Resolving references to other resources in when clause #195
Description
Feature Request
Feature description :
I would like terraform-compliance to deference resources transparently and allow for them to be matched in filters.
A specific scenario is that I have a number of specific AWS Instances that may only have specific security groups associated with them.
What I tried was to check the security groups that are associated with the instances and write separate scenarios for them.
- Get all AWS Instance resources
- Filter based on address (in a scenario outline to check multiple)
- Check if my aws_security_group..id is in vpc_security_group_ids
This, however, fails when the string aws_security_group..id gets replaced by a AWS specific id after the resource was created.
Suggested Solution description ( if you have any ) :
So what I would find helpful is to use the following filter (bold):
Given I have AWS Instance defined
When its address is ...
And/When its references a via its <referenced resource's property> (pushes list of referenced resource on stack)
And it contains address (working with the matched resource now, could also say "And the ..." instead of "it")
Then its value must match the "^aws_security_group.sg_(mysql_in|pgsql_in)$" regex
Example for "When its references a via its <referenced resource's property>":
When its vpc_security_group_ids references a AWS Security Group via its id
Describe alternatives you've considered :
Checking if the reference property matches a string but this is invalid as the string (resource address.id) gets replaced by the id value after creation.
Additional context :
Not available.