Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve value handling #23

Open
wata727 opened this issue Feb 1, 2023 · 0 comments
Open

Improve value handling #23

wata727 opened this issue Feb 1, 2023 · 0 comments

Comments

@wata727
Copy link
Member

wata727 commented Feb 1, 2023

You have to write policies with many patterns in mind to cover all cases. For example:

  • Unknown values
  • Unknown values in the count meta-argument
  • Unknown values in the for_each meta-argument
  • Unknown values in dynamic blocks
  • Null
  • Undefined

See also https://github.com/terraform-linters/tflint-ruleset-opa/blob/v0.1.0/docs/handling_special_values.md

It can be frustrating to have to think about so much when writing a policy. Providing an option to fall back to the initial value of each type in the above cases might make it easier to write the policy.

The question is whether users prefer false positives or false negatives. The current design focuses to avoid false positives, but users who want to enforce policies prefer to avoid false negatives. We should think carefully about which one to default to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

1 participant