search

terraform-compliance / cli

a lightweight, security focused, BDD test framework against terraform.
https://terraform-compliance.com
MIT License
1.34k stars 151 forks source link

When condition on resource which has its own type property fails #731

Open imens-frankd opened 5 months ago

imens-frankd commented 5 months ago

When condition on resource which has its own type property fails

Since azuread_application_permission_scope doesn't have a name property I want to exlude it from the scenario that I use to ensure all resource names are lower case. I have done the same for azuread_application which works. It doesn't work for azuread_application_permission_scope and the test fails. I suspect that it has something to do with the fact that azuread_application_permission_scope itself has a property called type.

To Reproduce

Feature File:

@case-sensitive
Scenario: Ensure all azure ad resource names are all lowercase
    Given I have resource that supports name defined
    When its provider_name is registry.terraform.io/hashicorp/azuread
    When its type is not azuread_application
    When its type is not azuread_application_permission_scope
    Then it must have name
    And its value must match the "^[a-z-0-9]+$" regex

Plan File:

Sample Terraform Code:

resource "azuread_application_permission_scope" "example" {
  application_id             = azuread_application.app.id
  admin_consent_description  = "Example permission"
  admin_consent_display_name = "example-permission"
  scope_id                   = random_uuid.uuid_permission_scope.id
  type                       = "Admin"
  value                      = "example-permission"
}

Used terraform-compliance Parameters:

podman run --rm -v ./:/target -i eerkunt/terraform-compliance -f features -p main.tfplan.json

Running via Docker:

Yes

Running container with podman v4.9.2

Error Output:

Test scenario fails

Expected Behavior:

Test scenario is skipped for resource of type azuread_application_permission_scope

Tested Versions:

Additional Context:

Using provider registry.terraform.io/hashicorp/azuread v2.47.0

imens-frankd commented 5 months ago

Below is part of the plan file that describes the resource

{"address":"azuread_application_permission_scope.example","mode":"managed","type":"azuread_application_permission_scope","name":"example","provider_name":"registry.terraform.io/hashicorp/azuread","schema_version":0,"values":{"admin_consent_description":"Example permission","admin_consent_display_name":"example-permission","application_id":"/applications/8a6246ce-89f4-495d-b222-e8c3ae152e13","timeouts":null,"type":"Admin","user_consent_description":null,"user_consent_display_name":null,"value":"example-permission"},"sensitive_values":{}}