Skip to content

fix(secure-team): prevent panic when zone_ids is computed from for_each resources #689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tembleking wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix(secure-team): prevent panic when zone_ids is computed from for_each resources #689

tembleking wants to merge 2 commits into from

Conversation

@tembleking
Copy link
Member

@tembleking tembleking commented Feb 2, 2026

Summary

  • Fix provider crash when sysdig_secure_team.zone_ids references IDs from sysdig_secure_zone resources created with for_each
  • Add IsKnown() checks before calling AsValueSlice() and True() on cty values in CustomizeDiff

Problem

When using dynamic zone wiring like this:

resource "sysdig_secure_zone" "zones" {
  for_each = local.teams
  name     = "Zone-${each.key}"
  # ...
}

resource "sysdig_secure_team" "teams" {
  for_each = local.teams
  name     = "Team-${each.key}"
  zone_ids = [sysdig_secure_zone.zones[each.key].id]
}

The provider panics during terraform plan:

panic: value is not known
github.com/hashicorp/go-cty/cty.Value.AsValueSlice(...)
github.com/draios/terraform-provider-sysdig/sysdig/resource_sysdig_secure_team.go:34

Root Cause

In CustomizeDiff, the code calls AsValueSlice() and True() on cty values without checking if they are known first. When zone_ids depends on resources being created in the same plan (via for_each), the value is cty.UnknownVal(cty.List(cty.Number)). Calling AsValueSlice() on an unknown value causes a panic.

Solution

Add IsKnown() checks before accessing cty values:

// Before
if !zoneIDsPlan.IsNull() && len(zoneIDsPlan.AsValueSlice()) > 0 {

// After  
if !zoneIDsPlan.IsNull() && zoneIDsPlan.IsKnown() && len(zoneIDsPlan.AsValueSlice()) > 0 {

When values are unknown during plan, the validation is safely skipped and will execute during apply when values become known.

@tembleking
fix(secure-team): prevent panic when zone_ids is computed from for_ea…
d798f14 
…ch resources

When using `for_each` to create multiple `sysdig_secure_zone` resources
and referencing their IDs dynamically in `sysdig_secure_team.zone_ids`,
the provider crashes during `terraform plan` with:

    panic: value is not known

This happens because `CustomizeDiff` calls `AsValueSlice()` and `True()`
on cty values without first checking if they are known. When zone_ids
depends on resources being created in the same plan, the entire list is
a cty.UnknownVal, and these methods panic on unknown values.

The fix adds `IsKnown()` checks before accessing the values. When values
are unknown during plan, the validation is skipped and will run during
apply when values become known.
@tembleking tembleking enabled auto-merge (squash) February 2, 2026 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@airadier airadier airadier approved these changes

@alecron alecron alecron approved these changes

@mateobur mateobur Awaiting requested review from mateobur mateobur is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tembleking @airadier @alecron