feat(terraform): Add __address__ field on vertices even if render_var…

…iables is set to False (#5434) Made sure we calculate __address__ field on terraform vertices even if render_variables is set to False
bridgecrewio · Aug 13, 2023 · 180f17a · 180f17a
1 parent 43ce0d7
commit 180f17a
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 5 deletions.
diff --git a/checkov/terraform/graph_builder/local_graph.py b/checkov/terraform/graph_builder/local_graph.py
@@ -87,14 +87,20 @@ def build_graph(self, render_variables: bool) -> None:
             logging.info(f"Rendering variables, graph has {len(self.vertices)} vertices and {len(self.edges)} edges")
             renderer = TerraformVariableRenderer(self)
             renderer.render_variables_from_local_graph()
-            self.update_vertices_breadcrumbs_and_module_connections()
-            self.update_nested_modules_address()
+            self.update_vertices_fields()
             if strtobool(os.getenv("CHECKOV_EXPERIMENTAL_CROSS_VARIABLE_EDGES", "True")):
                 # experimental flag on building cross variable edges for terraform graph
                 logging.info("Building cross variable edges")
                 edges_count = len(self.edges)
                 self._build_cross_variable_edges()
                 logging.info(f"Found {len(self.edges) - edges_count} cross variable edges")
+        else:
+            self.update_vertices_fields()
+
+    def update_vertices_fields(self) -> None:
+        # Important to keep those 2 functions together, as the first affects the calculation of the second
+        self._update_vertices_breadcrumbs_and_module_connections()
+        self._update_nested_modules_address()
 
     def _create_vertices(self) -> None:
         logging.info("Creating vertices")
@@ -559,7 +565,7 @@ def update_vertex_config(vertex: TerraformBlock, changed_attributes: Union[List[
     def get_resources_types_in_graph(self) -> List[str]:
         return self.module.get_resources_types()
 
-    def update_vertices_breadcrumbs_and_module_connections(self) -> None:
+    def _update_vertices_breadcrumbs_and_module_connections(self) -> None:
         """
         The function processes each vertex's breadcrumbs:
         1. Get more data to each vertex in breadcrumb (name, path, hash and type)
@@ -617,8 +623,11 @@ def get_abspath(self, path: str) -> str:
             self.abspath_cache[path] = dir_name
         return dir_name
 
-    def update_nested_modules_address(self) -> None:
+    def _update_nested_modules_address(self) -> None:
         for vertex in self.vertices:
+            if vertex.attributes.get(CustomAttributes.TF_RESOURCE_ADDRESS) is not None:
+                # Can happen for example in `tf_plan` files as the address already exists
+                continue
             if vertex.block_type not in parser_registry.context_parsers:
                 continue
             source_module = vertex.breadcrumbs.get(CustomAttributes.SOURCE_MODULE)

diff --git a/checkov/terraform/plan_parser.py b/checkov/terraform/plan_parser.py
@@ -12,7 +12,7 @@
 from checkov.terraform.context_parsers.tf_plan import parse
 
 SIMPLE_TYPES = (str, int, float, bool)
-TF_PLAN_RESOURCE_ADDRESS = "__address__"
+TF_PLAN_RESOURCE_ADDRESS = CustomAttributes.TF_RESOURCE_ADDRESS
 TF_PLAN_RESOURCE_CHANGE_ACTIONS = "__change_actions__"
 TF_PLAN_RESOURCE_CHANGE_KEYS = "__change_keys__"