Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tag check failing for "(Known after apply resources)" #642

Open
clanbc opened this issue Aug 9, 2022 · 0 comments
Open

Tag check failing for "(Known after apply resources)" #642

clanbc opened this issue Aug 9, 2022 · 0 comments
Assignees
@eerkunt
Labels
bug

Comments

@clanbc
Copy link

clanbc commented Aug 9, 2022

Description

Feature: Ensure all Tags are present

  Scenario Outline: Ensure that specific tags are defined
    Given I have resource that supports tags defined
    When it has tags
    Then it must contain tags
    Then it must contain "<tags>"
    And its value must match the "<value>" regex

Is failing on some resources where a terraform plan provides a "(known after apply)" for tag value, i.e.:

  # aws_cloudwatch_log_group.vpc will be created
  + resource "aws_cloudwatch_log_group" "vpc" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + kms_key_id        = (known after apply)
      + name              = (known after apply)
      + retention_in_days = 365
      + tags              = (known after apply)
      + tags_all          = (known after apply)
    }

To Reproduce

Sample Terraform Code:

resource "aws_subnet" "public" {
  count                   = local.public_subnets_size
  vpc_id                  = aws_vpc.vpc.id
  cidr_block              = element(lookup(var.vpc_info, "public-subnets"), count.index)
  availability_zone       = element(local.sorted_azs, count.index)
  map_public_ip_on_launch = "false"

  tags = merge(
    var.tags,
    {
      # Get the last 2 chars of "af-south-1x" to give unique subnet names i.e. public-1a
      "Name" = "public-${substr(element(local.sorted_azs, count.index), 9, 2)}"
    },
  )
}

Terraform code for a failing resouce:

resource "aws_internet_gateway" "vpc-igw" {
  count  = lookup(var.vpc_info, "igw")
  vpc_id = aws_vpc.vpc.id

  tags = merge(
    var.tags,
    {
      "Name" = "${aws_vpc.vpc.id}-igw"
    },
  )
}

Plan File:
plan.out.json.zip

Used terraform-compliance Parameters:
The terraform compliance steps were carried out using the action:

      - name: terraform-compliance
        uses: terraform-compliance/github_action@0357bd3be2b0a5739f5c09c64366d50f64a9056f
        with:
          plan: plan.out.json
          features: ./features

Error Output:

Failure: aws_internet_gateway.vpc-igw[0] (resource that supports tags) does not have module_name property.

Feature File:

Feature: Ensure all Tags are present

  Scenario Outline: Ensure that specific tags are defined
    Given I have resource that supports tags defined
    When it has tags
    Then it must contain tags
    Then it must contain "<tags>"
    And its value must match the "<value>" regex

    Examples:
      | tags            | value  |
      | account_name    | .+     | 
      | data_type       | .+     |
      | module_name     | .+     |
      | service_related | .+     |
      | squad           | .+     |

Expected Behavior:
compliance step to pass
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eerkunt eerkunt

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eerkunt @clanbc