Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wip fix(terraform): evaluate inline checks for looped modules #6793

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

Alex-Waring
Copy link

@Alex-Waring Alex-Waring commented Oct 24, 2024

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

The inline comment checker for enriched plan checking, currently works by looking up exceptions using the name of the module, in form module.module_name, even when there is a count or for_each set on the resource.

When we then loop through the resources in the plan to look up their enrichments, this lookup fails as we're using module.module_name[index]. This PR proves that this is the case by introducing a new test that fails, and then fixes that test.

Fixes #6113

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

Generated description

Dear maintainer, below is a concise technical summary of the changes proposed in this PR:

Fix the inline comment checker for enriched plan checking by addressing the issue with module name lookups when using count or for_each in Terraform modules. The Report class in checkov/common/output/report.py is updated to correctly handle module paths by ignoring indices in module names. New tests are added in test_runner_registry_plan_enrichment.py to validate the fix, ensuring that checks are correctly skipped for looped modules. The test setup includes Terraform configuration files and a plan JSON file to simulate the scenario.

TopicDetails
Inline Checker Fix Fix the inline comment checker for enriched plan checking by addressing the issue with module name lookups when using count or for_each in Terraform modules.
Modified files (1)
  • checkov/common/output/report.py
Latest Contributors(2)
EmailCommitDate
146818014+sourava01@us...feat-github-add-summar...May 05, 2024
[email protected]fix-graph-remove-SCA-r...February 11, 2024
Test Enhancements Add tests to validate the fix for module name lookups in looped modules, ensuring checks are correctly skipped.
Modified files (4)
  • tests/common/runner_registry/test_runner_registry_plan_enrichment.py
  • tests/common/runner_registry/plan_with_looped_module/tf/tfplan.json
  • tests/common/runner_registry/plan_with_looped_module/tf/main.tf
  • tests/common/runner_registry/plan_with_looped_module/mod_ref/main.tf
Latest Contributors(2)
EmailCommitDate
[email protected]...feat-terraform-Remove-...August 16, 2023
63583491+arielkru@user...feat-terraform-Impleme...December 01, 2022
This pull request is reviewed by Baz. Join @Alex-Waring and the rest of your team on (Baz).

@Alex-Waring Alex-Waring changed the title fix(terraform): evaluate inline checks for looped modules wip fix(terraform): evaluate inline checks for looped modules Oct 25, 2024
@cristian-rincon
Copy link

cristian-rincon commented Nov 13, 2024

Hi 👋 @Alex-Waring , do you have any workaround while we are waiting for your PR to be merged?

@Alex-Waring
Copy link
Author

Hi @cristian-rincon, no there's no workaround. This is only WIP because it's just a partial fix, I can always come back if this gets merged.

If you have any way of getting this looked at feel free, it passes all tests so can be merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

terraform_plan - modules - for_each / count issues
4 participants