AttributeError when testing protocol/port range for ingress that uses security_groups instead of cidr_blocks #615
Assignees
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
When creating a security group with an ingress that references another security group in the plan, Terraform Compliance fails with AttributeError
To Reproduce
Feature File:
Plan File:
{ "format_version": "1.0", "terraform_version": "1.1.9", "planned_values": { "root_module": { "resources": [ { "address": "aws_security_group.ec2_sg", "mode": "managed", "type": "aws_security_group", "name": "ec2_sg", "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", "ingress": [ { "cidr_blocks": [], "description": "", "from_port": 3389, "ipv6_cidr_blocks": [], "prefix_list_ids": [], "protocol": "tcp", "self": false, "to_port": 3389 } ], "name": "ec2_sg", "revoke_rules_on_delete": false, "tags": null, "timeouts": null, "vpc_id": "vpc-12345678" }, "sensitive_values": { "egress": [], "ingress": [ { "cidr_blocks": [], "ipv6_cidr_blocks": [], "prefix_list_ids": [], "security_groups": [] } ], "tags_all": {} } }, { "address": "aws_security_group.elb_sg", "mode": "managed", "type": "aws_security_group", "name": "elb_sg", "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", "egress": [ { "cidr_blocks": [ "0.0.0.0/0" ], "description": "", "from_port": 0, "ipv6_cidr_blocks": [], "prefix_list_ids": [], "protocol": "-1", "security_groups": [], "self": false, "to_port": 0 } ], "name": "elb_sg", "revoke_rules_on_delete": false, "tags": null, "timeouts": null, "vpc_id": "vpc-12345678" }, "sensitive_values": { "egress": [ { "cidr_blocks": [ false ], "ipv6_cidr_blocks": [], "prefix_list_ids": [], "security_groups": [] } ], "ingress": [], "tags_all": {} } } ] } }, "resource_changes": [ { "address": "aws_security_group.ec2_sg", "mode": "managed", "type": "aws_security_group", "name": "ec2_sg", "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" ], "before": null, "after": { "description": "Managed by Terraform", "ingress": [ { "cidr_blocks": [], "description": "", "from_port": 3389, "ipv6_cidr_blocks": [], "prefix_list_ids": [], "protocol": "tcp", "self": false, "to_port": 3389 } ], "name": "ec2_sg", "revoke_rules_on_delete": false, "tags": null, "timeouts": null, "vpc_id": "vpc-12345678" }, "after_unknown": { "arn": true, "egress": true, "id": true, "ingress": [ { "cidr_blocks": [], "ipv6_cidr_blocks": [], "prefix_list_ids": [], "security_groups": true } ], "name_prefix": true, "owner_id": true, "tags_all": true }, "before_sensitive": false, "after_sensitive": { "egress": [], "ingress": [ { "cidr_blocks": [], "ipv6_cidr_blocks": [], "prefix_list_ids": [], "security_groups": [] } ], "tags_all": {} } } }, { "address": "aws_security_group.elb_sg", "mode": "managed", "type": "aws_security_group", "name": "elb_sg", "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" ], "before": null, "after": { "description": "Managed by Terraform", "egress": [ { "cidr_blocks": [ "0.0.0.0/0" ], "description": "", "from_port": 0, "ipv6_cidr_blocks": [], "prefix_list_ids": [], "protocol": "-1", "security_groups": [], "self": false, "to_port": 0 } ], "name": "elb_sg", "revoke_rules_on_delete": false, "tags": null, "timeouts": null, "vpc_id": "vpc-12345678" }, "after_unknown": { "arn": true, "egress": [ { "cidr_blocks": [ false ], "ipv6_cidr_blocks": [], "prefix_list_ids": [], "security_groups": [] } ], "id": true, "ingress": true, "name_prefix": true, "owner_id": true, "tags_all": true }, "before_sensitive": false, "after_sensitive": { "egress": [ { "cidr_blocks": [ false ], "ipv6_cidr_blocks": [], "prefix_list_ids": [], "security_groups": [] } ], "ingress": [], "tags_all": {} } } } ], "configuration": { "provider_config": { "aws": { "name": "aws", "version_constraint": "~> 3.0", "expressions": { "profile": { "constant_value": "devops" }, "region": { "constant_value": "eu-west-1" } } } }, "root_module": { "resources": [ { "address": "aws_security_group.ec2_sg", "mode": "managed", "type": "aws_security_group", "name": "ec2_sg", "provider_config_key": "aws", "expressions": { "ingress": { "references": [ "aws_security_group.elb_sg.id", "aws_security_group.elb_sg" ] }, "name": { "constant_value": "ec2_sg" }, "vpc_id": { "constant_value": "vpc-12345678" } }, "schema_version": 1 }, { "address": "aws_security_group.elb_sg", "mode": "managed", "type": "aws_security_group", "name": "elb_sg", "provider_config_key": "aws", "expressions": { "egress": { "constant_value": [ { "cidr_blocks": [ "0.0.0.0/0" ], "description": null, "from_port": 0, "ipv6_cidr_blocks": null, "prefix_list_ids": null, "protocol": "-1", "security_groups": null, "self": null, "to_port": 0 } ] }, "name": { "constant_value": "elb_sg" }, "vpc_id": { "constant_value": "vpc-12345678" } }, "schema_version": 1 } ] } } }Sample Terraform Code:
Used
terraform-complianceParameters:N/A
Error Output:
or with -S
Expected Behavior:
The test should pass
Tested Versions:
v1.3.32v1.1.9Python 3.8.1The text was updated successfully, but these errors were encountered: