Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SecurityGroupIngress self_attribute not converted to self

See original GitHub issue

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave “+1” or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

cdktf & Language Versions

Terraform 0.12.29
cdktf 0.0.13
Python 3.8.2

Affected Resource(s)

AWS Security Group Ingress

Overview

allow = SecurityGroupIngress(
  cidr_blocks=['8.8.8.8/32'],
  ipv6_cidr_blocks=[],
  protocol='tcp',
  from_port=5432,
  to_port=5432,
  description="Allow",
  prefix_list_ids=[],
  security_groups=[],
  self_attribute=False
)

SecurityGroup(
  self, sec_group_name, vpc_id=vpc_id, ingress=[allow]
)

This synthesizes, but terraform plan fails this way:

Error: Incorrect attribute value type

  on cdk.tf.json line 76, in resource.aws_security_group.partneranalyticsdevuseast1_partneranalyticsdevuseast1sg_06726120:
  76:         "ingress": [
  77:           {
  78:             "cidr_blocks": [
  79:               "8.8.8.8/32"
  80:             ],
  81:             "description": "Allow",
  82:             "from_port": 5432,
  83:             "ipv6_cidr_blocks": [],
  84:             "prefix_list_ids": [],
  85:             "protocol": "tcp",
  86:             "security_groups": [],
  87:             "self_attribute": false,
  88:             "to_port": 5432
  89:           }
  90:         ],

Inappropriate value for attribute "ingress": element 0: attribute "self" is
required.

self_attribute is valid in Python and I assume it’s intentionally named that to avoid conflict with Python’s self keyword. But it’s not valid in Terraform - it needs to be self in the output.

Editing cdktf.out manually and replacing self_attribute with self is what I’ll use as a temporary work-around.

Expected Behavior

Plan passes.

Actual Behavior

See above for error.

Steps to Reproduce

Here’s a repo with a full example:

https://github.com/cmclaughlin/terraform-cdk-sgbug

References

By the way, self is normally an optional value for security groups. However, according to this issue it’s required when using JSON instead of HCL. Sounds like there’s not much we can do about that from the cdktf perspective, but if so that would be nice.

https://github.com/hashicorp/terraform/issues/23347

Issue Analytics

State:
Created 3 years ago
Reactions:5
Comments:14 (8 by maintainers)

Top GitHub Comments

1reaction

kstewart83commented, Oct 16, 2020

You don’t have to patch the output file for Typescript, you just have to disable the error and provide the right attribute name which is not a reserved word or an issue in JSON. Here’s an example:

egress: [{
  description: "Allow all to anywhere IPv4",
  fromPort: 0,
  toPort: 0,
  protocol: "-1",
  cidrBlocks: ["0.0.0.0/0"],
  ipv6CidrBlocks: [],
  prefixListIds: [],
  securityGroups: [],
  // @ts-ignore: https://github.com/hashicorp/terraform-cdk/issues/282
  self: false
}]

1reaction

cmclaughlincommented, Aug 22, 2020

Here’s the sed command I’ve been running - just a simple CLI command after synth but before plan/apply:

sed -i 's/self_attribute/self/' cdk.tf.json