trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 1 month ago verified publisher icon aquasecurity

fix(terraform): set null value as fallback for missing variables

Open albertodonato opened this issue 1 year ago • 8 comments

Description

This adds a default null value for variables that don't get a value (either supplied or default). It allows expressions using those variables to be evaluated, rather than just be set to null. E.g

variable "v" {
  type = string
}

locals {
  l = ["foo", var.v]
  d = {"foo": var.v}
}

would produce l = ["foo" null] and d = {"foo": null} rather than just being both null.

Checklist

  • [x] I've read the guidelines for contributing to this repository.
  • [x] I've followed the conventions in the PR title.
  • [x] I've added tests that prove my fix is effective or that my feature works.
  • [ ] I've updated the documentation with the relevant information (if needed).
  • [ ] I've added usage information (if the PR introduces new options)
  • [ ] I've included a "before" and "after" example to the description (if the PR is a user interface change).

albertodonato avatar Oct 08 '24 07:10 albertodonato

@nikpivkin tests are red due to the rate limit issue, it lgtm, should we merge it?

simar7 avatar Oct 10 '24 04:10 simar7

thanks for your contribution, @albertodonato

simar7 avatar Oct 10 '24 04:10 simar7

Hi @albertodonato ! I'm wondering what problem this solves. Do you have an example?

variable "v" {
  type = string
}

locals {
  l = ["foo", var.v]
  d = {"foo": var.v}
}

In the configuration above, local.l would equal [“foo”, cty.unknownType], a local.d would equal {“foo”: cty.unknownType}.

nikpivkin avatar Oct 10 '24 09:10 nikpivkin

@nikpivkin as mentioned above, in my test without this change, the locals would get set to null because the variable is unknown, whereas with this change you at least get the expected type (list, map) with null values.

albertodonato avatar Oct 11 '24 09:10 albertodonato

FWIW similar behavior happens with data references when the data attribute isn't defined, but that seems to take a different path in code

albertodonato avatar Oct 11 '24 09:10 albertodonato

@simar7 I restarted the tests and they passed

nikpivkin avatar Oct 11 '24 10:10 nikpivkin

locals would get set to null because the variable is unknown

The value does not become null if one of the elements is unknown. I have given an example above.

nikpivkin avatar Oct 11 '24 10:10 nikpivkin

locals would get set to null because the variable is unknown

The value does not become null if one of the elements is unknown. I have given an example above.

If you revert my change the added test fails on the s (which is null) and similarly l2 and d2 seem to be null. Perhaps there's a way to make a more explicit check for the actual value in the tests? I didn't find one.

albertodonato avatar Oct 11 '24 15:10 albertodonato

@nikpivkin would it be possible to merge this, or is something needed on my side?

albertodonato avatar Oct 29 '24 14:10 albertodonato

@simar7 can you take a look?

nikpivkin avatar Oct 29 '24 15:10 nikpivkin