ignore coder data

Author: Emyrk

cli/root.go

@@ -21,8 +21,9 @@ type RootCmd struct {
 
 func (r *RootCmd) Root() *serpent.Command {
 	var (
-		dir  string
-		vars []string
+		dir      string
+		vars     []string
+		planJSON string
 	)
 	cmd := &serpent.Command{
 		Use:   "codertf",
@@ -36,6 +37,14 @@ func (r *RootCmd) Root() *serpent.Command {
 				Default:       ".",
 				Value:         serpent.StringOf(&dir),
 			},
+			{
+				Name:          "plan",
+				Description:   "Terraform plan file as json.",
+				Flag:          "plan",
+				FlagShorthand: "p",
+				Default:       "",
+				Value:         serpent.StringOf(&planJSON),
+			},
 			{
 				Name:          "vars",
 				Description:   "Variables.",
@@ -61,6 +70,7 @@ func (r *RootCmd) Root() *serpent.Command {
 
 			input := preview.Input{
 				ParameterValues: rvars,
+				PlanJSONPath:    planJSON,
 			}
 
 			ctx := i.Context()

plan.go

@@ -5,12 +5,15 @@ import (
 	"fmt"
 	"io"
 	"io/fs"
+	"log"
+	"strings"
 
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/terraformplan/tfjson/parser"
 	"github.com/aquasecurity/trivy/pkg/iac/terraform"
 	tfcontext "github.com/aquasecurity/trivy/pkg/iac/terraform/context"
 	tfjson "github.com/hashicorp/terraform-json"
 	"github.com/zclconf/go-cty/cty"
+	"github.com/zclconf/go-cty/cty/gocty"
 )
 
 func PlanJSONHook(dfs fs.FS, input Input) (func(ctx *tfcontext.Context, blocks terraform.Blocks, inputVars map[string]cty.Value), error) {
@@ -33,12 +36,47 @@ func PlanJSONHook(dfs fs.FS, input Input) (func(ctx *tfcontext.Context, blocks t
 	return func(ctx *tfcontext.Context, blocks terraform.Blocks, inputVars map[string]cty.Value) {
 		// 'data' blocks are loaded into prior state
 		//plan.PriorState.Values.RootModule.Resources
+		for _, resource := range plan.PriorState.Values.RootModule.Resources {
+			// TODO: Do index references exist here too?
+			// TODO: Handle submodule nested resources
+
+			parts := strings.Split(resource.Address, ".")
+			if len(parts) < 2 {
+				continue
+			}
+
+			if parts[0] == "data" && !strings.Contains(resource.Type, "coder") {
+				continue
+			}
+
+			val, err := attributeCtyVal(resource.AttributeValues)
+			if err != nil {
+				// TODO: Remove log
+				log.Printf("unable to determine value of resource %q: %v", resource.Address, err)
+				continue
+			}
+
+			ctx.Set(val, parts...)
+		}
 
 	}, nil
 }
 
-func extract(parents []string, mod *tfjson.StateModule) {
+func attributeCtyVal(attr map[string]interface{}) (cty.Value, error) {
+	mv := make(map[string]cty.Value)
+	for k, v := range attr {
+		ty, err := gocty.ImpliedType(v)
+		if err != nil {
+			return cty.NilVal, fmt.Errorf("implied type for %q: %w", k, err)
+		}
+
+		mv[k], err = gocty.ToCtyValue(v, ty)
+		if err != nil {
+			return cty.NilVal, fmt.Errorf("implied value for %q: %w", k, err)
+		}
+	}
 
+	return cty.ObjectVal(mv), nil
 }
 
 // ParsePlanJSON can parse the JSON output of a Terraform plan.