[Terraform] Parsing failure due to provider-defined functions in terraform #6947

gdowmont · 2025-01-13T10:48:14Z

Checkov should not have parsing errors with files containing provider-defined functions in terraform.

This was implemented in terraform 1.8 (https://www.hashicorp.com/blog/terraform-1-8-improves-extensibility-with-provider-defined-functions).

Example syntax (this is specific to AWS provider https://registry.terraform.io/providers/hashicorp/aws/latest/docs/functions/arn_build ) looks like:
identifiers = [provider::aws::arn_build("aws", "iam", "", data.aws_caller_identity.current.account_id, "root")]

Steps to replicate/test:

Create a policy.tf file containing:

data "aws_iam_policy_document" "firehose_key_policy" {
  statement {
    sid       = "Enable IAM User Permissions"
    effect    = "Allow"
    resources = ["*"]
    actions   = ["kms:*"]

    principals {
      type        = "AWS"
      identifiers = [provider::aws::arn_build("aws", "iam", "", data.aws_caller_identity.current.account_id, "root")]
    }
  }

Run checkov against the file

The text was updated successfully, but these errors were encountered:

gdowmont added the languages label Jan 13, 2025

gdowmont changed the title ~~Parsing failure due to provider-defined functions in terraform~~ [Terraform] Parsing failure due to provider-defined functions in terraform Jan 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Terraform] Parsing failure due to provider-defined functions in terraform #6947

[Terraform] Parsing failure due to provider-defined functions in terraform #6947

gdowmont commented Jan 13, 2025

[Terraform] Parsing failure due to provider-defined functions in terraform #6947

[Terraform] Parsing failure due to provider-defined functions in terraform #6947

Comments

gdowmont commented Jan 13, 2025

Steps to replicate/test: