Skip to content

feat(terraform): add aws_vpc_endpoint to RESOURCE_TYPES_JSONIFY #7281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 25, 2025
Merged

feat(terraform): add aws_vpc_endpoint to RESOURCE_TYPES_JSONIFY #7281

merged 2 commits into from
Aug 25, 2025

Conversation

guyg-palo
Copy link
Contributor

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

This change adds support for JSON-parsing the policy attribute of aws_vpc_endpoint resources in Terraform plan files. This allows Checkov to correctly evaluate policies that use the jsonpath_exists operator on the policy attribute of these resources.

Fixed Issue

This change fixes an issue where policies using the jsonpath_exists operator on the policy attribute of aws_vpc_endpoint resources would fail during Terraform plan scans.

Motivation and Context

Currently, the Terraform plan parser in Checkov does not recognize the policy attribute of aws_vpc_endpoint resources as a JSON object. As a result, the attribute is treated as a string, which causes the jsonpath_exists operator to fail. This change adds the aws_vpc_endpoint resource type to the RESOURCE_TYPES_JSONIFY dictionary in checkov/terraform/plan_parser.py, which instructs the parser to treat the policy attribute as a JSON object. This allows policies to correctly check for the existence of specific attributes within the policy, such as Statement.

Dependencies

There are no new dependencies required for this change.

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

@lirshindalman lirshindalman merged commit 63ec7e8 into main Aug 25, 2025
46 checks passed
@lirshindalman lirshindalman deleted the feat/vpc-endpoint-policy-fix branch August 25, 2025 08:07
Saarett pushed a commit that referenced this pull request Aug 25, 2025
@guyg-palo @actions-user
feat(terraform): add aws_vpc_endpoint to RESOURCE_TYPES_JSONIFY (#7281)
4149d32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bo156 bo156 bo156 approved these changes

@lirshindalman lirshindalman lirshindalman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@guyg-palo @bo156 @lirshindalman