For_each support breaks when keys contain '.' characters and link to another resource

[melbit-michaelw]

Description :
Using for_each with a value that contains a '.' results in the stack trace below when two resources are linked.

Error: Hook 'load_terraform_data' from /Users/michaelw/Virtualenvs/terraform_012/lib/python3.7/site-packages/terraform_compliance/steps/terrain.py:5 raised: 'ValueError: too many values to unpack (expected 2)'

Traceback (most recent call last):
  File "/Users/michaelw/Virtualenvs/terraform_012/lib/python3.7/site-packages/radish/hookregistry.py", line 132, in call
    func(model, *args, **kwargs)
  File "/Users/michaelw/Virtualenvs/terraform_012/lib/python3.7/site-packages/terraform_compliance/steps/terrain.py", line 7, in load_terraform_data
    world.config.terraform = TerraformParser(world.config.user_data['plan_file'])
  File "/Users/michaelw/Virtualenvs/terraform_012/lib/python3.7/site-packages/terraform_compliance/extensions/terraform.py", line 38, in __init__
    self.parse()
  File "/Users/michaelw/Virtualenvs/terraform_012/lib/python3.7/site-packages/terraform_compliance/extensions/terraform.py", line 279, in parse
    self._mount_references()
  File "/Users/michaelw/Virtualenvs/terraform_012/lib/python3.7/site-packages/terraform_compliance/extensions/terraform.py", line 249, in _mount_references
    ref_type, ref_address = source_resource.split('.')
ValueError: too many values to unpack (expected 2)

To Reproduce
1.

resource "aws_route53_health_check" "url-health-check" {
  for_each          = toset(var.health_check_urls)
  fqdn              = each.value
  port              = 443
  type              = "HTTPS"
  failure_threshold = "1"
  request_interval  = "10"
  
}

resource "aws_cloudwatch_metric_alarm" "url-health-check-alarm" {
  for_each            = toset(var.health_check_urls)
  alarm_name          = "${each.value}-url-health-check"
  namespace           = "AWS/Route53"
  metric_name         = "HealthCheckStatus"
  comparison_operator = "LessThanThreshold"
  evaluation_periods  = "1"
  period              = "60"
  statistic           = "Minimum"
  threshold           = "1"
  unit                = "None"

  dimensions = {
    HealthCheckId = aws_route53_health_check.url-health-check[each.value].id
  }
}

variable "health_check_urls" {
  type = list(string)
  description = "Testing"
  default = ["test.domain.com"]
}

2. Executed by performing the following:

terraform init && terraform plan -out plan.out && terraform show -json plan.out > plan.out.json && terraform-compliance -f compliance -p plan.out.json

3. Python package
4. See stack trace above.
5. This shouldn't matter since it's a stack trace on parsing the json plan.

Expected behavior :
Terraform compliance should run and test the supplied scenarios.

Tested versions :

• <terraform-compliance version (terraform-compliance -v)> 1.0.58
• <terraform version (terraform -v)> v0.12.17
• <python runtime version, if running as a python package (python --version)> Python 3.7.5

Additional context
Modifying https://github.com/eerkunt/terraform-compliance/blob/master/terraform_compliance/extensions/terraform.py#L248 to ref_type, ref_address = source_resource.split('.', maxsplit=1) appears to resolve, but I don't know what other implications that might have.

[eerkunt]

Having a look, thanks a lot for the issue 🎉

[eerkunt]

Looks like the problem is not about the for_each structure, but actually the resource name generated by terraform including extra .s

'aws_route53_health_check.url-health-check["test.domain.com"]'

Thus, the split function fails here. Fixing it.

[eerkunt]

Hi @melbit-michaelw,

Can you try to reproduce this problem with 1.1.+ releases please ?

[eerkunt]

Closing the issue due to inactivity. Please do not hesitate to open a new issue if the problem still persists.

Thanks!

This issue's conversation is now locked. If you want to continue this discussion please open a new issue.