Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(terraform): correctly evaluate CKV_AWS_37 when there's a dynamic … #6792

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(terraform): correctly evaluate CKV_AWS_37 when there's a dynamic … #6792

wants to merge 1 commit into from
+97 −4

Conversation

Alex-Waring
Copy link

@Alex-Waring Alex-Waring commented Oct 24, 2024
edited by baz-review bot
Loading

User description

…block

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

For reasons that are beyond me, enabled_cluster_log_types is a list of strings normally, but when there's a dynamic block added to the resource it becomes a list of list of strings. This PR adds tests to confirm that this is indeed an issue (if you run the test file against the check in master then it fails on aws_eks_cluster.fully_enabled_with_dynamic_block), and fixes the issue by checking the type before itterating.

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

Generated description

Dear maintainer, below is a concise technical summary of the changes proposed in this PR:

Address an issue in the EKSControlPlaneLogging class where the enabled_cluster_log_types configuration can be a list of lists when a dynamic block is present. This pull request modifies the logic to correctly evaluate the configuration by checking the type before iterating. Additionally, new test cases are added in test_EKSControlPlaneLogging.py to ensure the fix is effective, including scenarios with dynamic blocks.

TopicDetails
EKS Logging Tests Add test cases to verify the fix for dynamic block handling in EKS logging.
Modified files (2)
  • tests/terraform/checks/resource/aws/test_EKSControlPlaneLogging.py
  • tests/terraform/checks/resource/aws/example_EKSControlPlaneLogging/main.tf
Latest Contributors(2)
EmailCommitDate
[email protected]fix-terraform-handle-e...November 16, 2022
[email protected]fix-flake8-issue-W391-...March 25, 2022
EKS Logging Fix Fix the evaluation logic in EKSControlPlaneLogging to handle dynamic blocks correctly.
Modified files (1)
  • checkov/terraform/checks/resource/aws/EKSControlPlaneLogging.py
Latest Contributors(2)
EmailCommitDate
manuchandrasekhar@gmai...fix-terraform-and-cdk-...January 28, 2024
[email protected]fix-terraform-handle-e...November 16, 2022
This pull request is reviewed by Baz. Join @Alex-Waring and the rest of your team on (Baz).

@Alex-Waring
Copy link
Author

@bo156 @gruebel can you take a look or find someone to please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Alex-Waring