Skip to content

Commit

Permalink
test(terraform): skip cached modules (aquasecurity#6281)
Browse files Browse the repository at this point in the history
  • Loading branch information
nikpivkin authored Mar 8, 2024
1 parent 6639911 commit d7d7265
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 14 deletions.
2 changes: 1 addition & 1 deletion pkg/iac/scanners/terraform/module_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -600,7 +600,7 @@ variable "group" {
type = string
}
resource aws_iam_group_policy mfa {
resource "aws_iam_group_policy" "mfa" {
group = var.group
policy = data.aws_iam_policy_document.policy.json
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/iac/scanners/terraform/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ func ScannerWithDownloadsAllowed(allowed bool) options.ScannerOption {
func ScannerWithSkipCachedModules(b bool) options.ScannerOption {
return func(s options.ConfigurableScanner) {
if tf, ok := s.(ConfigurableTerraformScanner); ok {
tf.AddParserOptions(parser.OptionWithDownloads(b))
tf.AddParserOptions(parser.OptionWithSkipCachedModules(b))
}
}
}
Expand Down
25 changes: 13 additions & 12 deletions pkg/iac/scanners/terraform/parser/evaluator.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,18 +73,19 @@ func newEvaluator(
}

return &evaluator{
filesystem: target,
parentParser: parentParser,
modulePath: modulePath,
moduleName: moduleName,
projectRootPath: projectRootPath,
ctx: ctx,
blocks: blocks,
inputVars: inputVars,
moduleMetadata: moduleMetadata,
ignores: ignores,
debug: logger,
allowDownloads: allowDownloads,
filesystem: target,
parentParser: parentParser,
modulePath: modulePath,
moduleName: moduleName,
projectRootPath: projectRootPath,
ctx: ctx,
blocks: blocks,
inputVars: inputVars,
moduleMetadata: moduleMetadata,
ignores: ignores,
debug: logger,
allowDownloads: allowDownloads,
skipCachedModules: skipCachedModules,
}
}

Expand Down
2 changes: 2 additions & 0 deletions pkg/iac/scanners/terraform/scanner_integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@ deny[cause] {
t.Run("with skip", func(t *testing.T) {
scanner := New(
ScannerWithSkipDownloaded(true),
ScannerWithSkipCachedModules(true),
options.ScannerWithPolicyDirs("rules"),
options.ScannerWithRegoOnly(true),
options.ScannerWithEmbeddedPolicies(false),
Expand Down Expand Up @@ -229,6 +230,7 @@ deny[res] {

scanner := New(
ScannerWithSkipDownloaded(true),
ScannerWithSkipCachedModules(true),
options.ScannerWithPolicyDirs("rules"),
options.ScannerWithRegoOnly(true),
options.ScannerWithEmbeddedLibraries(true),
Expand Down
4 changes: 4 additions & 0 deletions pkg/iac/scanners/terraformplan/snapshot/scanner_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (

"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/scanners/options"
tfscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform"
"github.com/samber/lo"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
Expand All @@ -23,6 +24,8 @@ func initScanner(opts ...options.ScannerOption) *Scanner {
options.ScannerWithPolicyNamespaces("user"),
options.ScannerWithPolicyDirs("."),
options.ScannerWithRegoOnly(true),
options.ScannerWithRegoErrorLimits(0),
tfscanner.ScannerWithSkipCachedModules(true),
}

opts = append(opts, defaultOpts...)
Expand Down Expand Up @@ -110,6 +113,7 @@ func Test_ScanFS(t *testing.T) {
options.ScannerWithEmbeddedLibraries(false),
options.ScannerWithEmbeddedPolicies(false),
options.ScannerWithRegoErrorLimits(0),
tfscanner.ScannerWithSkipCachedModules(true),
)

results, err := scanner.ScanFS(context.TODO(), fs, path.Join(tc.dir, "tfplan"))
Expand Down

0 comments on commit d7d7265

Please sign in to comment.