This bug is an extension of #7265 , where the parser overwrites resources with the same type:
The map entry is initialized for each child module and overrides the resources from modules up the tree
|
convNamedRes := make(map[string]KicsPlanNamedResource) |
In this issue, when two resources have the same type and the same name, they are overwritten and only the last one is kept:
|
// fill in all the types interfaces |
|
for _, resource := range module.Resources { |
|
kp.Resource[resource.Type][resource.Name] = resource.AttributeValues |
|
} |
For example, the following TFPlan with two resources of type aws_s3_bucket, each of them with name this, as it's expected from the official aws_s3_bucket module:
{
"format_version": "1.2",
"terraform_version": "1.9.0",
"planned_values": {
"root_module": {
"child_modules": [
{
"resources": [
{
"resources": [
{
"address": "module.s3.module.s3_bucket.aws_s3_bucket.this[0]",
"mode": "managed",
"type": "aws_s3_bucket",
"name": "this",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {},
"sensitive_values": {}
}
],
"address": "module.s3.module.s3_bucket"
},
{
"resources": [
{
"address": "module.s3.module.log_bucket.aws_s3_bucket.this[0]",
"mode": "managed",
"type": "aws_s3_bucket",
"name": "this",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {},
"sensitive_values": {}
}
],
"address": "module.s3.module.log_bucket"
}
]
}
]
}
}
}Maybe it could be considered to change the data model from a map identified by the resource name to a slice/array of resources.
This bug is an extension of #7265 , where the parser overwrites resources with the same type:
In this issue, when two resources have the same type and the same name, they are overwritten and only the last one is kept:
kics/pkg/parser/json/tfplan.go
Lines 70 to 73 in 67de28c
For example, the following TFPlan with two resources of type
aws_s3_bucket, each of them with namethis, as it's expected from the official aws_s3_bucket module:{ "format_version": "1.2", "terraform_version": "1.9.0", "planned_values": { "root_module": { "child_modules": [ { "resources": [ { "resources": [ { "address": "module.s3.module.s3_bucket.aws_s3_bucket.this[0]", "mode": "managed", "type": "aws_s3_bucket", "name": "this", "index": 0, "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": {}, "sensitive_values": {} } ], "address": "module.s3.module.s3_bucket" }, { "resources": [ { "address": "module.s3.module.log_bucket.aws_s3_bucket.this[0]", "mode": "managed", "type": "aws_s3_bucket", "name": "this", "index": 0, "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": {}, "sensitive_values": {} } ], "address": "module.s3.module.log_bucket" } ] } ] } } }Maybe it could be considered to change the data model from a map identified by the resource name to a slice/array of resources.