Skip to content

Commit

Permalink
address #365 by properly handling submodule path
Browse files Browse the repository at this point in the history
  • Loading branch information
acc-jon committed Nov 6, 2020
1 parent 7a8e07f commit b92d331
Show file tree
Hide file tree
Showing 7 changed files with 113 additions and 4 deletions.
5 changes: 1 addition & 4 deletions pkg/iac-providers/terraform/v12/load-dir.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"fmt"
"os"
"path/filepath"
"strings"

"github.com/accurics/terrascan/pkg/iac-providers/output"
"github.com/accurics/terrascan/pkg/utils"
Expand Down Expand Up @@ -84,9 +83,7 @@ func (*TfV12) LoadIacDir(absRootDir string) (allResourcesConfig output.AllResour
if isLocalSourceAddr(req.SourceAddr) {
// determine the absolute path from root module to the sub module
// using *configs.ModuleRequest.Path field
pathArr := strings.Split(req.Path.String(), ".")
pathArr = pathArr[:len(pathArr)-1]
pathToModule = filepath.Join(absRootDir, filepath.Join(pathArr...), req.SourceAddr)
pathToModule = filepath.Join(absRootDir, req.Parent.SourceAddr, req.SourceAddr)
zap.S().Debugf("processing local module %q", req.SourceAddr)
} else {
// temp dir to download the remote repo
Expand Down
7 changes: 7 additions & 0 deletions pkg/iac-providers/terraform/v12/load-dir_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,13 @@ func TestLoadIacDir(t *testing.T) {
tfv12: TfV12{},
wantErr: nil,
},
{
name: "nested module directory",
tfConfigDir: "./testdata/deep-modules",
tfJSONFile: "./testdata/tfjson/deep-modules.json",
tfv12: TfV12{},
wantErr: nil,
},
}

for _, tt := range table2 {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
variable "m1projectid" {
type = string
default = "asdfasdf"
}

module "m2" {
source = "../m2"
m2versionyear = "2012"
m2versionmonth = "10"
m2versionday = "17"
m2bucketname = module.m3.fullbucketname
}
module "m3" {
source = "../m3"
m3bucketname = var.m1projectid
m3environment = "dev"
}


resource "aws_s3_bucket" "bucket" {
bucket = module.m3.fullbucketname
policy = module.m2.fullbucketpolicy
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
variable "m2versionyear" {
type = string
}
variable "m2versionmonth" {
type = string
}
variable "m2versionday" {
type = string
}
variable "m2bucketname" {
type = string
}
data "aws_iam_policy_document" "readbuckets" {
source_json = <<EOF
{
"Version":"${var.m2versionyear}-${var.m2versionmonth}-${var.m2versionday}",
"Statement":[
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::${var.m2bucketname}/*"]
}
]
}
EOF
}

output "fullbucketpolicy" {
value = data.aws_iam_policy_document.readbuckets.json
}
output "BucketARN" {
value = var.m2bucketname
}

Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
variable "m3bucketname" {
type = string
}
variable "m3environment" {
type = string
}

output "fullbucketname" {
value = "${var.m3bucketname}-${var.m3environment}"
}
output "sourcebucketname" {
value = var.m3bucketname
}
output "sourceenvironment" {
value = var.m3environment
}

14 changes: 14 additions & 0 deletions pkg/iac-providers/terraform/v12/testdata/deep-modules/template.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
terraform {
required_version = ">= 0.12.0"
}

provider "aws" {
version = "2.58.0"
region = "us-east-1"
}


module "m1" {
source = "./modules/m1"
m1projectid = "tf-test-project"
}
15 changes: 15 additions & 0 deletions pkg/iac-providers/terraform/v12/testdata/tfjson/deep-modules.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{
"aws_s3_bucket": [
{
"id": "aws_s3_bucket.bucket",
"name": "bucket",
"source": "modules/m1/main.tf",
"line": 20,
"type": "aws_s3_bucket",
"config": {
"bucket": "${module.m3.fullbucketname}",
"policy": "${module.m2.fullbucketpolicy}"
}
}
]
}

0 comments on commit b92d331

Please sign in to comment.