fix(terraform): Fix possible exception when for_each data has boolean…

… values (#6733) Fix possible Terraform for_each bool exception fix comment Co-authored-by: LirShindalman <[email protected]> Co-authored-by: Saar Ettinger <[email protected]>
bridgecrewio · Oct 31, 2024 · f5670d9 · f5670d9
1 parent 0f86a2a
commit f5670d9
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 1 deletion.
diff --git a/checkov/terraform/graph_builder/foreach/abstract_handler.py b/checkov/terraform/graph_builder/foreach/abstract_handler.py
@@ -131,7 +131,9 @@ def _update_attributes(self, attrs: dict[str, Any], key_to_val_changes: dict[str
                                 if attrs[k][0] == dollar_wrapped_str_to_replace:
                                     attrs[k][0] = inner_value
                                     v_changed = True
-                                    continue
+                                    # Since we assigned a value to attrs[k][0] we don't need to check the value again for
+                                    # interpolations to replace, we can break out of the loop
+                                    break
                                 elif dollar_wrapped_str_to_replace in attrs[k][0]:
                                     str_to_replace = dollar_wrapped_str_to_replace
                                 attrs[k][0] = attrs[k][0].replace(str_to_replace, str(inner_value))

diff --git a/tests/terraform/graph/variable_rendering/test_resources/dynamic_blocks_tfvars_merge/main.tf b/tests/terraform/graph/variable_rendering/test_resources/dynamic_blocks_tfvars_merge/main.tf
@@ -5,6 +5,7 @@ resource "aws_instance" "this" {
   instance_type          = var.instance_type
   key_name               = var.key_name
   private_ip             = each.value.private_ip
+  monitoring             = each.value.monitoring
 
   tags = merge(each.value.tags, { Name = each.value.name }, {})
 

diff --git a/...form/graph/variable_rendering/test_resources/dynamic_blocks_tfvars_merge/terraform.tfvars b/...form/graph/variable_rendering/test_resources/dynamic_blocks_tfvars_merge/terraform.tfvars
@@ -3,12 +3,14 @@ key_name                = "test1"
 vmhosts = [
     {
         name            = "vm1"
+        monitoring      = false
         tags            = { Environment = "prod", Department = "Testing" }
         private_ip      = "11.101.33.254"
         ports           = [ 22 ]
     },    
     {
         name            = "vm2"
+        monitoring      = false
         tags            = { Environment = "Test" }
         private_ip      = "22.212.0.200"
         ports           = [ 80 ]

diff --git a/...erraform/graph/variable_rendering/test_resources/dynamic_blocks_tfvars_merge/variables.tf b/...erraform/graph/variable_rendering/test_resources/dynamic_blocks_tfvars_merge/variables.tf
@@ -10,6 +10,7 @@ variable "vmhosts" {
   description = "VM hosts with configuration"
   type = list(object({
     name           = string
+    monitoring     = bool
     tags           = map(string)
     private_ip     = string
     ports          = list(number)