Changelogs » Terraform-compliance

PyUp Safety actively tracks 266,461 Python packages for vulnerabilities and notifies you when to upgrade.



* Fixed a problem where using terraform-compliance with hashicorp/setup-terraform github action was causing problems due to the terraform wrapper. ([334]( [336](


* Improved [Then it must condition have proto protocol and port port for cidr]( where now it supports "any" (tcp, udp, icmp) and "icmp" protocols. ([360](
  * Improved [Then it must condition have proto protocol and port port for cidr]( where now it supports "any" port definition (0-65535). ([360](


* Fixed resource_raw not getting read from the cache. ([356](


* Fixed an issue where the null character in step definition break --junit-xml dump. ([347](
  * New Terraform 0.13 support ([351](
  * Fixed [Then it must contain something]( where found but empty properties were not passed to the stash. ([352](
  * Improved [Then it must contain something]( and [Then it must not contain something]( by removing legacy code. ([352](
  * Improved [Then it condition be be null]( to have a dedicated function with better classification of what is considered to be null. ([352](


* Improved mounting references to accomodate large plan files. ([346](


* Added cache capability and optimised the resource mounting a bit since it might trigger OOM kernel signalling and can be killed unexpectedly.
  * New cumulative stash and [in step variables]( functionality for steps to directly access stash content ([329](
  * New step: [Then it must be in haystack]( ([329](
  * New step: [Then it must cover haystack]( ([329](


* Fixed an issue where [When it has something]( formats the search value incorrectly. ([330](


* Fixed `Then it must contain` to properly drill down and split into multiple resources if need be. ([327](
  * Fixed When it contains to accomodate singular values in a list. ([327](


* Improved the code quality of live debugging. Used `world.config.user_data` instead of global variables. ([320](
  * Fixed a problem where some nested resource structures were not able to be get parsed properly and causing a crash. ([316](
  * Fixed a problem where `curses` library was not found and causing a crash. ([323](


* Improved (centralized) matching and seeking functions. ([304](
  * Improved case-sensitivity tag. Generalized case-sensitivity to work on all steps, using matching changes implemented on this patch. ([304](
  * Fixed jsonification. Now jsonifies the stash on creation to prevent bugs related to jsonification. ([308](
  * New python version check for invalid Python versions. Minimum python version is set to 3.6.0 ([312](
  * New `--debug/-d` option ([315](


* Fixed faulty over restriction in [Then its singular value condition match the "search_regex" regex]( ([299](
  * New scenario tag: [noskip]( tags ([301](
  * Improved `its key condition be value` that now abides the two rules: drills down to found values and fails if any resource fails. This could introduce slight backwards incompatibility, but in essence this is a bugfix and not a change. ([300](


* Fixed a bug where failures would break --junit-xml dump. ([271](
  * Fixed a bug where searching some haystacks would raise an error in seek_value_in_dict. ([285](
  * New step: [Then all of its values condition match the "search_regex" regex]( ([285](, [293](
  * New step: [Then any of its values condition match the "search_regex" regex]( ([285](, [293](
  * New step: [Then its singular value condition match the "search_regex" regex]( ([285](, [293](


* Fixed a bug where some empty found values would be treated as not found. ([249](
  * Improved some error messages that might create some confusion about the failure results. ([284](
  * Fixed a problem where using `warning` tag was causing a problem where error messages was hidden on `-q` usage.
  * Fixed `warning` tag where further steps were also executed on a failure condition unintentionally. ([279](


* Add ability to reference a git repo by branch name and directory via `<repo>.git//<directory>?ref=<branch-name`. ([218](


* Fixed a crash where some module outputs could not be processed. ([275](


* Improved resource mounting where some terraform providers were creating inconsistent plan output and omitted some parameters that are referenced to a dynamic resource. ([260](
  * Fixed an issue where regular expression usage on CIDR steps was causing a problem. ([265](


* Fixed a problem where properties having a space character were not recognised.
  * Optimised key/value (property) definitions on all steps, where all keys or values can also have space characters encapsulated within "". ([270](
  * Introduced case insensitive matching for the regex steps. ([268](


* Major code refactoring on the steps for the readability.
  * Handled related radish-bdd exceptions and giving out `terraform-compliance` related error information.
  * __BREAKING CHANGE :__ Changed `When it has <something>` step sentence where it now works as a true filtering function, unlike `When it contains <something`.
  * `When it contains <something>` step still works same with a _Warning_. This step will be deprecated (and converted to `When it has <something>`) in future versions.
  * New step: [When it must not have something]( ([202](
  * New step: [Then it must not have something]( ([202](


* Fixed a problem where resources/providers starting with `data` was misinterpreted. ([257](


* Enabled resource mounting/referencing for resources within modules. ([227](
  * Fixed a problem where `its value must/must not be null` step was not processed properly. ([247](
  * Fixed a problem where filtering steps was failed with SKIPPING due to different types (or due to type conversions) are compared. ([248](
  * Enabled Security Group related step for Security Group Rules also, it was only supporting Security Group before.
  * Improved Security group processing where a regular expression can also be used while defining CIDRs. ([216](
  * Improved `resource that support tags` in functionality in `GIVEN` steps where `tags` can be any property. ([252](


* Improved `resource that support tags` resource type where Auto-Scaling Group style tags are enabled to be processed. ([243](
  * Improved `When its <key> is <value>` steps for testing a dictionary property key and value like `When its tags includes an entry where "some key" is "some value"`. ([228](
  * Improved `When its <key> is not <value>` steps for for testing a dictionary property key and value like `When its tags does not include an entry where "some key" is "some value"`. ([228](


* Fixed a problem where `count` step was counting incorrectly and counting characters of strings, integers and bools. (([242](


* Fixed a problem where `integer` and `boolean` values where causing comparison problems on `When its <key> contains <value`>. ([231](
  * Fixed a problem where `boolean` values where causing a problem on `Then its <key> <condition> be <value>`. ([232](
  * Improved `When its <key> is <value>` steps for `reference` usage where you can provide a `key/value` check like `When its security_group_id reference is something`. ([234](
  * Improved `When its <key> is not <value>` steps for `reference` usage where you can provide a `key/value` check like `When its security_group_id reference is not something`. ([234](


* Improved `When its <key> contains <value>` step where `<value>` can have space in it. ([docs]( ([226](


* Fixed a problem where `Then its <key> is <value>` step was not searching for "exact" matches. ([225](


* Fixed a problem where int, bool and float types was not properly filtered and matched.
  * Fixed a problem where filtering functions does not work properly.


* Fixed a problem where a property within the terraform plan fails to get parsed if it is list of lists. ([221](


* Fixed a problem where tags are not recognised on Auto-Scaling Groups due to different key/pair structure within the terraform. ([208](


* Fixed a case where resource referencing fails when the output is coming from a module and does not registered in terraform plan.


* Fixed a case sensitivity problem where some of the steps were running unexpectedly. ([203](


* Added tags support on BDD feature files. As the first use case you can use warning tag on top of a scenario for making it not failing. ([docs]( ([191](


* Added a new environment variable `TFC_ERROR` to change the name of the default `Failure` error message. ([docs]( ([191](


* Cosmetic and some dependency fixes.


* Fixed an internal problem where a security group step will fail if there is no `cidr_blocks` definition within the plan. ([198](


* New step: [Then it must have "something" referenced]( ([195](
  * New step: [Then I flatten all values found]( ([193](
  * New step: [Then its {key} must/must not be {value}](
  * Security group revamp, which also addresses the problem defined in ([docs]( ([181](
  * Security Group related code is rewritten, it is more flexible and extendable right now.
  * Security Group related tests now also have `must` condition where you may want to enforce if some subset of rules are defined in Security Groups.
  * Fixed a problem where `must only` and `must not` was not working properly when Security Groups have multiple rules attached. ([181](
  * Now you can enforce rules for `output` variables. [185](
  * New parameter: `-S/--silent` where test execution output will be suppressed. ([docs](
  * New parameter: `-n/--no-failure` where exit code will always be `0`/successful even there is a failure. ([docs]( [191](
  * New parameter: `-q/--quit-early` where the scenario executions will stop on the first failure. ([docs]( [170](
  * **CHANGE OF DEFAULT BEHAVIOUR** : `terraform-compliance` __will not__ STOP any test execution by default.
  * New emoticons and a bit of cosmetic make-up is done. All emoticons will be disabled on non-interactive shells (CI/CD pipelines) or if `--no-ansi` is explicitly used.
  * Fixed `-h` which was not reporting all parameter properly
  * Fixed a problem where `it contains` step was converting list of properties to dict of properties which was causing a problem. ([194](
  * Fixed a problem where module outputs referencing a resource were not used on resource mounting. ([190](
  * Fixed a problem where resources using `for_each` might cause some problems if `for_each` key includes `.` within. ([197](
  * Fixed by overriding/monkey patching a method within [radish-bdd]( which enabled many other features.


* Fixed a problem where some Windows Operating Systems could not find terraform executable.


* Fixed a problem where "resource" and "data" definitions existing for the same resource type in the same module causing some problems on all "GIVEN" steps.


* Enhanced `count` step where it was only applicable for resource properties, now it also works right after a `GIVEN` step. ([187](


* Fixed a problem about encoding where `terraform-compliance` crashes on HCL files with UTF-8 content. ([183](


* Removed `SKIPPED` lines if `dotter` formatter is used. (`--formatter dotter`) ([180](


* Fixed a problem where filtering steps were failing on properly performing if the data is a list of dict of lists. E.g. `aws_iam_policy` with multiple heredoc policy statements. ([177](
  * Added integration tests into the build pipeline for allowing end-to-end tests.


* Fixed a problem on providers discovery where some providers have alias, some doesn't. ([173](


* Fixed a problem where resource names were reported wrong in some failures. ([171](
  * Fixed a problem where in some cases `teraform-compliance` where giving `AttributeError: 'NoneType' object has no attribute 'get'` exception. ([172](
  * Supporting multiple provider or providers aliases. ([173](
  * Filtering steps are now performing case insensitive matching.
  * Improved error messaged on steps doing math operations.


* Fixed a problem where resource mounting were causing a issues on `resources that support tags`. ([168](


* Fixed a problem where multiple resources were reported even some not failed. ([153](


* Fixed a recursion problem occurred due to pointer assignment in resource mounting. ([156](
  * Added a capability where some of the resource & property information was not shown in some tests. ([153](
  * Added a capability where we can define ALL resources in GIVEN directive. ([157](
  * Fixed a problem where `must` in a step does not trigger a failure for `provider`s. ([158](


* Fixed a problem where resource mounting (via references) is done in both ways (A->B, B->A). This was causing a problem on `aws_instance` resource having an `iam_role` attached on it. ([156](


* Fixed a problem where some resources can not be detected (or removed resources were still detected) due to plan changes. ([152](


* This release includes several optimisations on CI/CD pipeline and the general build structure of the project.
  * Using new version of Colorful dependency.


* Fixed a problem where `gitphyton` was causing problems about installing `gitdb` python dependency.


* Fixed intermittent `ImportError: cannot import name '__VERSION__' from 'radish'` problem.


* Fixed a problem where using "" or '' was causing a problem on property definitions within the steps.


* Fixed a problem where some of the filtering values were failing due to some characters.


* Fixed a problem on CI/CD pipeline


* Fixed a problem on CI/CD pipeline


* Fixed a problem on CI/CD pipeline


* Fix installing from source ([[143](


* Support for `its value {condition} contain {value}`


* Support for `equal` operator in `I expect the result is {operator} than/to {number}`
  * Support for `its value {condition} be {value}`


* Support for `any` resource in `I have {name} {type} configured`.
  * Fixed some internals where `its {key} is {value}` and `its {key} is not {value}` might be mismatched unintentionally.


* Upgraded colorful package to official version of 0.5.1 which solves the problem described in `1.0.31`
  * Fixed naming conventions in the file. A new documentation with a website instead of just README is required though.


* Now terraform-compliance has a logo!


* Same like 1.0.32, but addressed another situation.


* Fixed a problem where filtering via `its {key} is {value}` was failing if the filtering object consists list or dict.


* Upgraded colourful that fixes unexpected colour coding in non-interactive terminals even when `--no-ansi` is used. ([359]( [128]( [78](


* `its {key} is {value}` filtering step now filters also properties defined within a resource.


* Fixed a problem where some `Null/None` values can not be parsed by regex steps. ([132](


* Upgraded `terraform` executable within the docker file from `0.12.3` to `0.12.5`


* `its value must not be null` step is also checking for string `null`.
  * terraform version checks are more dynamic.
  * Fixed some of the examples.


* Fixed some of the examples.


* Changed `encryption is enabled` step to `{property} is enabled` where `{property}` could be generic and templated. ([123](


* Fixed a failure message where it was misleading. (follow up on [127](


* Fixed a bug where a resource might have multiple values (with same key). (follow up on [126](
  * Improved `its value must not be null` step that is also checking if the value is set to `''`.


* Fixed a bug where terraform-compliance crashes while reading the terraform file on terraform resources that does not have `values` key ([124](
  * Fixed a bug where some resources with key/value pair property causes a problem as reported in ([127](


* Fixed a bug where 'it must contain <something>' fails because of a KeyError.
  * Fixed a bug where a test might fail while changing a resource that already exists in the remote/local terraform state.


* Set static versions fo dependencies within the and disabled re-install function completely.


* Added filtering capability that will help to filter any resource type by a specific property. ([122](


* Fixed a problem where searched key exists with a different purpose in the root and some of the child elements. E.g. `tags` in aws_s3_bucket and `tags` in `lifecycle_rules` within that bucket.


* Fixed a problem where test are passing directly if one of the drilled down values is a list. ([121](
  * Improved `I expect the result is {operator} than {number}/Its value must be {operator} than {number}` step where the values can also be read and compared mathematically. ([120](


* Fixed a problem where terraform values including []/None/False was failing due to being negative.


* Fixed a problem where some of the data resources defined in configuration section was not distinguished.


* Fixed a problem where 'its value must not be null' was not working properly


* Upgraded `radish-bdd` to `0.13.1` which includes fix for using escaped PIPE (`|`) characters within the features. ([Example]( ([110](


* Include the Terraform binary in the Docker container for use on non-Linux host operating systems ([102](


* Added a new step: _its value must/must not be null_ ([Example]( ([106](
  * Added support for `data` definitions. ([105](


* Added a new step : [it_fails]( ([105](


* Improved `contains` steps where in some cases 'key' and 'value' dict keys exist, instead of value of key as a key.


* Fixed a problem where mounted resources creating problem on identifying resources that doesn't have `tags` capability. ([107](


* Tested and added support for `terraform` 0.12.2 and 0.12.3


* Improved 'contains' and 'regex' matching steps.


* Added basic heredoc support for json strings. ([90](
  * Added encryption property for (at rest) aws_emr_security_configuration


* Added exception handlings for terraform executable and converting plan. ([99](


* Added S3 Public Block Access example to examples ([71](


* Fixed an issue where terraform executable does not exist in PATH env variable. ([99](
  * Added "-t" argument for passing terraform executable if one doesn't want to keep it in PATH env variable.


* Fixed an issue where `filetype` module could not be found. ([97](
  * Upgraded python in Docker image from 3.6.8 to 3.7.3


**_BREAKING BACKWARD COMPATIBILITY_** for `terraform-compliance` since the parameters has changed. This is a MAJOR upgrade and a re-design of the tool.
  * This version only supports `terraform` 0.12.0 and 0.12.1.
  * Removed `-t` parameter.
  * Introduced `-p` parameter where `-p` is either ;
  * `terraform plan -out=<file>.out` output file *or*
  * `terraform show -json <file.out> > file.json` output for checking the plan (changes)
  * `terraform show -json` output for checking the whole state
  * Instead of parsing `HCL`, `terraform-compliance` is **now** parsing/processing against `terraform show` output.
  * Conversion from `terraform` internal plan format to json.
  * Full support for `terraform` interpolations and modules.
  * Minor upgrades on dependencies
  * Removed many methods/functions that was doing `terraform` 's job
  * Revamped all steps and required helper functions/methods
  * Instead of having `untaggable_resources` now `terraform-compliance` auto-detects if a resource has `tag` property.
  * Removed `terraform-validate` usage.
  * Introduced internal `terraform-compliance` exceptions instead of generic ones.
  * Started to keep a CHANGELOG for better understanding about what happens in the tool :)