feat(terraform): Add Env Var for rendering Dynamic Blocks (#3816)

* Add Env Var for rendering Dynamic Modules * CR fix * Update checkov/terraform/graph_builder/graph_components/module.py Co-authored-by: Anton Grübel <[email protected]> * CR fix Co-authored-by: Anton Grübel <[email protected]>
bridgecrewio · Nov 8, 2022 · b71749b · b71749b
1 parent ae68817
commit b71749b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/checkov/terraform/graph_builder/graph_components/module.py b/checkov/terraform/graph_builder/graph_components/module.py
@@ -37,6 +37,7 @@ def __init__(
         self.source = ""
         self.resources_types: Set[str] = set()
         self.source_dir = source_dir
+        self.render_dynamic_blocks_env_var = os.getenv('CHECKOV_RENDER_DYNAMIC_MODULES', 'True')
 
     def add_blocks(
         self, block_type: BlockType, blocks: List[Dict[str, Dict[str, Any]]], path: str, source: str
@@ -151,7 +152,10 @@ def _add_resource(self, blocks: List[Dict[str, Dict[str, Any]]], path: str) -> N
                     attributes = self.clean_bad_characters(resource_conf)
                     if not isinstance(attributes, dict):
                         continue
-                    has_dynamic_block = handle_dynamic_values(attributes)
+                    if self.render_dynamic_blocks_env_var.lower() == 'false':
+                        has_dynamic_block = False
+                    else:
+                        has_dynamic_block = handle_dynamic_values(attributes)
                     provisioner = attributes.get("provisioner")
                     if provisioner:
                         self._handle_provisioner(provisioner, attributes)

diff --git a/tests/terraform/graph/variable_rendering/test_renderer.py b/tests/terraform/graph/variable_rendering/test_renderer.py
@@ -1,5 +1,6 @@
 import os
 from pathlib import Path
+from unittest import mock
 from unittest.case import TestCase
 
 from checkov.common.graph.db_connectors.networkx.networkx_db_connector import NetworkxConnector
@@ -298,3 +299,11 @@ def test_list_entry_rendering_module_vars(self):
             resource_vertex.config["aws_security_group"]["sg"]["egress"][0]["cidr_blocks"][0],
             ["10.0.0.0/16", "0.0.0.0/0"],
         )
+
+    def test_dynamic_with_env_var_false(self):
+        os.environ['CHECKOV_RENDER_DYNAMIC_MODULES'] = 'False'
+        graph_manager = TerraformGraphManager('m', ['m'])
+        local_graph, _ = graph_manager.build_graph_from_source_directory(os.path.join(TEST_DIRNAME, "test_resources", "dynamic_blocks_resource"), render_variables=True)
+        resources_vertex = list(filter(lambda v: v.block_type == BlockType.RESOURCE, local_graph.vertices))
+        assert not resources_vertex[0].attributes.get('ingress')
+        assert not resources_vertex[0].attributes.get('egress')