Skip to content

Commit

Permalink
fix(misconf): do not erase variable type for child modules (#7941)
Browse files Browse the repository at this point in the history
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
  • Loading branch information
nikpivkin authored Nov 22, 2024
1 parent 5448ba2 commit de3b7ea
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 3 deletions.
2 changes: 1 addition & 1 deletion pkg/iac/scanners/terraform/parser/evaluator.go
Original file line number Diff line number Diff line change
Expand Up @@ -471,7 +471,7 @@ func (e *evaluator) evaluateVariable(b *terraform.Block) (cty.Value, error) {

var val cty.Value

if override, exists := e.inputVars[b.Label()]; exists {
if override, exists := e.inputVars[b.Label()]; exists && override.Type() != cty.NilType {
val = override
} else if def, exists := attributes["default"]; exists {
val = def.NullableValue()
Expand Down
77 changes: 77 additions & 0 deletions pkg/iac/scanners/terraform/parser/parser_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package parser
import (
"bytes"
"context"
"io/fs"
"log/slog"
"os"
"path/filepath"
Expand Down Expand Up @@ -2008,3 +2009,79 @@ variable "baz" {}
assert.Contains(t, buf.String(), "Variable values was not found in the environment or variable files.")
assert.Contains(t, buf.String(), "variables=\"foo\"")
}

func Test_PassingNullToChildModule_DoesNotEraseType(t *testing.T) {
tests := []struct {
name string
fsys fs.FS
}{
{
name: "typed variable",
fsys: fstest.MapFS{
"main.tf": &fstest.MapFile{Data: []byte(`module "test" {
source = "./modules/test"
test_var = null
}`)},
"modules/test/main.tf": &fstest.MapFile{Data: []byte(`variable "test_var" {
type = number
}
resource "foo" "this" {
bar = var.test_var != null ? 1 : 2
}`)},
},
},
{
name: "typed variable with default",
fsys: fstest.MapFS{
"main.tf": &fstest.MapFile{Data: []byte(`module "test" {
source = "./modules/test"
test_var = null
}`)},
"modules/test/main.tf": &fstest.MapFile{Data: []byte(`variable "test_var" {
type = number
default = null
}
resource "foo" "this" {
bar = var.test_var != null ? 1 : 2
}`)},
},
},
{
name: "empty variable",
fsys: fstest.MapFS{
"main.tf": &fstest.MapFile{Data: []byte(`module "test" {
source = "./modules/test"
test_var = null
}`)},
"modules/test/main.tf": &fstest.MapFile{Data: []byte(`variable "test_var" {}
resource "foo" "this" {
bar = var.test_var != null ? 1 : 2
}`)},
},
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
parser := New(
tt.fsys, "",
OptionStopOnHCLError(true),
)
require.NoError(t, parser.ParseFS(context.TODO(), "."))

_, err := parser.Load(context.TODO())
require.NoError(t, err)

modules, _, err := parser.EvaluateAll(context.TODO())
require.NoError(t, err)

res := modules.GetResourcesByType("foo")[0]
attr := res.GetAttribute("bar")
val, _ := attr.Value().AsBigFloat().Int64()
assert.Equal(t, int64(2), val)
})
}
}
4 changes: 2 additions & 2 deletions pkg/iac/terraform/block.go
Original file line number Diff line number Diff line change
Expand Up @@ -585,7 +585,7 @@ func (b *Block) Values() cty.Value {
if attribute.Name() == "for_each" {
continue
}
values[attribute.Name()] = attribute.Value()
values[attribute.Name()] = attribute.NullableValue()
}
return cty.ObjectVal(postProcessValues(b, values))
}
Expand Down Expand Up @@ -643,7 +643,7 @@ func (b *Block) expandDynamic() ([]*Block, error) {
)

forEachVal.ForEachElement(func(key, val cty.Value) (stop bool) {
if val.IsNull() {
if val.IsNull() || !val.IsKnown() {
return
}

Expand Down

0 comments on commit de3b7ea

Please # to comment.