From 3dd17e671a5d12e423057e15727a8dad1da42f26 Mon Sep 17 00:00:00 2001 From: William Reade Date: Tue, 12 Mar 2024 13:32:55 +0000 Subject: [PATCH 1/3] fix: better(?) submodule evaluation order --- gotfparse/go.mod | 2 ++ gotfparse/go.sum | 4 +-- tests/terraform/module-in-out/main.tf | 24 ++++++++++++++++ .../module-in-out/module/bucket/main.tf | 7 +++++ .../module-in-out/module/tags/main.tf | 22 +++++++++++++++ tests/test_tfparse.py | 28 +++++++++++++++++++ 6 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 tests/terraform/module-in-out/main.tf create mode 100644 tests/terraform/module-in-out/module/bucket/main.tf create mode 100644 tests/terraform/module-in-out/module/tags/main.tf diff --git a/gotfparse/go.mod b/gotfparse/go.mod index d434dfb..5ec163c 100644 --- a/gotfparse/go.mod +++ b/gotfparse/go.mod @@ -66,3 +66,5 @@ require ( google.golang.org/grpc v1.60.1 // indirect google.golang.org/protobuf v1.32.0 // indirect ) + +replace github.com/aquasecurity/defsec v0.93.1 => github.com/fwereade/defsec v0.93.2-0.20240312130557-6f84121175f8 diff --git a/gotfparse/go.sum b/gotfparse/go.sum index ca4844c..7d3aaa8 100644 --- a/gotfparse/go.sum +++ b/gotfparse/go.sum @@ -203,8 +203,6 @@ github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4t github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aquasecurity/defsec v0.93.1 h1:y4XgRknjs2M58XVLANBT1wulO7N6Rz1oyfwNuzID+h4= -github.com/aquasecurity/defsec v0.93.1/go.mod h1:i80K4WRNbcIWDOQDWnTHkutBwplzw/uZD4laKbhu4sE= github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.49.16 h1:KAQwhLg296hfffRdh+itA9p7Nx/3cXS/qOa3uF9ssig= github.com/aws/aws-sdk-go v1.49.16/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= @@ -251,6 +249,8 @@ github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBF github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fwereade/defsec v0.93.2-0.20240312130557-6f84121175f8 h1:1lLXVSev5bh2bi6fppsf/OGiyeuP3ixzUGtBXQtDPS8= +github.com/fwereade/defsec v0.93.2-0.20240312130557-6f84121175f8/go.mod h1:i80K4WRNbcIWDOQDWnTHkutBwplzw/uZD4laKbhu4sE= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/go-billy/v5 v5.4.0 h1:Vaw7LaSTRJOUric7pe4vnzBSgyuf2KrLsu2Y4ZpQBDE= diff --git a/tests/terraform/module-in-out/main.tf b/tests/terraform/module-in-out/main.tf new file mode 100644 index 0000000..45ab819 --- /dev/null +++ b/tests/terraform/module-in-out/main.tf @@ -0,0 +1,24 @@ +variable "tags" { + type = map(any) + default = { + env = "dev" + app = "weather" + } +} + + +module "tags_base" { + source = "./module/tags" + tags_base = var.tags +} + + +locals { + default_tags = module.tags_base.tags +} + + +module "bucket" { + source = "./module/bucket" + default_tags = local.default_tags +} diff --git a/tests/terraform/module-in-out/module/bucket/main.tf b/tests/terraform/module-in-out/module/bucket/main.tf new file mode 100644 index 0000000..e641fce --- /dev/null +++ b/tests/terraform/module-in-out/module/bucket/main.tf @@ -0,0 +1,7 @@ +resource "aws_s3_bucket" "bucket_module" { + tags = var.default_tags +} + +variable "default_tags" { + type = map(string) +} diff --git a/tests/terraform/module-in-out/module/tags/main.tf b/tests/terraform/module-in-out/module/tags/main.tf new file mode 100644 index 0000000..397e03f --- /dev/null +++ b/tests/terraform/module-in-out/module/tags/main.tf @@ -0,0 +1,22 @@ + +variable "tags_base" { + type = map(any) + default = {} +} + +variable "additional_tags" { + type = map(string) + default = {} +} + + +locals { + tags = { + "app-id" = "static" + } + +} + +output "tags" { + value = merge(local.tags, var.tags_base, var.additional_tags) +} diff --git a/tests/test_tfparse.py b/tests/test_tfparse.py index 58f33c3..15effa5 100644 --- a/tests/test_tfparse.py +++ b/tests/test_tfparse.py @@ -423,3 +423,31 @@ def test_modules_located_above_root(tmp_path): assert output1["value"] == "hello-world" assert output2["__tfmeta"]["path"] == "module.test.output.output" assert output2["value"] == "testing" + + +def test_module_input_output(tmp_path): + root_path = init_module("module-in-out", tmp_path) + parsed = load_from_path(root_path) + + asserted_tags = {"app": "weather", "app-id": "static", "env": "dev"} + # check output from tag module + assert parsed["output"][0]["value"] == asserted_tags + + # check root module local default tags variable + found = False + for localv in parsed["locals"]: + if localv["__tfmeta"]["filename"] == "main.tf" and "default_tags" in localv: + found = True + assert localv["default_tags"] == asserted_tags + assert found + + # check bucket module input has correct value + found = False + for module in parsed["module"]: + if module["__tfmeta"]["label"] == "bucket" and "default_tags" in module: + found = True + assert module["default_tags"] == asserted_tags + assert found + + # check the bucket has the tags + assert parsed["aws_s3_bucket"][0]["tags"] == asserted_tags From 65a2400aafb22243b5909d10a47a1fba128bcaf2 Mon Sep 17 00:00:00 2001 From: William Reade Date: Wed, 20 Mar 2024 11:31:33 +0000 Subject: [PATCH 2/3] re-eval modules instead of trying to sort --- gotfparse/go.mod | 2 +- gotfparse/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gotfparse/go.mod b/gotfparse/go.mod index 5ec163c..8629f17 100644 --- a/gotfparse/go.mod +++ b/gotfparse/go.mod @@ -67,4 +67,4 @@ require ( google.golang.org/protobuf v1.32.0 // indirect ) -replace github.com/aquasecurity/defsec v0.93.1 => github.com/fwereade/defsec v0.93.2-0.20240312130557-6f84121175f8 +replace github.com/aquasecurity/defsec v0.93.1 => github.com/fwereade/defsec v0.93.2-0.20240320112503-31b908f8c7bf diff --git a/gotfparse/go.sum b/gotfparse/go.sum index 7d3aaa8..4b49f1d 100644 --- a/gotfparse/go.sum +++ b/gotfparse/go.sum @@ -249,8 +249,8 @@ github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBF github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fwereade/defsec v0.93.2-0.20240312130557-6f84121175f8 h1:1lLXVSev5bh2bi6fppsf/OGiyeuP3ixzUGtBXQtDPS8= -github.com/fwereade/defsec v0.93.2-0.20240312130557-6f84121175f8/go.mod h1:i80K4WRNbcIWDOQDWnTHkutBwplzw/uZD4laKbhu4sE= +github.com/fwereade/defsec v0.93.2-0.20240320112503-31b908f8c7bf h1:V222LCXSrluan0KfkQFewLncsEOZ31THFBFKLgePohI= +github.com/fwereade/defsec v0.93.2-0.20240320112503-31b908f8c7bf/go.mod h1:i80K4WRNbcIWDOQDWnTHkutBwplzw/uZD4laKbhu4sE= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/go-billy/v5 v5.4.0 h1:Vaw7LaSTRJOUric7pe4vnzBSgyuf2KrLsu2Y4ZpQBDE= From 6d19b9a53d838f1572fab56d037f3f2000306582 Mon Sep 17 00:00:00 2001 From: William Reade Date: Fri, 22 Mar 2024 12:23:54 +0000 Subject: [PATCH 3/3] point at cloud-custodian/defsec --- gotfparse/go.mod | 2 +- gotfparse/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gotfparse/go.mod b/gotfparse/go.mod index 8629f17..5ffc562 100644 --- a/gotfparse/go.mod +++ b/gotfparse/go.mod @@ -67,4 +67,4 @@ require ( google.golang.org/protobuf v1.32.0 // indirect ) -replace github.com/aquasecurity/defsec v0.93.1 => github.com/fwereade/defsec v0.93.2-0.20240320112503-31b908f8c7bf +replace github.com/aquasecurity/defsec v0.93.1 => github.com/cloud-custodian/defsec v0.93.2-0.20240322122006-69f7f1796542 diff --git a/gotfparse/go.sum b/gotfparse/go.sum index 4b49f1d..f590e87 100644 --- a/gotfparse/go.sum +++ b/gotfparse/go.sum @@ -218,6 +218,8 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloud-custodian/defsec v0.93.2-0.20240322122006-69f7f1796542 h1:JhRWMiuTUVNh6Gl14u7Ov8we7cjVIezUhr85AbNiBas= +github.com/cloud-custodian/defsec v0.93.2-0.20240322122006-69f7f1796542/go.mod h1:i80K4WRNbcIWDOQDWnTHkutBwplzw/uZD4laKbhu4sE= github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -249,8 +251,6 @@ github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBF github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fwereade/defsec v0.93.2-0.20240320112503-31b908f8c7bf h1:V222LCXSrluan0KfkQFewLncsEOZ31THFBFKLgePohI= -github.com/fwereade/defsec v0.93.2-0.20240320112503-31b908f8c7bf/go.mod h1:i80K4WRNbcIWDOQDWnTHkutBwplzw/uZD4laKbhu4sE= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/go-billy/v5 v5.4.0 h1:Vaw7LaSTRJOUric7pe4vnzBSgyuf2KrLsu2Y4ZpQBDE=