support for data resources?

[vrbcntrl]

Hi,

May I know if we have support for terraform data sources?
for example:
data "aws_autoscaling_group" "foo" { name = "foo" .......... }
is there a way to read the name or any attribute inside data block? Thanks in advance!

[eerkunt]

Technically possible. Marking as enhancement. Will have a look this weekend, hopefully.

[vrbcntrl]

thank you!

[eerkunt]

Could you please try your cases with 1.0.11 ?

Also please let me know about the use cases, I couldn't find much by myself really.

[vrbcntrl]

Thanks for the quick turnaround.
I took the aws_avaialability_zones data source example from terraform site and ran terraform plan it and generated the plan.out and plan.json, however the data.example.feature failed with Error:

Scenario: Subnet Count SKIPPING: Can not find aws_availability_zones defined in target terraform plan. Given I have aws_availability_zones defined When it contains zone_ids And I count them Then I expect the result is greater than 2

and when I see the plan.json, it actually has the data block as shown below

{ "address": "data.aws_availability_zones.available", "mode": "data", "type": "aws_availability_zones", "name": "available", "provider_config_key": "aws", "expressions": { "state": { "constant_value": "available" } }, "schema_version": 0 }

however for some reason, TC could not recognize that data block.
I have attached my test terraform file, plan.json and results screen shot for your reference.
Please let me know if am doing anything wrong here... thanks!
111.zip

[vrbcntrl]

I think I found the reason why TC is not able to recognize the data block in the plan json

The hierarchy of resources for standard resource is like this, i.e. planned_values >root_module>resources as shown in below screen shot

However, for data resources, the hierarchy is little different, it is configuration>root_module>resources as shown in below screen shot

so, I changed terraform.py , line#84 inside def _parse_resources(self) function with the below code
# Resources ( exists in Plan ) for findings in seek_key_in_dict(self.raw.get('configuration', {}).get('root_module', {}), 'resources'):

then my BDD is able to recognize the data resource, however my when and Then steps were failing, so I had to change the def it_condition_contain_something(_step_obj, something): in steps.py

after the above changes, my BDD has passed 2 steps but I think we still need to make changes to steps.py for handling data resources as they are different from standard resources.

below is my data resource from plan json

[eerkunt]

Smashing issue report :D

Will have a look after I fix another bug that I am in the middle of it.

[eerkunt]

Could you please have a try with 1.0.15 version ?

[vrbcntrl]

Awesome...Thanks for the quick turnaround.
However, we have some good and bad news..
Good news is, the Data Resources tests are working as expected
Bad news is, the standard resources tests are failing with errors.. the same testes were executed successfully before 1.0.15. I ran a test with a standard resources use case and it failed with errors
Example :

my tf has the below configuration for the 2 encryption properties

at_rest_encryption_enabled = true
transit_encryption_enabled = false

And the test gets executed successfully when I have both the above properties set to true, however when any of the properties set to false, the tool fails to read and throws AttributeError

Terraform configuration

[eerkunt]

#90

[eerkunt]

That's why we need #74 :(

Fixing this problem.

[eerkunt]

Can you please try with 1.0.16 ?

[vrbcntrl]

Thank you!
Its working as expected now, however the I think the Failure message is little bit confusing, pls see below

Examples:
| encryption | value |
| at_rest_encryption_enabled | true |
| transit_encryption_enabled | true |
Failure: transit_encryption_enabled property in False named aws_elasticache_replication_group resource does not match with true regex. It is set to False.

[eerkunt]

Thanks for testing. Error message will be fixed in 1.0.17 along with another fix.

[andrewjkeith]

So I am trying to test a data source but it keeps saying it can't find it. I am trying to test the filter conditions on the aws_ami data source.

data "aws_ami" "amazon_ami" {
  most_recent = true
  owners = ["xxxxx"]
  filter {
    name   = "name"
    values = ["test-name"]
  }
}

And my scenario is :
Scenario: AMI enforcement on EC2 instances
  Given I have aws_ami defined
  When it contains a filter
  Then it must contain name
  And its value must be name


I see the appropriate JSON like above in the plan ouput, but it still says it cant find `aws_ami`

[eerkunt]

hi @andrewjkeith,

It is better to re-open the issue or create a new issue in these situations :)

It couldn't find, because you are looking for a resource. https://terraform-compliance.com/pages/bdd-references/given.html#given-i-have-name-defined

Can you try with ;

Scenario: AMI enforcement on EC2 instances
  Given I have aws_ami data configured
  When it contains a filter
  Then it must contain name
  And its value must be name

[andrewjkeith]

Sorry, didnt realize I could re-open issues.

But yes, thank you, that worked!

It ultimately ended up being (without the 'a' in the when):

Scenario: AMI enforcement on EC2 instances
  Given I have aws_ami data configured
  When it contains filter
  Then it must contain name
  And its value must be name

[eerkunt]

Glad that it worked! 🎉

Closing the issue, please don't hesitate to re-open this or open a new issue! :)