Don't check deleted resources for compliance

dylanhellems · dylanhellems · commit bba8d88a1e6b · 2019-08-28T15:26:21.000-04:00
diff --git a/terraform_compliance/extensions/terraform.py b/terraform_compliance/extensions/terraform.py
@@ -111,14 +111,17 @@ def _parse_resources(self):
         # Resource Changes ( exists in Plan )
         for finding in self.raw.get('resource_changes', {}):
             resource = deepcopy(finding)
-            resource['values'] = resource.get('change', {}).get('after', {})
-            if 'change' in resource:
-                del resource['change']
-
-            if resource['address'].startswith('data'):
-                self.data[resource['address']] = resource
-            else:
-                self.resources[resource['address']] = resource
+            change = resource.get('change', {})
+            actions = change.get('actions', [])
+            if actions != ['delete']:
+                resource['values'] = change.get('after', {})
+                if 'change' in resource:
+                    del resource['change']
+
+                if resource['address'].startswith('data'):
+                    self.data[resource['address']] = resource
+                else:
+                    self.resources[resource['address']] = resource
 
     def _parse_configurations(self):
         '''
diff --git a/tests/terraform_compliance/extensions/test_terraform.py b/tests/terraform_compliance/extensions/test_terraform.py
@@ -194,6 +194,26 @@ def test_parse_resources_resources_exists_in_the_resource_changes_resource(self,
         obj._parse_resources()
         self.assertEqual(obj.resources['something'], {'address': 'something', 'values': {'key': 'bar'}})
 
+    @patch.object(TerraformParser, '_read_file', return_value={})
+    def test_parse_resources_resources_exists_in_the_resource_changes_deleted(self, *args):
+        obj = TerraformParser('somefile', parse_it=False)
+        obj.raw['resource_changes'] = [
+            {
+                'address': 'something',
+                'change': {
+                    'actions': ['delete'],
+                    'before': {
+                        'key': 'foo'
+                    },
+                    'after': {
+                        'key': 'bar'
+                    }
+                }
+            }
+        ]
+        obj._parse_resources()
+        self.assertEqual(obj.resources, {})
+
     @patch.object(TerraformParser, '_read_file', return_value={})
     def test_parse_configurations_resources(self, *args):
         obj = TerraformParser('somefile', parse_it=False)
