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-09-24 06:14:03.075540497 +0000 UTC
  NextUpdate: 2024-09-24 12:14:03.075540226 +0000 UTC
  DownloadedAt: 2024-09-24 08:19:09.4156912 +0000 UTC
Check Bundle:
  Digest: sha256:ef2d9ad4fce0f933b20a662004d7e55bf200987c180e7f2cd531af631f408bb3
  DownloadedAt: 2024-09-23 14:37:31.368118 +0000 UTC

Checklist
@nikpivkin nikpivkin added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Sep 24, 2024
@nikpivkin nikpivkin self-assigned this Sep 25, 2024
@nikpivkin nikpivkin mentioned this issue Sep 25, 2024
Closed
6 tasks
@nikpivkin nikpivkin mentioned this issue Oct 2, 2024
Merged
6 tasks
@simar7 simar7 added this to the v0.57.0 milestone Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Status: No status
Milestone
v0.57.0
2 participants
@simar7 @nikpivkin