这是indexloc提供的服务,不要输入任何密码
Skip to content

fix(terraform_plan): use provider name not resource address to fix supported_provider matching #7119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 6, 2025
Merged

fix(terraform_plan): use provider name not resource address to fix supported_provider matching #7119

merged 2 commits into from
May 6, 2025

Conversation

@alanszlosek
Copy link
Contributor

@alanszlosek alanszlosek commented Apr 22, 2025

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Fix matching of supported_provider values.

Use the provider name (not the key from the plan which can contain the provider alias) in the provider_map data structure, since this is what supported_provider is compared against. Otherwise, some provider checks will only run against providers without an alias.

Fixes #7118

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

@tsmithv11
Copy link
Contributor

tsmithv11 commented May 2, 2025

Hey @alanszlosek looks like a great contribution, thanks! Can you add the example you shared in the issue #7118 as a test?

@alanszlosek alanszlosek force-pushed the fix-supported-provider-matching branch from 83ea29c to f499a63 Compare May 5, 2025 16:16
@alanszlosek
Copy link
Contributor Author

alanszlosek commented May 5, 2025

Hey @alanszlosek looks like a great contribution, thanks! Can you add the example you shared in the issue #7118 as a test?

Hi @tsmithv11 I've updated the PR with some multi-provider Terraform and a new test. This felt like it should be an end-to-end type of test to me, where we need to ensure the parser is creating internal data structures correctly such that provider checks run for all relevant providers and pass/fail as expected.

I know I didn't make any changes to the runner, but I created the test in the runner folder. Is that ok with you?

@tsmithv11 tsmithv11 temporarily deployed to scan-security May 6, 2025 05:02 — with GitHub Actions Inactive
@tsmithv11 tsmithv11 merged commit cc7e5e8 into bridgecrewio:main May 6, 2025
45 of 46 checks passed
Saarett pushed a commit that referenced this pull request May 6, 2025
@alanszlosek @tsmithv11 @actions-user
fix(terraform_plan): use provider name not resource address to fix su…
9db5470 
…pported_provider matching (#7119)

fix supported_provider matching: use provider name instead of resource address internally

Co-authored-by: Taylor <28880387+tsmithv11@users.noreply.github.com>
@jamesdelbarco
Copy link

jamesdelbarco commented May 7, 2025

@alanszlosek hey I know you! 😉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bo156 bo156 bo156 approved these changes

+1 more reviewer

@tsmithv11 tsmithv11 tsmithv11 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Terraform Plan scanning only runs provider checks against providers without an alias

4 participants

@alanszlosek @tsmithv11 @jamesdelbarco @bo156