Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: resolve single depth references [CFG-1623] #2791

Merged
merged 2 commits into from
Feb 28, 2022
Merged

feat: resolve single depth references [CFG-1623] #2791

merged 2 commits into from
Feb 28, 2022

Conversation

teodora-sandu
Copy link
Contributor

@teodora-sandu teodora-sandu commented Feb 23, 2022
edited
Loading

What does this PR do?

This PR introduces single depth reference resolution in terraform plan parsing. It is the TypeScript equivalent of snyk/snyk-iac-parsers#8. In the future it might be better to use gopherjs to include the Terraform Plan parsing in the CLI, like we already do for Terraform Variable Dereferencing. However that requires a bit more work so for now this quick re-implementation of the logic in TypeScript will have to do.

Where should the reviewer start?

Review commit by commit:

  • The first commit includes a new Terraform Plan output from the Terraform v4 provider.
  • The second commit includes the change in code to include references to resources in the parsed Terraform Plan. The same files as in were changed, but the No Op one already contained "service_role": "arn:aws:iam::719261439472:role/terra_ci_job", for some reason.

Note The old CLI was raising a false positive for logging2, which is not being raised with this new update.

How should this be manually tested?

  1. npm run build
  2. snyk iac test ./test/fixtures/iac/terraform-plan/tf-plan-v4.json
  3. snyk-dev iac test ./test/fixtures/iac/terraform-plan/tf-plan-v4.json

What are the relevant tickets?

https://snyksec.atlassian.net/browse/CFG-1623

Screenshots

  • before
    Screenshot 2022-02-23 at 17 41 19

  • after
    Screenshot 2022-02-23 at 17 42 39

Background context

https://docs.google.com/document/d/1gDFhCNRZSXu2caj7HUQ0GtOajXV34hZkTiU_Fo0FKyo/edit

@teodora-sandu teodora-sandu force-pushed the feat/resolve-single-depth-references branch from 468aade to 7f8c706 Compare February 24, 2022 12:51
@teodora-sandu teodora-sandu force-pushed the feat/resolve-single-depth-references branch from 7f8c706 to e8d445c Compare February 24, 2022 12:55
@teodora-sandu teodora-sandu marked this pull request as ready for review February 25, 2022 11:18
@teodora-sandu teodora-sandu requested a review from a team as a code owner February 25, 2022 11:18
p15r
p15r approved these changes Feb 25, 2022
View reviewed changes
Copy link

@p15r p15r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

@teodora-sandu teodora-sandu merged commit f33b99c into master Feb 28, 2022
@teodora-sandu teodora-sandu deleted the feat/resolve-single-depth-references branch February 28, 2022 10:04
This was referenced Feb 19, 2023
Open
Merged
@snyk-bot snyk-bot mentioned this pull request Mar 5, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@p15r p15r p15r approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@teodora-sandu @p15r