cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon terraform-compliance

Target Group ARN matching does not work work once the resource is created

Open ascheman opened this issue 4 years ago • 0 comments

Description

I have a scenario which tests for the value of a LB Listener target_group_arn which points to ARN reference of the respective LB target group. The test case works well as long as the resource is not created. Once it is available a subsequent execution of the test case runs into an error because the ARN is now resolved to its actual value.

To Reproduce

Unfortunately I cannot forward the .tf files nor the plan.out.json since it contains way to much confidential information.

Unfortunately I can only provide fragments of the TF files (see below)

Feature File:

    Given I have aws_lb_listener defined
    Then it must have default_action
    And it must have target_group_arn
    And its value must match the "^aws_lb_target_group\.lb-tg" regex

Plan File: To confidential

Sample Terraform Code:

resource "aws_lb_target_group" "lb-tg" {
  // ...
}

resource "aws_lb" "lb" {
  // ...
  load_balancer_type = "network"
  // ...
}

resource "aws_lb_listener" "lb-listener" {
  load_balancer_arn = aws_lb.lb.arn
  // ...

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.lb-tg.arn
  }
}

Used terraform-compliance Parameters: None

Running via Docker: No

Error Output: When the ressource is already created

    Scenario: Ensure the load balancer is using the given target group
        Given I have aws_lb_listener defined
        Then it must have default_action
        And it must have target_group_arn
                Failure: target_group_arn property in aws_lb_listener.lb-listener resource does not match with ^aws_lb_target_group\.lb-tg case insensitive regex. It is set to arn:aws:elasticloadbalancing:eu-central-1:xxx:targetgroup/LB-TG-xxx.
        And its value must match the "^aws_lb_target_group\.lb-tg" regex
          Failure:

Expected Behavior: This happens when the resource is not yet created:

    Scenario: Ensure the load balancer is using the given target group
          Given I have aws_lb_listener defined
          Then it must have default_action
          And it must have target_group_arn
          And its value must match the "^aws_lb_target_group\.lb-tg" regex

Tested Versions:

  • terraform-compliance version: 1.3.26
  • terraform version: 1.0.5
  • python version: 3.9.6

ascheman avatar Sep 02 '21 07:09 ascheman