wip fix(terraform): evaluate inline checks for looped modules #6793
+174
−0
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
User description
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
The inline comment checker for enriched plan checking, currently works by looking up exceptions using the name of the module, in form
module.module_name
, even when there is a count or for_each set on the resource.When we then loop through the resources in the plan to look up their enrichments, this lookup fails as we're using
module.module_name[index]
. This PR proves that this is the case by introducing a new test that fails, and then fixes that test.Fixes #6113
Checklist:
Generated description
Dear maintainer, below is a concise technical summary of the changes proposed in this PR:
Fix the inline comment checker for enriched plan checking by addressing the issue with module name lookups when using
count
orfor_each
in Terraform modules. TheReport
class incheckov/common/output/report.py
is updated to correctly handle module paths by ignoring indices in module names. New tests are added intest_runner_registry_plan_enrichment.py
to validate the fix, ensuring that checks are correctly skipped for looped modules. The test setup includes Terraform configuration files and a plan JSON file to simulate the scenario.count
orfor_each
in Terraform modules.Modified files (1)
Latest Contributors(2)
Modified files (4)
Latest Contributors(2)