diff --git a/checkov/terraform/plan_parser.py b/checkov/terraform/plan_parser.py index d7c17423a3..0c26bd0c9d 100644 --- a/checkov/terraform/plan_parser.py +++ b/checkov/terraform/plan_parser.py @@ -34,6 +34,7 @@ "aws_iam_user_policy": "policy", "aws_ssoadmin_permission_set_inline_policy": "inline_policy", "azurerm_portal_dashboard": "dashboard_properties", + "aws_vpc_endpoint": "policy", "aws_vpc_endpoint_policy": "policy", "aws_ecr_registry_policy": "policy", "aws_acmpca_policy": "policy", diff --git a/tests/terraform/parser/resources/plan_vpc_endpoint/tfplan.json b/tests/terraform/parser/resources/plan_vpc_endpoint/tfplan.json new file mode 100644 index 0000000000..d050e8729a --- /dev/null +++ b/tests/terraform/parser/resources/plan_vpc_endpoint/tfplan.json @@ -0,0 +1,34 @@ +{ + "planned_values": { + "root_module": { + "resources": [ + { + "address": "aws_vpc_endpoint.test", + "mode": "managed", + "type": "aws_vpc_endpoint", + "name": "test", + "values": { + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"*\",\"Resource\":\"*\"}]}" + } + } + ] + } + }, + "configuration": { + "root_module": { + "resources": [ + { + "address": "aws_vpc_endpoint.test", + "mode": "managed", + "type": "aws_vpc_endpoint", + "name": "test", + "expressions": { + "policy": { + "constant_value": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"*\",\"Resource\":\"*\"}]}" + } + } + } + ] + } + } +} diff --git a/tests/terraform/parser/test_plan_parser.py b/tests/terraform/parser/test_plan_parser.py index 554ffe6c53..75a5b8668b 100644 --- a/tests/terraform/parser/test_plan_parser.py +++ b/tests/terraform/parser/test_plan_parser.py @@ -134,5 +134,17 @@ def test_large_file(mocker: MockerFixture): assert tf_definition['resource'][0]['aws_s3_bucket']['b']['end_line'][0] == 0 + def test_vpc_endpoint_policy_is_parsed(self): + current_dir = os.path.dirname(os.path.realpath(__file__)) + valid_plan_path = current_dir + "/resources/plan_vpc_endpoint/tfplan.json" + tf_definition, _ = parse_tf_plan(valid_plan_path, {}) + file_resource_definition = tf_definition['resource'][0] + resource_definition = next(iter(file_resource_definition.values())) + resource_attributes = next(iter(resource_definition.values())) + self.assertIn('policy', resource_attributes) + policy = resource_attributes['policy'][0] + self.assertIn('Statement', policy) + + if __name__ == '__main__': unittest.main()