[PR #157] feat: terraform resource arn refinement #274

New issue

Open

opened 2026-03-15 11:56:56 +03:00 by kerem · 0 comments

kerem commented 2026-03-15 11:56:56 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/awslabs/iam-policy-autopilot/pull/157
Author: @weibenz1
Created: 3/2/2026
Status: 🔄 Open

Base: main ← Head: feat-terraform-resource-arn-refinement

---

📝 Commits (7)

• e70f1af feat: add terraform resolver to resolve terraform type to actual service name and resource type to be used in service reference
• 305c439 feat: add terraform hcl parser
• 3519125 feat: add state parser
• e77796d feat: add terraform support for resource star refinement
• cdab280 fix: cargo fmt and clippy
• ab46258 fix: cargo fmt
• 312689b feat: terraform based resource arn refinement - test harness and address comments

📊 Changes

53 files changed (+5855 additions, -20 deletions)

View changed files

📝 .gitignore (+3 -1)
📝 .gitmodules (+3 -0)
📝 Cargo.toml (+4 -0)
➕ docs/design/resource-block-refinement-with-terraform.md (+279 -0)
📝 iam-policy-autopilot-cli/src/main.rs (+29 -0)
📝 iam-policy-autopilot-mcp-server/src/tools/generate_policy.rs (+22 -0)
📝 iam-policy-autopilot-policy-generation/Cargo.toml (+5 -0)
📝 iam-policy-autopilot-policy-generation/build.rs (+123 -7)
➕ iam-policy-autopilot-policy-generation/resources/config/terraform/terraform-provider-aws (+1 -0)
📝 iam-policy-autopilot-policy-generation/src/api/generate_policies.rs (+64 -7)
📝 iam-policy-autopilot-policy-generation/src/api/mod.rs (+1 -1)
📝 iam-policy-autopilot-policy-generation/src/api/model.rs (+12 -1)
📝 iam-policy-autopilot-policy-generation/src/enrichment/engine.rs (+7 -0)
📝 iam-policy-autopilot-policy-generation/src/enrichment/mod.rs (+10 -1)
📝 iam-policy-autopilot-policy-generation/src/enrichment/service_reference.rs (+39 -1)
➕ iam-policy-autopilot-policy-generation/src/enrichment/terraform/mod.rs (+44 -0)
➕ iam-policy-autopilot-policy-generation/src/enrichment/terraform/resource_binder.rs (+1439 -0)
➕ iam-policy-autopilot-policy-generation/src/enrichment/terraform/service_resolver.rs (+625 -0)
📝 iam-policy-autopilot-policy-generation/src/extraction/mod.rs (+7 -0)
➕ iam-policy-autopilot-policy-generation/src/extraction/terraform/hcl_parser.rs (+652 -0)

...and 33 more files

📄 Description

Issue #, if available:

Description of changes:

This PR introduces terraform support for refining resource arn in policy block.

TODO:

• refine test harness
• test against more real world terraform repositories/setups
• Update CI/CD to include test for -terraform-dir and -tfstate parameters

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/awslabs/iam-policy-autopilot/pull/157 **Author:** [@weibenz1](https://github.com/weibenz1) **Created:** 3/2/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `feat-terraform-resource-arn-refinement` --- ### 📝 Commits (7) - [`e70f1af`](https://github.com/awslabs/iam-policy-autopilot/commit/e70f1af8e60fb893b5051355c4e0a4d02bd7f533) feat: add terraform resolver to resolve terraform type to actual service name and resource type to be used in service reference - [`305c439`](https://github.com/awslabs/iam-policy-autopilot/commit/305c439749dd406d1179fa1884e4d3c03bfb4bc9) feat: add terraform hcl parser - [`3519125`](https://github.com/awslabs/iam-policy-autopilot/commit/35191257dd91475b67185a61a1fe5a9e364c5a3b) feat: add state parser - [`e77796d`](https://github.com/awslabs/iam-policy-autopilot/commit/e77796de913ca572ef6b5682d008e0710f8ce0c0) feat: add terraform support for resource star refinement - [`cdab280`](https://github.com/awslabs/iam-policy-autopilot/commit/cdab28048bba9f1cbc224c8e01dcea833a09c389) fix: cargo fmt and clippy - [`ab46258`](https://github.com/awslabs/iam-policy-autopilot/commit/ab4625897626ef0eb57eebdf6c2e7d70a21f71a1) fix: cargo fmt - [`312689b`](https://github.com/awslabs/iam-policy-autopilot/commit/312689b344a11004184db747973c2a1a56794df7) feat: terraform based resource arn refinement - test harness and address comments ### 📊 Changes **53 files changed** (+5855 additions, -20 deletions) <details> <summary>View changed files</summary> 📝 `.gitignore` (+3 -1) 📝 `.gitmodules` (+3 -0) 📝 `Cargo.toml` (+4 -0) ➕ `docs/design/resource-block-refinement-with-terraform.md` (+279 -0) 📝 `iam-policy-autopilot-cli/src/main.rs` (+29 -0) 📝 `iam-policy-autopilot-mcp-server/src/tools/generate_policy.rs` (+22 -0) 📝 `iam-policy-autopilot-policy-generation/Cargo.toml` (+5 -0) 📝 `iam-policy-autopilot-policy-generation/build.rs` (+123 -7) ➕ `iam-policy-autopilot-policy-generation/resources/config/terraform/terraform-provider-aws` (+1 -0) 📝 `iam-policy-autopilot-policy-generation/src/api/generate_policies.rs` (+64 -7) 📝 `iam-policy-autopilot-policy-generation/src/api/mod.rs` (+1 -1) 📝 `iam-policy-autopilot-policy-generation/src/api/model.rs` (+12 -1) 📝 `iam-policy-autopilot-policy-generation/src/enrichment/engine.rs` (+7 -0) 📝 `iam-policy-autopilot-policy-generation/src/enrichment/mod.rs` (+10 -1) 📝 `iam-policy-autopilot-policy-generation/src/enrichment/service_reference.rs` (+39 -1) ➕ `iam-policy-autopilot-policy-generation/src/enrichment/terraform/mod.rs` (+44 -0) ➕ `iam-policy-autopilot-policy-generation/src/enrichment/terraform/resource_binder.rs` (+1439 -0) ➕ `iam-policy-autopilot-policy-generation/src/enrichment/terraform/service_resolver.rs` (+625 -0) 📝 `iam-policy-autopilot-policy-generation/src/extraction/mod.rs` (+7 -0) ➕ `iam-policy-autopilot-policy-generation/src/extraction/terraform/hcl_parser.rs` (+652 -0) _...and 33 more files_ </details> ### 📄 Description *Issue #, if available:* *Description of changes:* This PR introduces terraform support for refining resource arn in policy block. TODO: - [x] refine test harness - [x] test against more real world terraform repositories/setups - [x] Update CI/CD to include test for -terraform-dir and -tfstate parameters By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem added the

pull-request

label 2026-03-15 11:56:56 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

auto/update-submodules-20260419

auto/update-submodules-20260412

auto/update-submodules-20260405

auto/update-submodules-20260329

auto/update-submodules-20260322

auto/update-submodules-20260315

auto/update-submodules-20260308

auto/update-submodules-20260301

auto/update-submodules-20260222

auto/update-submodules-20260215

auto/update-submodules-20260209

auto/update-submodules-20260208

release/0.1.4

release/0.1.3

release/0.1.2

release/0.1.1

0.1.4

0.1.3

0.1.2

0.1.1

Labels

Clear labels   

bug

  

code-quality

  

documentation

  

enhancement

  

good first issue

  

pull-request

Mirrored from GitHub Pull Request

  

tooling

  

tooling

No labels

bug

code-quality

documentation

enhancement

good first issue

pull-request

tooling

tooling

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/iam-policy-autopilot#274

No description provided.