Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(terraform): correctly evaluate CKV_AWS_37 when there's a dynamic … #6792

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(terraform): correctly evaluate CKV_AWS_37 when there's a dynamic … #6792

wants to merge 2 commits into from
+97 −4

Conversation

Alex-Waring
Copy link

@Alex-Waring Alex-Waring commented Oct 24, 2024
edited by baz-reviewer bot
Loading

User description

…block

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

For reasons that are beyond me, enabled_cluster_log_types is a list of strings normally, but when there's a dynamic block added to the resource it becomes a list of list of strings. This PR adds tests to confirm that this is indeed an issue (if you run the test file against the check in master then it fails on aws_eks_cluster.fully_enabled_with_dynamic_block), and fixes the issue by checking the type before itterating.

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

Generated description

Below is a concise technical summary of the changes proposed in this PR:

TopicDetails
Fix logging check Updates the EKSControlPlaneLogging check to handle dynamic blocks in AWS EKS cluster resources
Modified files (1)
  • checkov/terraform/checks/resource/aws/EKSControlPlaneLogging.py
Latest Contributors(2)
UserCommitDate
manuchandrasekhar@gmai...fix-terraform-and-cdk-...January 28, 2024
[email protected]fix-terraform-handle-e...November 16, 2022
Add tests Adds test cases for the EKSControlPlaneLogging check, including Terraform configurations and Python unit tests
Modified files (2)
  • tests/terraform/checks/resource/aws/example_EKSControlPlaneLogging/main.tf
  • tests/terraform/checks/resource/aws/test_EKSControlPlaneLogging.py
Latest Contributors(2)
UserCommitDate
[email protected]fix-terraform-handle-e...November 16, 2022
gruebelfix-flake8-issue-W391-...March 25, 2022
 This pull request is reviewed by Baz. Join @Alex-Waring and the rest of your team on (Baz).

@Alex-Waring
Copy link
Author

@bo156 @gruebel can you take a look or find someone to please?

@Alex-Waring
Copy link
Author

@Saarett I see you were active on my other PR, this one is ready for review if you have time please

@tsmithv11
Copy link
Collaborator

@Alex-Waring looks good, but can you fixe the flake8 errors?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Alex-Waring @tsmithv11