fixup! feat(tfparse): add support for built-in Terraform functions

coder · johnstcn · Jan 20, 2025 · Jan 17, 2025 · Jan 17, 2025 · Jan 20, 2025
commit 7a2b80432680ea7fc6f94ecfc68ebf1e40e1ac7e
diff --git a/coderd/templateversions_test.go b/coderd/templateversions_test.go
@@ -489,11 +489,11 @@ func TestPostTemplateVersionsByOrganization(t *testing.T) {
 								"foo": "bar",
 								"a": var.a,
 								"b": data.coder_parameter.b.value,
-								"test": try(null_resource.test.name, "whatever"),
+								"test": pathexpand("~/file.txt"),
 							}
 						}`,
 				},
-				expectError: `Function calls not allowed; Functions may not be called here.`,
+				expectError: `function "pathexpand" may not be used here`,
 			},
 			// We will allow coder_workspace_tags to set the scope on a template version import job
 			// BUT the user ID will be ultimately determined by the API key in the scope.

diff --git a/provisioner/terraform/tfparse/funcs.go b/provisioner/terraform/tfparse/funcs.go
@@ -1,14 +1,13 @@
 package tfparse
 
 import (
-	"fmt"
-
 	"github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/parser/funcs"
 	"github.com/hashicorp/hcl/v2/ext/tryfunc"
 	ctyyaml "github.com/zclconf/go-cty-yaml"
 	"github.com/zclconf/go-cty/cty"
 	"github.com/zclconf/go-cty/cty/function"
 	"github.com/zclconf/go-cty/cty/function/stdlib"
+	"golang.org/x/xerrors"
 )
 
 // Functions returns a set of functions that are safe to use in the context of
@@ -131,7 +130,8 @@ var (
 		"filesha1":         makeStubFunction("filesha1", cty.String, function.Parameter{Name: "path", Type: cty.String}),
 		"filesha256":       makeStubFunction("filesha256", cty.String, function.Parameter{Name: "path", Type: cty.String}),
 		"filesha512":       makeStubFunction("filesha512", cty.String, function.Parameter{Name: "path", Type: cty.String}),
-		"pathexpand":       makeStubFunction("pathexpand", cty.String, function.Parameter{Name: "path", Type: cty.String})}
+		"pathexpand":       makeStubFunction("pathexpand", cty.String, function.Parameter{Name: "path", Type: cty.String}),
+	}
 
 	allFunctions = mergeMaps(safeFunctions, unsafeFileFunctions)
 )
@@ -155,8 +155,8 @@ func makeStubFunction(name string, returnType cty.Type, params ...function.Param
 	var spec function.Spec
 	spec.Params = params
 	spec.Type = function.StaticReturnType(returnType)
-	spec.Impl = func(args []cty.Value, retType cty.Type) (cty.Value, error) {
-		return cty.UnknownVal(returnType), fmt.Errorf("function %q may not be used here", name)
+	spec.Impl = func(_ []cty.Value, _ cty.Type) (cty.Value, error) {
+		return cty.UnknownVal(returnType), xerrors.Errorf("function %q may not be used here", name)
 	}
 	return function.New(&spec)
 }
diff --git a/provisioner/terraform/tfparse/tfparse_test.go b/provisioner/terraform/tfparse/tfparse_test.go
@@ -482,7 +482,7 @@ func Test_WorkspaceTagDefaultsFromFile(t *testing.T) {
 							"cluster"   = "${"devel"}${"opers"}"
 							"region"    = try(split(".", var.region)[1], "placeholder")
 							"az"        = try(split(".", data.coder_parameter.az.value)[1], "placeholder")
-							"some_path" = pathexpand("file.txt")
+							"some_path" = pathexpand("~/file.txt")
 						}
 					}`,
 			},