feat: add --var-file support

src/cli/commands/test/iac/local-execution/assert-iac-options-flag.ts

@@ -78,11 +78,9 @@ export class FeatureFlagError extends CustomError {
 }
 
 export class FlagValueError extends CustomError {
-  constructor(key: string, value: string) {
+  constructor(key: string, value: string, supportedValues: string) {
     const flag = getFlagName(key);
-    const msg = `Unsupported value "${value}" provided to flag "${flag}".\nSupported values are: ${SUPPORTED_TF_PLAN_SCAN_MODES.join(
-      ', ',
-    )}`;
+    const msg = `Unsupported value "${value}" provided to flag "${flag}".\nSupported values are: ${supportedValues}`;
     super(msg);
     this.code = IaCErrorCodes.FlagValueError;
     this.strCode = getErrorStringCode(this.code);
@@ -152,7 +150,11 @@ export function assertTerraformPlanModes(scanModeArgValue: string) {
       scanModeArgValue as TerraformPlanScanMode,
     )
   ) {
-    throw new FlagValueError('scan', scanModeArgValue);
+    throw new FlagValueError(
+      'scan',
+      scanModeArgValue,
+      SUPPORTED_TF_PLAN_SCAN_MODES.join(', '),
+    );
   }
 }
 

src/cli/commands/test/iac/v2/assert-iac-options.ts

@@ -1,6 +1,12 @@
+import { existsSync } from 'fs';
+import { extname } from 'path';
+import { SEVERITIES, SEVERITY } from '../../../../../lib/snyk-test/common';
+
+import { InvalidVarFilePath } from '../local-execution';
 import {
   assertTerraformPlanModes,
   FlagError,
+  FlagValueError,
 } from '../local-execution/assert-iac-options-flag';
 import { IaCTestFlags } from '../local-execution/types';
 
@@ -40,7 +46,36 @@ export function assertIacV2Options(options: IaCTestFlags): void {
     }
   }
 
+  if (options.severityThreshold) {
+    assertSeverityOptions(options.severityThreshold);
+  }
+
+  if (options['var-file']) {
+    assertVarFileOptions(options['var-file']);
+  }
+
   if (options.scan) {
     assertTerraformPlanModes(options.scan as string);
   }
 }
+
+function assertSeverityOptions(severity: SEVERITY) {
+  const validSeverityOptions = SEVERITIES.map((s) => s.verboseName);
+
+  if (!validSeverityOptions.includes(severity)) {
+    throw new FlagValueError(
+      'severityThreshold',
+      severity,
+      validSeverityOptions.join(', '),
+    );
+  }
+}
+
+function assertVarFileOptions(filePath: string) {
+  if (!existsSync(filePath)) {
+    throw new InvalidVarFilePath(filePath);
+  }
+  if (extname(filePath) !== '.tfvars') {
+    throw new FlagValueError('var-file', filePath, '.tfvars file');
+  }
+}

src/cli/commands/test/iac/v2/index.ts

@@ -59,6 +59,7 @@ async function prepareTestConfig(
   const attributes = parseAttributes(options);
   const policy = await findAndLoadPolicy(process.cwd(), 'iac', options);
   const scan = options.scan ?? 'resource-changes';
+  const varFile = options['var-file'];
 
   return {
     paths,
@@ -75,6 +76,7 @@ async function prepareTestConfig(
     remoteRepoUrl,
     policy: policy?.toString(),
     scan,
+    varFile,
     depthDetection,
   };
 }

src/lib/iac/test/v2/local-cache/policy-engine/constants/utils.ts

@@ -1,11 +1,11 @@
 import * as os from 'os';
 
-const policyEngineChecksums = `104f3a8d8d1835f9621007fb7976a837ee8946510f41f7fc50323f728cebb21c  snyk-iac-test_0.26.0_Darwin_arm64
-61bfc743d4392952eb7de3f3c4cdb6e0dfb4a491d0ca24d67c929fc3656d6c5f  snyk-iac-test_0.26.0_Linux_x86_64
-73847b5bcc0f42cc8acd918f0dff97ee917a64ce84991785a8e6c46a6c4bc6f2  snyk-iac-test_0.26.0_Linux_arm64
-ac9100c8a1314a22fe7db7df8faa7d6be0aa6ba986f2db172f727fe004a0853d  snyk-iac-test_0.26.0_Windows_x86_64.exe
-ad2983ff583989608e259441de12b6871d9e9dcb994eb81214e9dbb14d3b3dd4  snyk-iac-test_0.26.0_Darwin_x86_64
-c7de20ee54fd66c885e2bbe37b8c1d533464a525a5abdbc1d86a6a5c8a76b2b8  snyk-iac-test_0.26.0_Windows_arm64.exe
+const policyEngineChecksums = `283cb07a894f8252733e6634bef84fbc4fe98eac338239493753e20477150abb  snyk-iac-test_0.27.0_Darwin_arm64
+55c6cae0b4805047d0f0d8f3eea74f12a4233211499cc2f006cee633f1f2e7b8  snyk-iac-test_0.27.0_Windows_x86_64.exe
+7a845e2108c309a7bde435342b69d3ed172a36971779dbc2e1a9a96582f1c4fb  snyk-iac-test_0.27.0_Windows_arm64.exe
+a06de762874686612d9d42b2eb165979f334413f6460a675f0559e8e56a264dc  snyk-iac-test_0.27.0_Linux_x86_64
+ac3ece2e1d59927330c996d968dc5bf84faaa766f85402b56b3ae15fe2fae313  snyk-iac-test_0.27.0_Linux_arm64
+d96eda3334548db4dc17ea9892b94f48a3a4187af13090118e04cdbd23c821b7  snyk-iac-test_0.27.0_Darwin_x86_64
 `;
 
 export const policyEngineVersion = getPolicyEngineVersion();

src/lib/iac/test/v2/scan/index.ts

@@ -146,6 +146,10 @@ function processFlags(
     flags.push('-remote-repo-url', options.remoteRepoUrl);
   }
 
+  if (options.varFile) {
+    flags.push('-var-file', options.varFile);
+  }
+
   return flags;
 }
 

src/lib/iac/test/v2/types.ts

@@ -17,5 +17,6 @@ export interface TestConfig {
   remoteRepoUrl?: string;
   policy?: string;
   scan: string;
+  varFile?: string;
   depthDetection?: number;
 }