bridgecrewio
fix(terraform): Fixed bug in loading tf managed modules
User description
getting list of distinct modules should happen after we replace with tf managed modules.
Recreating issue steps:
- Using below code in a main.tf file, run terraform init.
- run checkov with following command:
CHECKOV_EXPERIMENTAL_TERRAFORM_MANAGED_MODULES=True checkov -d ./ - None of the resources from the modules are loaded.
Summarized results are:
Passed checks: 1, Failed checks: 1, Skipped checks: 0
After proposedchanges we get:
Passed checks: 70, Failed checks: 5, Skipped checks: 0
Sample of TF Code that causes issue:
provider aws{
region = "us-gov-west-1"
skip_requesting_account_id = true
skip_credentials_validation = true
skip_metadata_api_check = true
access_key = "mock-access-key"
secret_key = "mock-access-key"
}
module "tag_0" {
source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=v5.0.0"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
tags = {
Terraform = "true"
Environment = "dev"
}
}
# Run Terraform INIT with this commented out.
# OR run it with this uncommented and change the module name
# This causes Checkov to not load the other module of same source
/*
module "tag_01" {
source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=v5.0.0"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
private_subnets = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]
public_subnets = ["10.0.111.0/24", "10.0.112.0/24", "10.0.113.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
tags = {
Terraform = "true"
Environment = "dev"
}
}
*/
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.
Fixes # (issue)
New/Edited policies (Delete if not relevant)
Description
Include a description of what makes it a violation and any relevant external links.
Fix
How does someone fix the issue in code and/or in runtime?
Checklist:
- [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] I have added tests that prove my feature, policy, or fix is effective and works
- [ ] New and existing tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream modules
Generated description
Dear maintainer, below is a concise technical summary of the changes proposed in this PR:
Fix the bug in load_tf_modules function by ensuring Terraform managed modules are loaded before extracting distinct modules. This change addresses the issue where resources from modules were not being loaded correctly. Additionally, update test cases in main.tf to verify module loading behavior with different module configurations and comments.
| Topic | Details | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Module Loading Fix | Fix the module loading process by ensuring Terraform managed modules are loaded before extracting distinct modules.Modified files (1)
Latest Contributors(2)
| |||||||||
| Test Case Update | Update test cases to verify module loading behavior with different module configurations and comments.Modified files (1)
Latest Contributors(2)
|
@rubengm13 thank you for the contribution. Please let us know when you're able to add some tests.
