From 1ac18b31b182b97f30a7749d6f64154bae6993a8 Mon Sep 17 00:00:00 2001 From: Pankaj Patil Date: Sat, 1 May 2021 01:14:49 +0530 Subject: [PATCH] fix - #718 --- pkg/cli/run_test.go | 13 +++++++++++++ pkg/cli/testdata/run-test/tf-plan.json | 1 + pkg/runtime/executor.go | 3 ++- 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 pkg/cli/testdata/run-test/tf-plan.json diff --git a/pkg/cli/run_test.go b/pkg/cli/run_test.go index 956577d79..fdcfdfde0 100644 --- a/pkg/cli/run_test.go +++ b/pkg/cli/run_test.go @@ -65,6 +65,7 @@ func TestRun(t *testing.T) { kustomizeTestDirPath := filepath.Join(runTestDir, "kustomize-test") testTerraformFilePath := filepath.Join(runTestDir, "config-only.tf") testRemoteModuleFilePath := filepath.Join(runTestDir, "remote-modules.tf") + testTFJSONFilePath := filepath.Join(runTestDir, "tf-plan.json") ruleSlice := []string{"AWS.ECR.DataSecurity.High.0579", "AWS.SecurityGroup.NetworkPortsSecurity.Low.0561"} @@ -128,6 +129,18 @@ func TestRun(t *testing.T) { outputType: "yaml", }, }, + { + // test for https://github.com/accurics/terrascan/issues/718 + // a valid tfplan file is supplied, error is not expected + name: "iac type is tfplan and -f option used to specify the tfplan.json", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacType: "tfplan", + iacFilePath: testTFJSONFilePath, + outputType: "yaml", + }, + wantErr: false, + }, { name: "config-only flag k8s", scanOptions: &ScanOptions{ diff --git a/pkg/cli/testdata/run-test/tf-plan.json b/pkg/cli/testdata/run-test/tf-plan.json new file mode 100644 index 000000000..85aec2b63 --- /dev/null +++ b/pkg/cli/testdata/run-test/tf-plan.json @@ -0,0 +1 @@ +{"format_version":"0.1","terraform_version":"0.13.5","variables":{"s3_bucket_prefix":{"value":"sample_prefix_test20"}},"planned_values":{"root_module":{"resources":[{"address":"aws_s3_bucket.demo-example","mode":"managed","type":"aws_s3_bucket","name":"demo-example","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"acl":"private","bucket":"demoexample-1","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"versioning":[{"enabled":false,"mfa_delete":false}],"website":[]}},{"address":"aws_s3_bucket.demo-s3","mode":"managed","type":"aws_s3_bucket","name":"demo-s3","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"acl":"private","bucket":"sample_prefix_test20-terraformcloud","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"versioning":[{"enabled":false,"mfa_delete":false}],"website":[]}}]}},"resource_changes":[{"address":"aws_s3_bucket.demo-example","mode":"managed","type":"aws_s3_bucket","name":"demo-example","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"acl":"private","bucket":"demoexample-1","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"versioning":[{"enabled":false,"mfa_delete":false}],"website":[]},"after_unknown":{"acceleration_status":true,"arn":true,"bucket_domain_name":true,"bucket_regional_domain_name":true,"cors_rule":[],"grant":[],"hosted_zone_id":true,"id":true,"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"region":true,"replication_configuration":[],"request_payer":true,"server_side_encryption_configuration":[],"versioning":[{}],"website":[],"website_domain":true,"website_endpoint":true}}},{"address":"aws_s3_bucket.demo-s3","mode":"managed","type":"aws_s3_bucket","name":"demo-s3","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"acl":"private","bucket":"sample_prefix_test20-terraformcloud","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"versioning":[{"enabled":false,"mfa_delete":false}],"website":[]},"after_unknown":{"acceleration_status":true,"arn":true,"bucket_domain_name":true,"bucket_regional_domain_name":true,"cors_rule":[],"grant":[],"hosted_zone_id":true,"id":true,"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"region":true,"replication_configuration":[],"request_payer":true,"server_side_encryption_configuration":[],"versioning":[{}],"website":[],"website_domain":true,"website_endpoint":true}}}],"configuration":{"provider_config":{"aws":{"name":"aws","expressions":{"region":{"constant_value":"us-east-1"}}}},"root_module":{"resources":[{"address":"aws_s3_bucket.demo-example","mode":"managed","type":"aws_s3_bucket","name":"demo-example","provider_config_key":"aws","expressions":{"bucket":{"constant_value":"demoexample-1"},"versioning":[{"enabled":{"constant_value":false},"mfa_delete":{"constant_value":false}}]},"schema_version":0},{"address":"aws_s3_bucket.demo-s3","mode":"managed","type":"aws_s3_bucket","name":"demo-s3","provider_config_key":"aws","expressions":{"bucket":{"references":["var.s3_bucket_prefix"]},"versioning":[{"enabled":{"constant_value":false},"mfa_delete":{"constant_value":false}}]},"schema_version":0}],"variables":{"s3_bucket_prefix":{"default":"sample_prefix_test20"}}}}} \ No newline at end of file diff --git a/pkg/runtime/executor.go b/pkg/runtime/executor.go index 7e3598182..55dccd417 100644 --- a/pkg/runtime/executor.go +++ b/pkg/runtime/executor.go @@ -163,7 +163,8 @@ func (e *Executor) Execute() (results Output, err error) { // when dir path has value, only then it will 'all iac' scan // when file path has value, we will go with the only iac provider in the list - if e.dirPath != "" { + // default value for dir path is '.' + if e.dirPath != "" && e.dirPath != "." { // get all resource configs in the directory resourceConfig, merr = e.getResourceConfigs() } else {