Merge pull request #470 from dev-gaur/tf14besides12

Add terraform v14 support

docs/getting-started/usage.md

@@ -118,7 +118,7 @@ Flags:
   -d, --iac-dir string            path to a directory containing one or more IaC files (default ".")
   -f, --iac-file string           path to a single IaC file
   -i, --iac-type string           iac type (helm, k8s, kustomize, terraform)
-      --iac-version string        iac version (helm: v3, k8s: v1, kustomize: v3, terraform: v12)
+      --iac-version string        iac version (helm: v3, k8s: v1, kustomize: v3, terraform: v12, v14)
   -p, --policy-path stringArray   policy path directory
   -t, --policy-type strings       policy type (all, aws, azure, gcp, github, k8s) (default [all])
   -r, --remote-type string        type of remote backend (git, s3, gcs, http)
@@ -240,7 +240,7 @@ $ docker run --rm --name terrascan -p 9010:9010 accurics/terrascan
 Here's an example of how to send a request to the Terrascan server using curl:
 
 ``` Bash
-$ curl -i -F "file=@aws_cloudfront_distribution.tf" localhost:9010/v1/terraform/v12/aws/local/file/scan
+$ curl -i -F "file=@aws_cloudfront_distribution.tf" localhost:9010/v1/terraform/v14/aws/local/file/scan
 HTTP/1.1 100 Continue
 
 HTTP/1.1 200 OK

go.mod

@@ -2,15 +2,21 @@ module github.com/accurics/terrascan
 
 go 1.15
 
+replace (
+	k8s.io/api => k8s.io/api v0.19.0
+	k8s.io/apimachinery => k8s.io/apimachinery v0.19.0
+	k8s.io/client-go => k8s.io/client-go v0.19.0
+)
+
 require (
 	github.com/ghodss/yaml v1.0.0
 	github.com/gorilla/mux v1.8.0
 	github.com/hashicorp/go-cleanhttp v0.5.1
-	github.com/hashicorp/go-getter v1.4.2-0.20200106182914-9813cbd4eb02
+	github.com/hashicorp/go-getter v1.5.1
 	github.com/hashicorp/go-retryablehttp v0.6.6
 	github.com/hashicorp/go-version v1.2.0
-	github.com/hashicorp/hcl/v2 v2.3.0
-	github.com/hashicorp/terraform v0.12.28
+	github.com/hashicorp/hcl/v2 v2.8.2
+	github.com/hashicorp/terraform v0.14.4
 	github.com/iancoleman/strcase v0.1.3
 	github.com/mattn/go-isatty v0.0.8
 	github.com/open-policy-agent/opa v0.22.0
@@ -20,12 +26,12 @@ require (
 	github.com/spf13/cobra v1.0.0
 	github.com/zclconf/go-cty v1.7.1
 	go.uber.org/zap v1.16.0
-	golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
+	golang.org/x/mod v0.4.1 // indirect
 	golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f
-	golang.org/x/tools v0.0.0-20201201064407-fd09bd90d85c // indirect
+	golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963 // indirect
 	gopkg.in/src-d/go-git.v4 v4.13.1
 	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
 	helm.sh/helm/v3 v3.4.0
-	honnef.co/go/tools v0.0.1-2020.1.6 // indirect
+	honnef.co/go/tools v0.1.0 // indirect
 	sigs.k8s.io/kustomize/api v0.7.1
 )

pkg/cli/run.go

@@ -46,7 +46,7 @@ type ScanOptions struct {
 	// IaC type (terraform)
 	iacType string
 
-	// IaC version (for terraform:v12)
+	// IaC version (for terraform:v14)
 	iacVersion string
 
 	// Path to a single IaC file

pkg/http-server/file-scan_test.go

@@ -18,7 +18,7 @@ import (
 func TestUpload(t *testing.T) {
 	testFilePath := "./testdata/testconfig.tf"
 	testIacType := "terraform"
-	testIacVersion := "v12"
+	testIacVersion := "v14"
 	testCloudType := "aws"
 	testParamName := "file"
 

pkg/http-server/remote-repo_test.go

@@ -83,7 +83,7 @@ func TestScanRemoteRepo(t *testing.T) {
 func TestScanRemoteRepoHandler(t *testing.T) {
 	validRepo := "https://github.com/kanchwala-yusuf/Damn-Vulnerable-Terraform-Project.git"
 	testIacType := "terraform"
-	testIacVersion := "v12"
+	testIacVersion := "v14"
 	testCloudType := "aws"
 
 	table := []struct {

pkg/http-server/testdata/testconfig.tf

@@ -8,14 +8,14 @@ resource "aws_vpc" "vpc_playground" {
   enable_dns_support   = true
   enable_dns_hostnames = true
   tags = {
-    Environment = "${var.environment_tag}"
+    Environment = "var.environment_tag"
   }
 }
 
 resource "aws_internet_gateway" "igw_playground" {
   vpc_id = aws_vpc.vpc_playground.id
   tags = {
-    Environment = "${var.environment_tag}"
+    Environment = "var.environment_tag"
   }
 }
 
@@ -24,7 +24,7 @@ resource "aws_subnet" "subnet_public_playground" {
   cidr_block              = var.cidr_subnet
   map_public_ip_on_launch = "true"
   tags = {
-    Environment = "${var.environment_tag}"
+    Environment = "var.environment_tag"
   }
 }
 
@@ -35,7 +35,7 @@ resource "aws_route_table" "rtb_public_playground" {
     gateway_id = aws_internet_gateway.igw_playground.id
   }
   tags = {
-    Environment = "${var.environment_tag}"
+    Environment = "var.environment_tag"
   }
 }
 
@@ -66,7 +66,7 @@ resource "aws_security_group" "sg_playground" {
     cidr_blocks = ["0.0.0.0/0"]
   }
   tags = {
-    Environment = "${var.environment_tag}"
+    Environment = "var.environment_tag"
   }
 }
 
@@ -82,7 +82,7 @@ resource "aws_instance" "instance_playground" {
   vpc_security_group_ids = [aws_security_group.sg_playground.id]
   key_name               = aws_key_pair.ec2key_playground.key_name
   tags = {
-    Environment = "${var.environment_tag}"
+    Environment = "var.environment_tag"
   }
   provisioner "remote-exec" {
 

pkg/iac-providers/providers_test.go

@@ -22,6 +22,7 @@ import (
 	"testing"
 
 	tfv12 "github.com/accurics/terrascan/pkg/iac-providers/terraform/v12"
+	tfv14 "github.com/accurics/terrascan/pkg/iac-providers/terraform/v14"
 )
 
 func TestNewIacProvider(t *testing.T) {
@@ -33,6 +34,13 @@ func TestNewIacProvider(t *testing.T) {
 		want       IacProvider
 		wantErr    error
 	}{
+		{
+			name:       "terraform v14",
+			iacType:    terraform,
+			iacVersion: terraformV14,
+			want:       &tfv14.TfV14{},
+			wantErr:    nil,
+		},
 		{
 			name:       "terraform v12",
 			iacType:    terraform,
@@ -43,7 +51,7 @@ func TestNewIacProvider(t *testing.T) {
 		{
 			name:       "not supported iac type",
 			iacType:    "not-supported",
-			iacVersion: terraformV12,
+			iacVersion: terraformV14,
 			want:       nil,
 			wantErr:    errIacNotSupported,
 		},
@@ -78,7 +86,19 @@ func TestIsIacSupported(t *testing.T) {
 		want       bool
 	}{
 		{
-			name:       "terraform v12",
+			name:       "terraform v14",
+			iacType:    terraform,
+			iacVersion: terraformV14,
+			want:       true,
+		},
+		{
+			name:       "not supported iac type",
+			iacType:    "not-supported",
+			iacVersion: terraformV14,
+			want:       false,
+		},
+		{
+			name:       "terraform v14",
 			iacType:    terraform,
 			iacVersion: terraformV12,
 			want:       true,

pkg/iac-providers/register.go

@@ -34,13 +34,15 @@ func RegisterIacProvider(iacType supportedIacType, iacVersion, defaultIacVersion
 		iacVersion = defaultIacVersion
 	}
 
-	// version support
-	supportedTerraformVersions := make(map[supportedIacVersion]reflect.Type)
-	supportedTerraformVersions[iacVersion] = iacProvider
+	if IacVersionMap, IacExists := supportedIacProviders[iacType]; IacExists {
+		IacVersionMap[iacVersion] = iacProvider
+	} else {
+		// version support
+		supportedIacVersions := make(map[supportedIacVersion]reflect.Type)
+		supportedIacVersions[iacVersion] = iacProvider
+		supportedIacProviders[iacType] = supportedIacVersions
+	}
 
 	// default version
 	defaultIacVersions[iacType] = defaultIacVersion
-
-	// type support
-	supportedIacProviders[iacType] = supportedTerraformVersions
 }

pkg/iac-providers/terraform.go

@@ -4,18 +4,21 @@ import (
 	"reflect"
 
 	tfv12 "github.com/accurics/terrascan/pkg/iac-providers/terraform/v12"
+	tfv14 "github.com/accurics/terrascan/pkg/iac-providers/terraform/v14"
 )
 
 // terraform specific constants
 const (
-	terraform               supportedIacType    = "terraform"
-	terraformV12            supportedIacVersion = "v12"
-	terraformDefaultVersion                     = terraformV12
+	terraform    supportedIacType    = "terraform"
+	terraformV14 supportedIacVersion = "v14"
+	terraformV12 supportedIacVersion = "v12"
+
+	terraformDefaultVersion = terraformV12
 )
 
 // register terraform as an IaC provider with terrascan
 func init() {
-
 	// register iac provider
 	RegisterIacProvider(terraform, terraformV12, terraformDefaultVersion, reflect.TypeOf(tfv12.TfV12{}))
+	RegisterIacProvider(terraform, terraformV14, terraformDefaultVersion, reflect.TypeOf(tfv14.TfV14{}))
 }

pkg/iac-providers/terraform/v12/convert.go → pkg/iac-providers/terraform/commons/convert.go

@@ -14,7 +14,7 @@
     limitations under the License.
 */
 
-package tfv12
+package commons
 
 /*
 	Following code has been borrowed and modifed from:

pkg/iac-providers/terraform/v12/cty-converters.go → pkg/iac-providers/terraform/commons/cty-converters.go

@@ -14,7 +14,7 @@
     limitations under the License.
 */
 
-package tfv12
+package commons
 
 import (
 	"fmt"