fix(misconf): properly resolve local Terraform cache #7984
Labels
kind/bug
Categorizes issue or PR as related to a bug.
scan/misconfiguration
Issues relating to misconfiguration scanning
Milestone
We need to build the module key properly.
Discussed in #7981
Originally posted by marcinbelczewski November 22, 2024
Description
Because of how method
Block.ModuleName
interraform
package is implemented, Terraform modules nested more than two levels, fail to be resolved from Terraform cache.For example for modules' hierarchy
parent.child.grandchild
, where the folder in.terraform
folder carries exactly this nameparent.child.grandchild
,Block.ModuleName
method produces a nameparent.module.child.grandchild
which does not match the folder on disk, hence the cache is not utilized.Block.ModuleName
method stripsmodule
prefix from only root and leaf modules.I know how to fix this issue and can submit a PR.
Desired Behavior
Given the presence of the module in Terraform cache, all terraform modules in the hierarchy of modules, should be resolved from cache.
Actual Behavior
For three levels of hierarchy of modules, only the root module and the leaf module are resolved from cache, the middle module is being resolved from the source/registry.
Reproduction Steps
./modules/level_2/main.tf
./modules/level_3/main.tf
terraform init
trivy config . -d
It can be seen that modules level_1 and level_2 were indeed resolved from cache while module level_3 was not.
Operating System
MacOs 14
Version
2024-11-21T18:54:25+01:00 INFO Loaded file_path="trivy.yaml" Version: 0.57.0 Check Bundle: Digest: sha256:b381d8e123c2568845a65f751635033051b076e66c460ab0037b4084845c19de DownloadedAt: 2024-11-21 08:44:39.470903 +0000 UTC
Checklist
trivy clean --all
The text was updated successfully, but these errors were encountered: