From 0b6dcd492b16b400ad11c1aaef058b7343c722ec Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Mon, 7 Oct 2024 13:54:32 +0200 Subject: [PATCH] fix(terraform): set null value as fallback for missing variables --- pkg/iac/scanners/terraform/parser/parser.go | 9 ++++++ .../scanners/terraform/parser/parser_test.go | 30 +++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/pkg/iac/scanners/terraform/parser/parser.go b/pkg/iac/scanners/terraform/parser/parser.go index 695cbee4fb25..866835d5f8a5 100644 --- a/pkg/iac/scanners/terraform/parser/parser.go +++ b/pkg/iac/scanners/terraform/parser/parser.go @@ -217,6 +217,7 @@ func (p *Parser) Load(ctx context.Context) (*evaluator, error) { "Variable values was not found in the environment or variable files. Evaluating may not work correctly.", log.String("variables", strings.Join(missingVars, ", ")), ) + setNullMissingVariableValues(inputVars, missingVars) } } @@ -268,6 +269,14 @@ func missingVariableValues(blocks terraform.Blocks, inputVars map[string]cty.Val return missing } +// Set null values for missing variables, to allow expressions using them to be +// still be possibly evaluated to a value different than null. +func setNullMissingVariableValues(inputVars map[string]cty.Value, missingVars []string) { + for _, missingVar := range missingVars { + inputVars[missingVar] = cty.NullVal(cty.DynamicPseudoType) + } +} + func (p *Parser) EvaluateAll(ctx context.Context) (terraform.Modules, cty.Value, error) { e, err := p.Load(ctx) diff --git a/pkg/iac/scanners/terraform/parser/parser_test.go b/pkg/iac/scanners/terraform/parser/parser_test.go index e3bd817748f6..5901d5fef91d 100644 --- a/pkg/iac/scanners/terraform/parser/parser_test.go +++ b/pkg/iac/scanners/terraform/parser/parser_test.go @@ -1671,6 +1671,36 @@ resource "test" "fileset-func" { assert.Equal(t, []string{"a.py", "path/b.py"}, attr.GetRawValue()) } +func TestExprWithMissingVar(t *testing.T) { + files := map[string]string{ + "main.tf": ` +variable "v" { + type = string +} + +resource "test" "values" { + s = "foo-${var.v}" + l1 = ["foo", var.v] + l2 = concat(["foo"], [var.v]) + d1 = {foo = var.v} + d2 = merge({"foo": "bar"}, {"baz": var.v}) +} +`, + } + + resources := parse(t, files).GetResourcesByType("test") + require.Len(t, resources, 1) + + s_attr := resources[0].GetAttribute("s") + require.NotNil(t, s_attr) + assert.Equal(t, "foo-", s_attr.GetRawValue()) + + for _, name := range []string{"l1", "l2", "d1", "d2"} { + attr := resources[0].GetAttribute(name) + require.NotNil(t, attr) + } +} + func TestVarTypeShortcut(t *testing.T) { files := map[string]string{ "main.tf": `