fix(terraform): do not re-expand dynamic blocks #6151
Conversation
| t.Run("arg is map and ref to each.key", func(t *testing.T) { | ||
| src := `locals { | ||
| buckets = { | ||
| bucket1 = "bucket1" |
There was a problem hiding this comment.
| bucket1 = "bucket1" | |
| bucket1key = "bucket1val" |
Should we make the assertion a little easier to understand? If it's a map, the each object returns a each.key object returns a key and a each.value returns the value as described here In this case the assertion would strictly look for the following:
assert.Equal(t, `this["bucket1key"]`, bucket.NameLabel())as an example.
There was a problem hiding this comment.
Makes sense. Done 56e86aa
| buckets = [] | ||
| } | ||
| resource "aws_s3_bucket" "this" { | ||
| for_each = loca.buckets |
There was a problem hiding this comment.
| for_each = loca.buckets | |
| for_each = local.buckets |
| @@ -1,94 +0,0 @@ | |||
| package parser | |||
There was a problem hiding this comment.
I have removed the method for validating a collection item. See comment #6151 (comment)
| if err := validateForEachArg(forEachVal); err != nil { | ||
| e.debug.Log(`"for_each" argument is invalid: %s`, err.Error()) |
There was a problem hiding this comment.
What about the other cases as checked in the validateForEachArg()?
There was a problem hiding this comment.
We only need to check that the argument is a collection so that we can iterate over it. Does it make sense to validate the elements of the collection on the Trivy side? I think the user should pass a valid config.
There was a problem hiding this comment.
Yeah fair enough. I was more concerned on what happens if the user does pass us an invalid configuration (which is common) anyway. Looks like we still handle that fine as the debug logs have the following line:
2024-02-22T17:45:05.909-0700 DEBUG [misconf] 45:05.909212000 terraform.parser.<root> error parsing 'main.tf': main.tf:2,12-15: Invalid expression; Expected the start of an expression, but found an invalid expression token.
| @@ -905,6 +906,114 @@ data "http" "example" { | |||
|
|
|||
| func TestForEach(t *testing.T) { | |||
There was a problem hiding this comment.
Sorry I forgot to add one thing: can we have these tests in a table instead of a bunch of t.Run()s? Looks like they have quite a bit of similarity between the cases that we can refactor
Description
Related issues
Checklist