Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

support passing variable files

See original GitHub issue

I have recently started getting Check: CKV_AZURE_43: “Ensure the Storage Account naming rules”

On code that deploys ok.

my code (abbreviated) looks like

resource "azurerm_storage_account" "remote-state" {
  name  = "${var.org_short}${var.env_short}${var.loc_short}${var.service}stg"
}

We use an external variables file (common.tfvars) and plan and deploy using the tf command

terraform plan -var-file=…\common.tfvars which is located in a different directory

Describe the solution you’d like I would like to be able to tell checkov that it should also evaluate variables from this file eg: _bridgecrew -d . --var-file=…\common.tfvars

This would then allow the checks to validate length and others correctly

Issue Analytics

State:
Created 3 years ago
Reactions:4
Comments:5

Top GitHub Comments

1reaction

Marcus-James-Adamscommented, May 28, 2021

Agreed - this would be super useful! Currently I am interpolating the variables file by running a terraform plan and sending the output to a JSON, as shown here

@HarleyB123 , the problem with the above especially with tf 0.15 it only works on the new infrastructure code as plan now only shows the lines that change in order to make it more readable.

@bridgecrew-bot this really does need supporting as it stops us from taking checkov & bridgecrew forwards

1reaction

HarleyB123commented, May 21, 2021

Additionally, assuming your branch structure matches your environment and their variable names (this was the case for me, where my branch was env/uat for uat.tfvars and the main branch was my prod.tfvars), you could run bash in a github action like so to get the branch name:

- name: Extract branch name        
   shell: bash       
   run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"       
   id: extract_branch

and then rename the variables file

if [ "${{ steps.extract_branch.outputs.branch }}" == "main" ]; then            
      cp terraform/vars/prod.tfvars terraform/vars/variables.auto.tfvars          
else            
      branch="${{ steps.extract_branch.outputs.branch }}"            
      environment="${branch:4}"           
      cp terraform/vars/$environment.tfvars terraform/vars/variables.auto.tfvars          
fi