Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
fix(terraform): for_each/count attribute wasn't rendering if referencing a dynamic variable of a higher level module
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
[//]: # "
PR Title
Be aware that we use the title to create changelog automatically and therefore only allow specific prefixes
- break: to indicate a breaking change, this supersedes any of the types
- feat: to indicate new features or checks
- fix: to indicate a bugfix or handling of edge cases of existing checks
- docs: to indicate an update to our documentation
- chore: to indicate adjustments to workflow files or dependency updates
- platform: to indicate a change needed for the platform
Additionally a scope is needs to be added to the prefix, which indicates the targeted framework, in doubt choose 'general'.
#
Allowed prefixs:
ansible|argo|arm|azure|bicep|bitbucket|circleci|cloudformation|dockerfile|github|gha|gitlab|helm|kubernetes|kustomize|openapi|sast|sca|secrets|serverless|terraform|general|graph|terraform_plan|terraform_json
#
ex.
feat(terraform): add CKV_AWS_123 to ensure that VPC Endpoint Service is configured for Manual Acceptance
"
Description
In cases where a nested module/resource incorporated a for_each/count attribute that was referencing a dynamic variable the graph didn't render well and therefore not a resources created.
To fix this we introduces a slightly modified approach of graph traversal, BFS alike.
Rather that rendering dynamic variables after duplicating all modules, we are now rendering variables at each level.
![Uploading image.png…]()
For example, in the graph above:
First duplicate Module into Module[A] and Module[B] and also render variables relevant for this level.
Next, we duplicate the leaf modules and their variables
Checklist:
[x] My code follows the style guidelines of this project
[ ] I have performed a self-review of my own code
[x] I have commented my code, particularly in hard-to-understand areas
[ ] I have made corresponding changes to the documentation
[x] I have added tests that prove my feature, policy, or fix is effective and works
[x] New and existing tests pass locally with my changes
[ ] Any dependent changes have been merged and published in downstream modules
fix(terraform):
for_each/countattribute wasn't rendering if referencing a dynamic variable of a higher level moduleBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
[//]: # "
PR Title
"
Description
In cases where a nested module/resource incorporated a
for_each/countattribute that was referencing a dynamic variable the graph didn't render well and therefore not a resources created.To fix this we introduces a slightly modified approach of graph traversal, BFS alike. Rather that rendering dynamic variables after duplicating all modules, we are now rendering variables at each level.
![Uploading image.png…]()
For example, in the graph above:
ModuleintoModule[A]andModule[B]and also render variables relevant for this level.Checklist: