feat(terraform): Removed most usages of enable_nested_modules (#5415)

* Removed most usages of enable_nested_modules

* Removed other mocks with True

* flake8 fixes

* added extra values to ignore in dangerfile

checkov/common/util/env_vars_config.py

@@ -34,7 +34,6 @@ def __init__(self) -> None:
         self.ENABLE_MODULES_FOREACH_HANDLING = convert_str_to_bool(
             os.getenv("CHECKOV_ENABLE_MODULES_FOREACH_HANDLING", True)
         )
-        self.ENABLE_NESTED_MODULES = convert_str_to_bool(os.getenv("CHECKOV_ENABLE_NESTED_MODULES", True))
         self.EXPERIMENTAL_GRAPH_DEBUG = convert_str_to_bool(os.getenv("CHECKOV_EXPERIMENTAL_GRAPH_DEBUG", False))
         self.EXPIRATION_TIME_IN_SEC = force_int(os.getenv("CHECKOV_EXPIRATION_TIME_IN_SEC", 604800))
         self.GITHUB_CONF_DIR_NAME = os.getenv("CKV_GITHUB_CONF_DIR_NAME", "github_conf")

checkov/terraform/checks/utils/dependency_path_handler.py

@@ -1,13 +1,9 @@
-import os
 from typing import List
-from checkov.common.runners.base_runner import strtobool
 
 PATH_SEPARATOR = "->"
 
 
 def unify_dependency_path(dependency_path: List[str]) -> str:
     if not dependency_path:
         return ''
-    if strtobool(os.getenv('CHECKOV_ENABLE_NESTED_MODULES', 'True')):
-        return dependency_path[-1]
-    return PATH_SEPARATOR.join(dependency_path)
+    return dependency_path[-1]

checkov/terraform/graph_builder/graph_components/blocks.py

@@ -11,7 +11,6 @@
 from checkov.common.graph.graph_builder.graph_components.blocks import Block
 from checkov.common.util.consts import RESOLVED_MODULE_ENTRY_NAME
 from checkov.terraform.graph_builder.graph_components.block_types import BlockType
-from checkov.terraform.graph_builder.utils import remove_module_dependency_in_path
 
 if TYPE_CHECKING:
     from checkov.terraform import TFModule
@@ -64,14 +63,7 @@ def __init__(
         self.module_dependency: TFDefinitionKeyType | None = ""
         self.module_dependency_num: str | None = ""
         if path:
-            if strtobool(os.getenv('CHECKOV_ENABLE_NESTED_MODULES', 'True')):
-                self.path = path  # type:ignore[assignment]  # Block class would need to be a Generic type to make this pass
-            else:
-                self.path, module_dependency, num = remove_module_dependency_in_path(path)  # type:ignore[arg-type]
-                self.path = os.path.realpath(self.path)
-                if module_dependency:
-                    self.module_dependency = module_dependency
-                    self.module_dependency_num = num
+            self.path = path  # type:ignore[assignment]  # Block class would need to be a Generic type to make this pass
         if attributes.get(RESOLVED_MODULE_ENTRY_NAME):
             del attributes[RESOLVED_MODULE_ENTRY_NAME]
         self.attributes = attributes

checkov/terraform/graph_builder/graph_components/module.py

@@ -7,7 +7,6 @@
 from checkov.common.runners.base_runner import strtobool
 from checkov.common.util.data_structures_utils import pickle_deepcopy
 from checkov.common.util.parser_utils import get_abs_path, get_module_from_full_path
-from checkov.terraform.checks.utils.dependency_path_handler import unify_dependency_path
 from checkov.terraform.graph_builder.graph_components.block_types import BlockType
 from checkov.terraform.graph_builder.graph_components.blocks import TerraformBlock
 from checkov.terraform.parser_functions import handle_dynamic_values
@@ -42,7 +41,6 @@ def __init__(
         self.resources_types: Set[str] = set()
         self.source_dir = source_dir
         self.render_dynamic_blocks_env_var = os.getenv('CHECKOV_RENDER_DYNAMIC_MODULES', 'True')
-        self.enable_nested_modules = strtobool(os.getenv('CHECKOV_ENABLE_NESTED_MODULES', 'True'))
         self.use_new_tf_parser = strtobool(os.getenv('CHECKOV_NEW_TF_PARSER', 'True'))
 
     def __eq__(self, other: object) -> bool:
@@ -73,7 +71,6 @@ def to_dict(self) -> dict[str, Any]:
             'resources_types': self.resources_types,
             'source_dir': self.source_dir,
             'render_dynamic_blocks_env_var': self.render_dynamic_blocks_env_var,
-            'enable_nested_modules': self.enable_nested_modules,
             'use_new_tf_parser': self.use_new_tf_parser,
             'blocks': [block.to_dict() for block in self.blocks]
         }
@@ -93,7 +90,6 @@ def from_dict(module_dict: dict[str, Any]) -> Module:
         module.resources_types = module_dict.get('resources_types', set())
         module.source_dir = module_dict.get('source_dir', '')
         module.render_dynamic_blocks_env_var = module_dict.get('render_dynamic_blocks_env_var', '')
-        module.enable_nested_modules = module_dict.get('enable_nested_modules', False)
         module.use_new_tf_parser = module_dict.get('use_new_tf_parser', False)
         return module
 
@@ -105,41 +101,18 @@ def add_blocks(
             self._block_type_to_func[block_type](self, blocks, path)
 
     def _add_to_blocks(self, block: TerraformBlock) -> None:
-        if self.enable_nested_modules:
-            if self.use_new_tf_parser:
-                if isinstance(block.path, str):
-                    block.source_module_object = None
-                    block.path = block.path
-                else:
-                    block.source_module_object = block.path.tf_source_modules
-                    block.path = block.path.file_path
+        if self.use_new_tf_parser:
+            if isinstance(block.path, str):
+                block.source_module_object = None
+                block.path = block.path
             else:
-                block.module_dependency, block.module_dependency_num = get_module_from_full_path(block.path)
-                block.path = get_abs_path(block.path)
-            self.blocks.append(block)
-            return
-
-        dependencies = self.module_dependency_map.get(os.path.dirname(block.path),
-                                                      []) if self.module_dependency_map else []
-        module_dependency_num = ""
-        if not dependencies:
-            dependencies = [[]]
-        for dep_idx, dep_trail in enumerate(dependencies):
-            if dep_idx > 0:
-                block = pickle_deepcopy(block)
-            block.module_dependency = unify_dependency_path(dep_trail)
-
-            if block.module_dependency:
-                module_dependency_numbers = self.dep_index_mapping.get((block.path, dep_trail[-1]),
-                                                                       []) if self.dep_index_mapping else []
-                for mod_idx, module_dep_num in enumerate(module_dependency_numbers):
-                    if mod_idx > 0:
-                        block = pickle_deepcopy(block)
-                    block.module_dependency_num = module_dep_num
-                    self.blocks.append(block)
-            else:
-                block.module_dependency_num = module_dependency_num
-                self.blocks.append(block)
+                block.source_module_object = block.path.tf_source_modules
+                block.path = block.path.file_path
+        else:
+            block.module_dependency, block.module_dependency_num = get_module_from_full_path(block.path)
+            block.path = get_abs_path(block.path)
+        self.blocks.append(block)
+        return
 
     def _add_provider(self, blocks: List[Dict[str, Dict[str, Any]]], path: str | TFDefinitionKey) -> None:
         for provider_dict in blocks:

checkov/terraform/graph_builder/graph_to_tf_definitions.py

@@ -43,5 +43,5 @@ def convert_graph_vertices_to_tf_definitions(
 def add_breadcrumbs(vertex: TerraformBlock, breadcrumbs: Dict[str, Dict[str, Any]], relative_block_path: str) -> None:
     vertex_breadcrumbs = vertex.breadcrumbs
     if vertex_breadcrumbs:
-        vertex_key = vertex.name if not strtobool(os.getenv('CHECKOV_ENABLE_NESTED_MODULES', 'True')) else vertex.attributes.get(CustomAttributes.TF_RESOURCE_ADDRESS, vertex.name)
+        vertex_key = vertex.attributes.get(CustomAttributes.TF_RESOURCE_ADDRESS, vertex.name)
         breadcrumbs.setdefault(relative_block_path, {})[vertex_key] = vertex_breadcrumbs

checkov/terraform/graph_builder/local_graph.py

@@ -759,8 +759,6 @@ def update_list_attribute(
 def get_path_with_nested_modules(block: TerraformBlock) -> str:
     if not block.module_dependency:
         return block.path
-    if not strtobool(os.getenv('CHECKOV_ENABLE_NESTED_MODULES', 'True')):
-        return unify_dependency_path([block.module_dependency, block.path])  # type:ignore[no-any-return]  # will be fixed when removing terraform/checks from mypy exclusion
     return get_tf_definition_key_from_module_dependency(block.path, block.module_dependency, block.module_dependency_num)  # type:ignore[arg-type]  # will be fixed when removing terraform/checks from mypy exclusion
 
 

checkov/terraform/plan_runner.py

@@ -28,8 +28,7 @@
 from checkov.terraform.checks.resource.registry import resource_registry
 from checkov.terraform.context_parsers.registry import parser_registry
 from checkov.terraform.plan_parser import TF_PLAN_RESOURCE_ADDRESS
-from checkov.terraform.plan_utils import create_definitions, build_definitions_context, \
-    get_resource_id_without_nested_modules
+from checkov.terraform.plan_utils import create_definitions, build_definitions_context
 from checkov.terraform.runner import Runner as TerraformRunner, merge_reports
 from checkov.terraform.deep_analysis_plan_graph_manager import DeepAnalysisGraphManager
 
@@ -121,11 +120,7 @@ def run(
                 for vertex in self.tf_plan_local_graph.vertices:
                     if vertex.block_type == BlockType.RESOURCE:
                         address = vertex.attributes.get(CustomAttributes.TF_RESOURCE_ADDRESS)
-                        if self.enable_nested_modules:
-                            report.add_resource(f'{vertex.path}:{address}')
-                        else:
-                            resource_id = get_resource_id_without_nested_modules(address)
-                            report.add_resource(f'{vertex.path}:{resource_id}')
+                        report.add_resource(f'{vertex.path}:{address}')
                 self.graph_manager.save_graph(self.tf_plan_local_graph)
                 if self._should_run_deep_analysis:
                     tf_local_graph = self._create_terraform_graph(runner_filter)
@@ -226,7 +221,6 @@ def run_block(self, entities,
                 entity_lines_range = [entity_context.get('start_line'), entity_context.get('end_line')]
                 entity_code_lines = entity_context.get('code_lines')
                 entity_address = entity_context.get('address')
-                entity_id = entity_address if self.enable_nested_modules else get_resource_id_without_nested_modules(entity_address)
                 _, _, entity_config = registry.extract_entity_details(entity)
 
                 results = registry.scan(scanned_file, entity, [], runner_filter, report_type=CheckType.TERRAFORM_PLAN)
@@ -249,7 +243,7 @@ def run_block(self, entities,
                         code_block=censored_code_lines,
                         file_path=scanned_file,
                         file_line_range=entity_lines_range,
-                        resource=entity_id,
+                        resource=entity_address,
                         resource_address=entity_address,
                         evaluations=None,
                         check_class=check.__class__.__module__,