update resource type handling and policy

StackGuardian · Feb 10, 2025 · 02c5bd7 · 02c5bd7
1 parent d4091db
commit 02c5bd7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 28 deletions.
diff --git a/src/tirith/providers/terraform_plan/handler.py b/src/tirith/providers/terraform_plan/handler.py
@@ -69,8 +69,7 @@ def provide(provider_inputs, input_data):
         is_attribute_found = False
 
         for resource_change in resource_changes:
-
-            if resource_type == "*" or resource_change["type"] == resource_type:
+            if resource_type in (resource_change["type"], "*"):
                 is_resource_found = True
                 input_resource_change_attrs = resource_change["change"]["after"]
                 if input_resource_change_attrs:
@@ -121,8 +120,7 @@ def provide(provider_inputs, input_data):
         resource_type = provider_inputs["terraform_resource_type"]
         is_resource_type_found = False
         for resource_change in resource_changes:
-
-            if resource_type == "*" or resource_change["type"] == resource_type:
+            if resource_type in (resource_change["type"], "*"):
                 is_resource_type_found = True
                 for action in resource_change["change"]["actions"]:
                     outputs.append(
@@ -148,8 +146,7 @@ def provide(provider_inputs, input_data):
         resource_meta = {}
         resource_type = provider_inputs["terraform_resource_type"]
         for resource_change in resource_changes:
-
-            if resource_type == "*" or resource_change["type"] == resource_type:
+            if resource_type in (resource_change["type"], "*"):
                 # No need to check if the resource is not found
                 # because the count of a resource can be zero
                 resource_meta = resource_change
@@ -321,10 +318,7 @@ def direct_references_operator_referenced_by(input_data: dict, provider_inputs:
 
     # Loop for adding reference_target
     for resource_change in resource_changes:
-
-        if (resource_type != "*" and resource_change.get("type") != resource_type) or resource_change.get(
-            "change", {}
-        ).get("actions") == ["destroy"]:
+        if (not resource_type in (resource_change["type"], "*")) or resource_change.get("change", {}).get("actions") == ["destroy"]:
             continue
         reference_target_addresses.add(resource_change.get("address"))
         is_resource_found = True
@@ -486,7 +480,7 @@ def direct_references_operator(input_data: dict, provider_inputs: dict, outputs:
 
     for resource in config_resources:
 
-        if resource_type != "*" and resource.get("type") != resource_type:
+        if not resource_type in (resource.get("type"), "*"):
             continue
         is_resource_found = True
         resource_references = set()

diff --git a/tests/providers/terraform_plan/fixtures/policy_costcenter_tags.json b/tests/providers/terraform_plan/fixtures/policy_costcenter_tags.json
@@ -1,7 +1,7 @@
 {
     "evaluators": [
         {
-            "description": "VPC needs to have one tag with key:'costcenter' and any value ",
+            "description": "All resources must have a 'costcenter' tag with a non-empty value",
             "condition": {
                 "type": "IsNotEmpty",
                 "value": "",
@@ -13,22 +13,6 @@
                 "terraform_resource_attribute": "tags.costcenter",
                 "terraform_resource_type": "*"
             }
-        },
-        {
-            "id": "eval-id-2",
-            "description": "",
-            "provider_args": {
-                "operation_type": "action",
-                "terraform_resource_type": [
-                    "aws_vpc",
-                    "aws_ec2"
-                ]
-            },
-            "condition": {
-                "type": "Equals",
-                "value": "create",
-                "error_tolerance": 1
-            }
         }
     ],
     "meta": {