Skip to content

feat(provisioner/terraform/tfparse): add support for built-in Terraform functions #16183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 20, 2025
Merged

feat(provisioner/terraform/tfparse): add support for built-in Terraform functions #16183

merged 3 commits into from
Jan 20, 2025

Conversation

johnstcn
Copy link
Member

@johnstcn johnstcn commented Jan 17, 2025
edited
Loading

Relates to #15977

Adds support for some functions in tfparse (only functions that do not reference local files).
NOTE: for now, I'm importing trivy-iac. If we prefer to avoid a little dependency, I can do a little copying instead.

@johnstcn johnstcn self-assigned this Jan 17, 2025
@johnstcn johnstcn changed the title feat(tfparse): add support for built-in Terraform functions feat(provisioner/terraform/tfparse): add support for built-in Terraform functions Jan 17, 2025
dannykopping
dannykopping approved these changes Jan 20, 2025
View reviewed changes
Copy link
Contributor

@dannykopping dannykopping left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo a confusing comment

@johnstcn johnstcn merged commit 4ba0b39 into main Jan 20, 2025
31 checks passed
@johnstcn johnstcn deleted the cj/tfparse-funcs branch January 20, 2025 11:04
@github-actions github-actions bot locked and limited conversation to collaborators Jan 20, 2025
dannykopping
dannykopping reviewed Jan 20, 2025
View reviewed changes
provisioner/terraform/tfparse/funcs.go
// We cannot support all available functions here, as the result of reading a file will be different
// depending on the execution environment.
safeFunctions = map[string]function.Function{
"abs": stdlib.AbsoluteFunc,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Post-merge thought: how do we align Terraform versions?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From what I could tell it doesn't look like these functions change all that often.

However, f Terraform adds a new function in future, we'll need to add support for it ourselves. Then again, so will aquasec/trivy-iac. This is an unfortunate consequence of Terraform having made the bulk of their internal functions un-importable.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, I think we're fine here and we can just update the lib.
My only concern is if they change the semantics of the functions between versions, but I doubt they'd do that.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dannykopping dannykopping dannykopping approved these changes

@Emyrk Emyrk Emyrk approved these changes

Assignees

@johnstcn johnstcn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johnstcn @dannykopping @Emyrk