Skip to content

fix(terraform_plan): plan connection detection with unresolved refs #7301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 6 commits into from
Closed

fix(terraform_plan): plan connection detection with unresolved refs #7301

wants to merge 6 commits into from

Conversation

omriyoffe-panw
Copy link
Contributor

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

New/Edited policies (Delete if not relevant)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

@omriyoffe-panw
fix access to list by str in tf plan under _handle_complex_after_unknown
c49e709
@omriyoffe-panw
ut
2c94e8c
@omriyoffe-panw
fix: Resolve unresolved connections in terraform plan files
c19c75b 
- Added PlanConnectionResolver to infer connections when plan values are unresolved
- Enhanced DeepAnalysisGraphManager to use the resolver for plan files
- Handles cases where target_resource_id and similar attributes are unknown at plan time
- Infers connections based on module structure and resource types
- Added comprehensive tests for the new functionality

This fixes connection-type external checks that fail on terraform plan files
when resource references are only resolved during terraform apply.

Fixes issue with Azure Monitor Diagnostic Settings connections to resources
like Redis Cache when using for_each loops with dynamic references.
@omriyoffe-panw
refactor: Simplify DeepAnalysisGraphManager by removing redundant code
d334a6f 
- Removed all redundant inference methods (400+ lines)
- Now relies solely on PlanConnectionResolver for unresolved connections
- Changed verbose INFO logging to DEBUG level
- Simplified from 481 lines to 87 lines (82% reduction)

The fix still works correctly as verified by tests. This refactoring:
- Eliminates maintenance burden of duplicate systems
- Improves performance by avoiding recursive attribute scanning
- Makes the code cleaner and more maintainable
- Keeps the same functionality with much less complexity
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@omriyoffe-panw