search

mattray / inspec-iggy

InSpec CLI plugin for generating compliance controls from Terraform and CloudFormation
Apache License 2.0
106 stars 18 forks source link

Issue with resources using state version 4 #41

Open jnahelou opened 3 years ago

jnahelou commented 3 years ago

Hello,

Due to change from attributes to attributes_flat in tfstate for resources using state version 4 of terraform, inspec crash with the following error : 

bundle exec inspec terraform generate --name iggy -t prod.tfstate --platform gcp --resourcepath ~/perso/inspec-gcp-orig/inspec-gcp/ --debug
[2021-04-09T10:59:20+02:00] DEBUG: Iggy::FileHelper.parse_json file = prod.tfstate
[2021-04-09T10:59:21+02:00] DEBUG: Iggy::Terraform.Generate.parse_generate resource_type = archive_file SKIPPED
[2021-04-09T10:59:21+02:00] DEBUG: Iggy::Terraform.Generate.parse_generate resource_type = google_cloudfunctions_function SKIPPED
[2021-04-09T10:59:21+02:00] DEBUG: Iggy::Terraform.Generate.parse_generate resource_type = google_monitoring_alert_policy SKIPPED
[2021-04-09T10:59:21+02:00] DEBUG: Iggy::Terraform.Generate.parse_generate resource_type = google_monitoring_notification_channel SKIPPED
[2021-04-09T10:59:21+02:00] DEBUG: Iggy::Terraform::Generate.parse_resources resource_type = google_project_service MATCHED
Traceback (most recent call last):
        19: from ...default/vendor/bundle/ruby/2.7.0/bin/inspec:23:in `<main>'
        18: from ...default/vendor/bundle/ruby/2.7.0/bin/inspec:23:in `load'
        17: from ...default/vendor/bundle/ruby/2.7.0/gems/inspec-bin-4.31.1/bin/inspec:11:in `<top (required)>'
        16: from ...default/vendor/bundle/ruby/2.7.0/gems/inspec-core-4.31.1/lib/inspec/base_cli.rb:35:in `start'
        15: from ...default/vendor/bundle/ruby/2.7.0/gems/thor-1.1.0/lib/thor/base.rb:485:in `start'
        14: from ...default/vendor/bundle/ruby/2.7.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
        13: from ...default/vendor/bundle/ruby/2.7.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
        12: from ...default/vendor/bundle/ruby/2.7.0/gems/thor-1.1.0/lib/thor/command.rb:27:in `run'
        11: from ...default/vendor/bundle/ruby/2.7.0/gems/thor-1.1.0/lib/thor.rb:243:in `block in subcommand'
        10: from ...default/vendor/bundle/ruby/2.7.0/gems/thor-1.1.0/lib/thor/invocation.rb:116:in `invoke'
         9: from ...default/vendor/bundle/ruby/2.7.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
         8: from ...default/vendor/bundle/ruby/2.7.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
         7: from ...default/vendor/bundle/ruby/2.7.0/gems/thor-1.1.0/lib/thor/command.rb:27:in `run'
         6: from /home/jnahelou/.inspec/gems/2.7.0/gems/inspec-iggy-0.8.0/lib/inspec-iggy/terraform/cli_command.rb:83:in `generate'
         5: from /home/jnahelou/.inspec/gems/2.7.0/gems/inspec-iggy-0.8.0/lib/inspec-iggy/terraform/generate.rb:20:in `parse_generate'
         4: from /home/jnahelou/.inspec/gems/2.7.0/gems/inspec-iggy-0.8.0/lib/inspec-iggy/terraform/generate.rb:34:in `parse_resources'
         3: from /home/jnahelou/.inspec/gems/2.7.0/gems/inspec-iggy-0.8.0/lib/inspec-iggy/terraform/generate.rb:34:in `each'
         2: from /home/jnahelou/.inspec/gems/2.7.0/gems/inspec-iggy-0.8.0/lib/inspec-iggy/terraform/generate.rb:50:in `block in parse_resources'
         1: from /home/jnahelou/.inspec/gems/2.7.0/gems/inspec-iggy-0.8.0/lib/inspec-iggy/terraform/generate.rb:50:in `each'
/home/jnahelou/.inspec/gems/2.7.0/gems/inspec-iggy-0.8.0/lib/inspec-iggy/terraform/generate.rb:51:in `block (2 levels) in parse_resources': undefined method `[]' for nil:NilClass (NoMethodError)

So I updated locally to switch from attributes to attributes_flat in the file https://github.com/mattray/inspec-iggy/blob/42c7f385cde29335e06e946d06f7dfda74621ce4/lib/inspec-iggy/terraform/generate.rb#L51

--- /home/jnahelou/.inspec/gems/2.7.0/gems/inspec-iggy-0.8.0/lib/inspec-iggy/terraform/generate.rb.old  2021-04-09 10:56:39.563452781 +0200
+++ /home/jnahelou/.inspec/gems/2.7.0/gems/inspec-iggy-0.8.0/lib/inspec-iggy/terraform/generate.rb      2021-04-09 10:57:01.507302525 +0200
@@ -48,8 +48,8 @@
         if InspecPlugins::Iggy::InspecHelper.available_resources.include?(resource_type)
           Inspec::Log.debug "Iggy::Terraform::Generate.parse_resources resource_type = #{resource_type} MATCHED"
           tf_res["instances"].each do |instance|
-            resource_id = instance["attributes"]["id"]
-            resource_attributes = instance["attributes"]
+            resource_attributes = instance.key?("attributes") ? instance["attributes"] : instance["attributes_flat"]
+            resource_id = resource_attributes["id"]
             resources[resource_type][resource_id] = resource_attributes
           end
         else
mattray commented 3 years ago

I haven't spent much time on this project for the last year, but if you want to submit a PR I'll merge it for now and hopefully find some time to test newer releases of Terraform.