Checkov doesn't evaluate simple ternary operation

[maximmi]

Describe the bug
The conditional syntax (like ternary operation) is not evaluated by checkov at the moment, leading to force skipping checks.

To Reproduce
Steps to reproduce the behavior:

1. Define a resource and variable like this:

variable "metadata_http_tokens_required" {
  type        = bool
  default     = true
  description = "Whether or not the metadata service requires session tokens"
}

resource "aws_instance" "foo" {
  ami           = "ami-005e54dee72cc1d00" # us-west-2
  instance_type = "t2.micro"

  root_block_device {
    encrypted = true
  }

  metadata_options {
    http_tokens = (var.metadata_http_tokens_required) ? "required" : "optional"
  }
}

2. Run checkov in docker: docker run -t -v $(pwd):/tf bridgecrew/checkov:latest -d /tf

3. See error:

terraform scan results:

Passed checks: 3, Failed checks: 1, Skipped checks: 0

Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
	FAILED for resource: aws_instance.foo
	File: /main.tf:7-18
	Guide: https://docs.bridgecrew.io/docs/bc_aws_general_31

Expected behavior
Checkov evaluates condition to "required" value so all checks passed.

Desktop (please complete the following information):

• OS: macOS Catalina 10.15.6 (19G73)
• Checkov Version: 1.0.708

Additional context
There is an easy workaround for this case using string variable with values allowed for the parameter, but issue is about to support ternary evaluation.

[robeden]

Thanks, @maximmi ... I'll see about adding that to the parser.

[robeden]

Ticket for HCL2 parse error: amplify-education/python-hcl2#55

[nimrodkor]

@robeden we use our own checkov fork for these issues.. check out https://github.com/bridgecrewio/python-hcl2

[robeden]

Yes, the issue occurs in both. I filed the ticket there as it seemed best to report at the lowest level.