BUG-301 | Fix parsing error in locals.tf and 'config.tf` files

[angelofenoglio]

What?

• Upgrade parser package version to solve some recurrent issues regarding terraform files parsing.
• Provide better error messaging and context when some parsing issue may arise.

Why?

• UX and usability improvements.

References

• Closes Fix | Parsing Error in locals.tf File** #301

Additional context

• The new version of the package solves most of the issues we encountered
• The new error message looks something like this:

  [12:44:48.664] ERROR    Possible invalid expression in file locals.tf near line 178, column 15                                                                                                           
                             region  => var.region
                                     ^
  

Summary by CodeRabbit

• Bug Fixes

  • Enhanced error reporting for file parsing to include precise location details for easier troubleshooting.

• Chores

  • Updated the parsing library dependency to the latest version for improved performance and features.

• Tests

  • Improved consistency and accuracy in test mocks for file operations, aligning with actual code usage.

[coderabbitai]

Walkthrough

This pull request refactors the parse_tf_file function in leverage/_utils.py by switching from file object parsing using hcl2.load to string parsing with file.read_text() and hcl2.loads(). It also enhances error handling by catching the UnexpectedInput exception to provide detailed error messages including line and column numbers as well as contextual information. Additionally, the dependency on python-hcl2 in pyproject.toml is updated from version 5.1.1 to 7.0.1. The test suite for authentication modules was updated to unify and improve mocking of file system interactions, replacing built-in open patching with more accurate patching of configupdater.parser.open and Path methods.

Changes

File(s)	Change Summary
leverage/_utils.py	Modified parse_tf_file to read file content as a string using file.read_text(), parse with hcl2.loads(), and improve error reporting by catching UnexpectedInput with detailed context.
pyproject.toml	Updated python-hcl2 dependency from version 5.1.1 to 7.0.1.
tests/test_modules/test_auth.py	Improved mocking strategy by patching configupdater.parser.open and Path.read_text/Path.touch instead of built-in open; adjusted mock return types and test data keys for consistency.

Sequence Diagram(s)

sequenceDiagram
    participant C as Caller
    participant F as parse_tf_file
    participant H as hcl2
    C->>F: Call parse_tf_file(file)
    F->>file: file.read_text()
    F->>H: hcl2.loads(file_content)
    alt Parsing Successful
        H-->>F: Parsed data
        F-->>C: Return parsed data
    else Parsing Error
        H-->>F: UnexpectedInput Exception
        F->>F: error.get_context(file_content)
        F-->>C: Return detailed error message
    end

Loading

Assessment against linked issues

Objective	Addressed	Explanation
Provide clear and detailed error messages (line, column, context) [#301]	✅

Poem

I’m a rabbit in the codefield, hopping through the line,
With errors now detailed, everything is just fine.
I nibble on new versions, let improvements bloom,
Parsing becomes a joy, banishing earlier gloom.
Hoppity-hop, I celebrate this code tune! 🐇✨

Tip

⚡💬 Agentic Chat (Pro Plan, General Availability)

• We're introducing multi-step agentic chat in review comments and issue comments, within and outside of PR's. This feature enhances review and issue discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments and add commits to existing pull requests.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

leverage/_utils.py (1)

126-131: Consider preserving exception chaining for better debugging

The static analysis tool correctly identified a potential improvement in exception handling.

-    except lark.exceptions.UnexpectedInput as error:
-        raise ExitError(
-            1,
-            f"Possible invalid expression in file {file.name} near line {error.line}, column {error.column}\n"
-            f"{error.get_context(file.read_text())}",
-        )
+    except lark.exceptions.UnexpectedInput as error:
+        raise ExitError(
+            1,
+            f"Possible invalid expression in file {file.name} near line {error.line}, column {error.column}\n"
+            f"{error.get_context(file.read_text())}",
+        ) from error

This preserves the exception chain, which can be helpful for debugging and logging purposes while maintaining the same user-facing error message.

🧰 Tools

🪛 Ruff (0.8.2)

127-131: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1160874 and c69492a.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• leverage/_utils.py (1 hunks)
• pyproject.toml (1 hunks)

🧰 Additional context used

🪛 Ruff (0.8.2)

leverage/_utils.py

127-131: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: integration_tests_cli_refarch (3.9.15, 1.3.5-0.2.0)

🔇 Additional comments (2)

pyproject.toml (1)

37-37: Dependency upgrade approved

The update of python-hcl2 from 5.1.1 to 7.0.1 aligns with the PR objectives to fix parsing issues in Terraform files. This matches the implementation changes in _utils.py where the parsing method was changed from hcl2.load() to hcl2.loads().

leverage/_utils.py (1)

124-133: Improved error handling for Terraform parsing

The implementation change from file object parsing to string parsing with better error handling is excellent. The new approach:

1. Uses file.read_text() and hcl2.loads() instead of the previous context manager with hcl2.load(f)
2. Catches lark.exceptions.UnexpectedInput specifically
3. Provides detailed error messaging with line, column, and context information

This directly addresses the PR objectives to enhance error messaging and improve user experience.

🧰 Tools

🪛 Ruff (0.8.2)

127-131: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

[angelofenoglio]

To check how much of the ref arch the new version of the parser could parse this little script was run:

from pathlib import Path

import hcl2
import lark

def check_parsing(directory: Path) -> None:
    print(f"Directory: {directory}")

    exclude_prefixes = (".", "_", "@", "config")

    if tf_files := list(directory.glob("*.tf")):
        for tf_file in tf_files:
            try:
                parsed_tf_file = hcl2.loads(tf_file.read_text())
            except lark.exceptions.UnexpectedInput as error:
                print(f"Possible invalid expression in file {tf_file.name} near line {error.line}, column {error.column}")
                print(error.get_context(tf_file.read_text()))

    subdirectories = [
        item for item in directory.iterdir()
        if item.is_dir()
        and not item.resolve().name.startswith(exclude_prefixes)
    ]

    for subdirectory in subdirectories:
        check_parsing(subdirectory)

root = Path(".")
check_parsing(root)

The results were:

Directory: .
Directory: security
Directory: security/global
Directory: security/global/base-identities
Directory: security/global/base-identities/keys
Directory: security/us-east-2
Directory: security/us-east-2/security-compliance --
Directory: security/us-east-2/security-audit
Directory: security/us-east-2/security-monitoring --
Directory: security/us-east-1
Directory: security/us-east-1/security-compliance --
Directory: security/us-east-1/tools-wazuh --
Directory: security/us-east-1/security-keys
Directory: security/us-east-1/security-keys/tests
Directory: security/us-east-1/security-base
Directory: security/us-east-1/security-monitoring
Directory: security/us-east-1/base-tf-backend
Directory: security/us-east-1/base-network
Directory: security/us-east-1/security-audit
Directory: security/us-east-1/notifications
Directory: security/us-east-1/security-hub --
Directory: security/us-east-1/firewall-manager
Directory: management
Directory: management/global
Directory: management/global/sso
Directory: management/global/organizations
Directory: management/global/cost-mgmt
Directory: management/global/base-identities
Directory: management/us-east-2
Directory: management/us-east-2/security-monitoring --
Directory: management/us-east-1
Directory: management/us-east-1/backups
Directory: management/us-east-1/security-compliance
Directory: management/us-east-1/security-keys
Directory: management/us-east-1/security-keys/tests
Directory: management/us-east-1/security-base
Directory: management/us-east-1/security-monitoring
Directory: management/us-east-1/base-tf-backend
Directory: management/us-east-1/notifications
Directory: management/us-east-1/security-hub --
Directory: management/us-east-1/firewall-manager
Directory: shared
Directory: shared/global
Directory: shared/global/base-identities
Directory: shared/global/base-identities/keys
Directory: shared/global/base-dns
Directory: shared/global/base-dns/binbash.co
Directory: shared/global/base-dns/leverage.binbash.com.ar
Directory: shared/global/base-dns/binbash.com.ar
Directory: shared/us-east-2
Directory: shared/us-east-2/container-registry
Directory: shared/us-east-2/security-compliance --
Directory: shared/us-east-2/tools-eskibana --
Directory: shared/us-east-2/security-keys
Directory: shared/us-east-2/security-keys/tests
Directory: shared/us-east-2/base-network
Directory: shared/us-east-2/tools-prometheus-grafana --
Directory: shared/us-east-1
Directory: shared/us-east-1/tools-vault --
Directory: shared/us-east-1/tools-webhooks --
Directory: shared/us-east-1/tools-managedeskibana --
Directory: shared/us-east-1/tools-costs-notifications
Directory: shared/us-east-1/tools-costs-notifications/src
Directory: shared/us-east-1/tools-jenkins --
Directory: shared/us-east-1/backups
Directory: shared/us-east-1/container-registry
Directory: shared/us-east-1/security-compliance --
Directory: shared/us-east-1/tools-eskibana --
Directory: shared/us-east-1/tools-vpn-server
Directory: shared/us-east-1/ec2-fleet-bastions --
Directory: shared/us-east-1/secrets-manager
Directory: shared/us-east-1/tools-cloud-scheduler-stop-start
Directory: shared/us-east-1/k8s-eks-demoapps
Directory: shared/us-east-1/k8s-eks-demoapps/identities
Directory: shared/us-east-1/security-keys
Directory: shared/us-east-1/security-keys/tests
Directory: shared/us-east-1/tools-github-selfhosted-runners
Directory: shared/us-east-1/tools-github-selfhosted-runners/templates
Directory: shared/us-east-1/tools-github-selfhosted-runners/lambdas-download
Directory: shared/us-east-1/tools-github-selfhosted-runners/modules
Directory: shared/us-east-1/tools-github-selfhosted-runners/modules/setup-iam-permissions
Directory: shared/us-east-1/tools-github-selfhosted-runners/modules/setup-iam-permissions/policies
Directory: shared/us-east-1/tools-github-selfhosted-runners/modules/download-lambda
Directory: shared/us-east-1/ec2-fleet --
Directory: shared/us-east-1/security-base
Directory: shared/us-east-1/base-tf-backend
Directory: shared/us-east-1/base-network
Directory: shared/us-east-1/storage
Directory: shared/us-east-1/storage/object-file-shares-for-users-list --
Directory: shared/us-east-1/storage/object-file-shares-sftp-transfer-service --
Directory: shared/us-east-1/storage/backup-gdrive --
Directory: shared/us-east-1/tools-prometheus-grafana --
Directory: shared/us-east-1/notifications
Directory: data-science
Directory: data-science/global
Directory: data-science/global/base-identities
Directory: data-science/us-east-1
Directory: data-science/us-east-1/secrets-manager
Directory: data-science/us-east-1/workflow-order-processing
Directory: data-science/us-east-1/workflow-order-processing/src
Directory: data-science/us-east-1/workflow-order-processing/src/sns_callback_handler
Directory: data-science/us-east-1/workflow-order-processing/src/external_callback_handler
Directory: data-science/us-east-1/workflow-order-processing/src/process_shipping_result_handler
Directory: data-science/us-east-1/workflow-order-processing/src/get_order_metadata_handler
Directory: data-science/us-east-1/workflow-order-processing/utils
Directory: data-science/us-east-1/datalake-demo--
Directory: data-science/us-east-1/security-keys
Directory: data-science/us-east-1/security-certs
Directory: data-science/us-east-1/security-base
Directory: data-science/us-east-1/base-tf-backend
Directory: data-science/us-east-1/base-network
Directory: data-science/us-east-1/lakehouse-demo--
Directory: data-science/us-east-1/notifications
Directory: data-science/us-east-1/databases-aurora-mysql--
Directory: data-science/us-east-1/genai-llm-rag-bedrock-poc
Directory: data-science/us-east-1/genai-llm-rag-bedrock-poc/assets
Directory: data-science/us-east-1/genai-llm-rag-bedrock-poc/assets/images
Directory: apps-prd
Directory: apps-prd/global
Directory: apps-prd/global/base-identities
Directory: apps-prd/global/base-identities/keys
Directory: apps-prd/us-east-1
Directory: apps-prd/us-east-1/cdn-s3-frontend --
Directory: apps-prd/us-east-1/security-compliance --
Directory: apps-prd/us-east-1/security-keys
Directory: apps-prd/us-east-1/security-keys/tests
Directory: apps-prd/us-east-1/ec2-fleet --
Directory: apps-prd/us-east-1/security-certs
Directory: apps-prd/us-east-1/security-base
Directory: apps-prd/us-east-1/base-tf-backend
Directory: apps-prd/us-east-1/base-network
Directory: apps-prd/us-east-1/backups --
Directory: apps-prd/us-east-1/notifications
Directory: network
Directory: network/global
Directory: network/global/base-identities
Directory: network/us-east-2
Directory: network/us-east-2/network-firewall
Directory: network/us-east-2/security-compliance --
Directory: network/us-east-2/transit-gateway
Possible invalid expression in file vpc_attachments.tf near line 38, column 5
    (each.key) = {
    ^

Directory: network/us-east-2/security-keys
Directory: network/us-east-2/base-network
Directory: network/us-east-1
Directory: network/us-east-1/network-firewall
Directory: network/us-east-1/security-compliance --
Directory: network/us-east-1/client-vpn
Directory: network/us-east-1/transit-gateway
Possible invalid expression in file vpc_attachments.tf near line 38, column 5
    (each.key) = {
    ^

Directory: network/us-east-1/security-keys
Directory: network/us-east-1/security-keys/tests
Directory: network/us-east-1/security-certs
Directory: network/us-east-1/security-base
Directory: network/us-east-1/base-tf-backend
Directory: network/us-east-1/base-network
Directory: network/us-east-1/notifications
Directory: apps-devstg
Directory: apps-devstg/global
Directory: apps-devstg/global/cli-test-layer
Directory: apps-devstg/global/base-identities
Directory: apps-devstg/global/base-identities/keys
Directory: apps-devstg/us-east-2
Directory: apps-devstg/us-east-2/security-compliance --
Directory: apps-devstg/us-east-2/security-keys
Directory: apps-devstg/us-east-2/security-keys/tests
Directory: apps-devstg/us-east-1
Directory: apps-devstg/us-east-1/databases-aurora-pgsql --
Directory: apps-devstg/us-east-1/cdn-s3-frontend --
Directory: apps-devstg/us-east-1/secrets-manager --
Directory: apps-devstg/us-east-1/k8s-kops
Directory: apps-devstg/us-east-1/k8s-kops/3-extras
Directory: apps-devstg/us-east-1/k8s-kops/3-extras/chart-values
Directory: apps-devstg/us-east-1/k8s-kops/1-prerequisites
Directory: apps-devstg/us-east-1/k8s-kops/2-kops
Directory: apps-devstg/us-east-1/databases-mysql --
Directory: apps-devstg/us-east-1/databases-mysql --/rds-export-to-s3
Directory: apps-devstg/us-east-1/security-compliance --
Directory: apps-devstg/us-east-1/ecs-demoapps
Directory: apps-devstg/us-east-1/aws-cloudwatch-synthetics
Directory: apps-devstg/us-east-1/ec2-fleet-ansible --
Directory: apps-devstg/us-east-1/databases-pgsql --
Directory: apps-devstg/us-east-1/k8s-eks-demoapps
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/chart-values
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/addons
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/secrets
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/network
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/identities
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/cluster
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/k8s-workloads
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/storage
Directory: apps-devstg/us-east-1/k8s-eks-demoapps/storage/efs
Directory: apps-devstg/us-east-1/security-keys
Directory: apps-devstg/us-east-1/security-keys/tests
Directory: apps-devstg/us-east-1/security-certs
Directory: apps-devstg/us-east-1/security-base
Directory: apps-devstg/us-east-1/k8s-kind
Directory: apps-devstg/us-east-1/k8s-kind/k8s-resources
Directory: apps-devstg/us-east-1/k8s-kind/k8s-resources/chart-values
Directory: apps-devstg/us-east-1/k8s-kind/k8s-resources/kind
Directory: apps-devstg/us-east-1/databases-aurora
Directory: apps-devstg/us-east-1/databases-aurora/rds-export-to-s3
Directory: apps-devstg/us-east-1/base-tf-backend
Directory: apps-devstg/us-east-1/base-network
Possible invalid expression in file locals.tf near line 178, column 15
      region  => var.region
              ^

Directory: apps-devstg/us-east-1/security-firewall --
Directory: apps-devstg/us-east-1/storage
Directory: apps-devstg/us-east-1/storage/s3-bucket-demo-files --
Directory: apps-devstg/us-east-1/backups --
Directory: apps-devstg/us-east-1/tools-cloud-nuke
Directory: apps-devstg/us-east-1/notifications

The error in apps-devstg/us-east-1/base-network was purposefully introduced to create at least one detection in the codebase.

[coveralls]

Pull Request Test Coverage Report for Build 14578385646

Details

• 4 of 6 (66.67%) changed or added relevant lines in 1 file are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage remained the same at 60.662%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
leverage/_utils.py	4	6	66.67%

Files with Coverage Reduction	New Missed Lines	%
_utils.py	1	83.7%

Totals
Change from base Build 13349071293:	0.0%
Covered Lines:	2550
Relevant Lines:	4066

---

💛 - Coveralls

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

leverage/_utils.py (1)

124-134: Enhanced error handling with detailed parsing context.

The refactoring from using file objects with hcl2.load() to string parsing with hcl2.loads() aligns well with the upgraded parser package mentioned in the PR objectives. The improved error message now provides specific line and column numbers along with contextual snippets from the file, which will significantly help users identify and fix parsing issues.

Consider following the Python best practice for re-raising exceptions by using the from clause:

    try:
        content = file.read_text()
        parsed = hcl2.loads(content)
    except lark.exceptions.UnexpectedInput as error:
        raise ExitError(
            1,
            f"Possible invalid expression in file {file.name} near line {error.line}, column {error.column}\n"
            f"{error.get_context(content)}",
-        )
+        ) from error
    else:
        return parsed

This helps distinguish between errors in exception handling and actual exceptions, preserving the original traceback.

🧰 Tools

🪛 Ruff (0.8.2)

128-132: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c69492a and 119fdea.

📒 Files selected for processing (2)

• leverage/_utils.py (1 hunks)
• tests/test_modules/test_auth.py (6 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

tests/test_modules/test_auth.py (1)

tests/conftest.py (1)

• propagate_logs (54-56)

🪛 Ruff (0.8.2)

leverage/_utils.py

128-132: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: integration_tests_cli_refarch (3.9.15, 1.3.5-0.2.0)

🔇 Additional comments (4)

tests/test_modules/test_auth.py (4)

25-25: Improved type consistency in mocks.

Changing the return value from a string to a PosixPath object better matches the actual type returned by the real method, improving test accuracy.

---

194-196: Standardized dictionary keys for consistent lookup.

The test data dictionary keys are now standardized to plain filename strings, making lookups in the mock side effects more consistent and reliable.

---

202-207: Added Path.read_text mock to support refactored code.

This new mock function correctly simulates the behavior of Path.read_text() which is now used in the refactored parse_tf_file function, ensuring tests reflect the actual code behavior.

---

233-235: Unified mocking strategy for file interactions.

The patching approach has been improved by targeting the specific modules actually used by the code:

• configupdater.parser.open instead of built-in open
• Added pathlib.Path.read_text to match the refactored file reading approach
• Adjusted patch ordering and corresponding function arguments

This change ensures tests accurately mirror the actual file system interactions in the code, making them more reliable and less prone to false positives.

Also applies to: 248-250, 260-265, 281-293