terraform: fix panic with the combination of non extant resource and dynamics (#25097)

2020-06-02 09:01:12 -04:00 · 2020-06-02 09:01:12 -04:00 · daa57ba9f6
parent 7f91090c5c
commit daa57ba9f6
3 changed files with 53 additions and 2 deletions
--- a/terraform/context_validate_test.go
+++ b/terraform/context_validate_test.go
@ -40,6 +40,30 @@ func TestContext2Validate_badCount(t *testing.T) {
 	}
 }

+func TestContext2Validate_badResource_reference(t *testing.T) {
+	p := testProvider("aws")
+	p.GetSchemaReturn = &ProviderSchema{
+		ResourceTypes: map[string]*configschema.Block{
+			"aws_instance": {
+				Attributes: map[string]*configschema.Attribute{},
+			},
+		},
+	}
+
+	m := testModule(t, "validate-bad-resource-count")
+	c := testContext2(t, &ContextOpts{
+		Config: m,
+		Providers: map[addrs.Provider]providers.Factory{
+			addrs.NewDefaultProvider("aws"): testProviderFuncFixed(p),
+		},
+	})
+
+	diags := c.Validate()
+	if !diags.HasErrors() {
+		t.Fatalf("succeeded; want error")
+	}
+}
+
 func TestContext2Validate_badVar(t *testing.T) {
 	p := testProvider("aws")
 	p.GetSchemaReturn = &ProviderSchema{
--- a/terraform/node_resource_abstract.go
+++ b/terraform/node_resource_abstract.go
@ -183,7 +183,7 @@ func (n *NodeAbstractResource) References() []*addrs.Reference {
 		result = append(result, n.DependsOn()...)

 		if n.Schema == nil {
-			// Should never happens, but we'll log if it does so that we can
+			// Should never happen, but we'll log if it does so that we can
 			// see this easily when debugging.
 			log.Printf("[WARN] no schema is attached to %s, so config references cannot be detected", n.Name())
 		}
@ -192,7 +192,12 @@ func (n *NodeAbstractResource) References() []*addrs.Reference {
 		result = append(result, refs...)
 		refs, _ = lang.ReferencesInExpr(c.ForEach)
 		result = append(result, refs...)
+
+		// ReferencesInBlock() requires a schema
+		if n.Schema != nil {
 			refs, _ = lang.ReferencesInBlock(c.Config, n.Schema)
+		}
+
 		result = append(result, refs...)
 		if c.Managed != nil {
 			if c.Managed.Connection != nil {
--- a/terraform/testdata/validate-bad-resource-count/main.tf
+++ b/terraform/testdata/validate-bad-resource-count/main.tf
@ -0,0 +1,22 @@
+// a resource named "aws_security_groups" does not exist in the schema
+variable "sg_ports" {
+  type        = list(number)
+  description = "List of ingress ports"
+  default     = [8200, 8201, 8300, 9200, 9500]
+}
+
+
+resource "aws_security_groups" "dynamicsg" {
+  name        = "dynamicsg"
+  description = "Ingress for Vault"
+
+  dynamic "ingress" {
+    for_each = var.sg_ports
+    content {
+      from_port   = ingress.value
+      to_port     = ingress.value
+      protocol    = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+    }
+  }
+}