Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

break(terraform): return UNKNOWN for unrendered values in graph checks #3689

Merged
merged 21 commits into from
Oct 26, 2022
Merged

break(terraform): return UNKNOWN for unrendered values in graph checks #3689

merged 21 commits into from
Oct 26, 2022

Conversation

YaaraVerner
Copy link
Contributor

@YaaraVerner YaaraVerner commented Oct 18, 2022
edited
Loading

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Added UNKNOWN graph check result for unrendered attributes.

Added a new list of unknown results to the return value of the solvers' run function.
Changed the return value of get_operation function in attribute and complex solvers to Optional[bool], None value will indicate UNKNOWN check result.
Added a new list of unknown results to the return value of the connections solvers' get_operation function.

Removed the handling of this use case in specific solvers.
Adjusted the solvers' tests to expect UNKNOWN results for those use cases.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@YaaraVerner YaaraVerner marked this pull request as ready for review October 25, 2022 14:57
@YaaraVerner YaaraVerner changed the title feat(terraform): return UNKNOWN for unrendered values in graph attribute solvers feat(terraform): return UNKNOWN for unrendered values in graph checks Oct 25, 2022
nimrodkor
nimrodkor reviewed Oct 25, 2022
View reviewed changes
Copy link
Contributor

@nimrodkor nimrodkor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice @YaaraVerner !
Small comments

checkov/common/checks_infra/solvers/attribute_solvers/not_exists_attribute_solver.py Outdated Show resolved Hide resolved
checkov/common/checks_infra/solvers/complex_solvers/and_solver.py Show resolved Hide resolved
checkov/common/checks_infra/solvers/complex_solvers/and_solver.py Outdated Show resolved Hide resolved
gruebel
gruebel reviewed Oct 25, 2022
View reviewed changes
Copy link
Contributor

@gruebel gruebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice work, a lot to dig through 😄 added a few comments

checkov/common/checks_infra/solvers/attribute_solvers/base_attribute_solver.py Outdated Show resolved Hide resolved
checkov/common/checks_infra/solvers/complex_solvers/base_complex_solver.py Show resolved Hide resolved
checkov/common/checks_infra/solvers/connections_solvers/and_connection_solver.py Show resolved Hide resolved
checkov/common/checks_infra/solvers/connections_solvers/and_connection_solver.py Outdated Show resolved Hide resolved
gruebel
gruebel approved these changes Oct 26, 2022
View reviewed changes
Copy link
Contributor

@gruebel gruebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, great work 🥇

@gruebel gruebel mentioned this pull request Oct 26, 2022
Merged
7 tasks
@gruebel gruebel changed the title feat(terraform): return UNKNOWN for unrendered values in graph checks break(terraform): return UNKNOWN for unrendered values in graph checks Oct 26, 2022
@YaaraVerner YaaraVerner merged commit edb9560 into master Oct 26, 2022
@YaaraVerner YaaraVerner deleted the handle-unrendered-values-in-attribute-graph-checks branch October 26, 2022 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nimrodkor nimrodkor nimrodkor left review comments

@gruebel gruebel gruebel approved these changes

@tronxd tronxd tronxd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@YaaraVerner @tronxd @nimrodkor @gruebel