From 684e1e963d74b1f4493b0be3a77bedaa1ab24eae Mon Sep 17 00:00:00 2001
From: Thomas Gosteli <thomas.gosteli@protonmail.ch>
Date: Tue, 27 May 2025 20:55:19 +0200
Subject: [PATCH] fix(terraform): parse provider lock entries without
 constraints (#3934)

In a .terraform.lock.hcl file in a provider block the `constraints` attribute is actually not required (=optional).

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
---
 syft/pkg/cataloger/terraform/cataloger_test.go                  | 2 +-
 .../terraform/test-fixtures/two-providers/.terraform.lock.hcl   | 1 -
 syft/pkg/terraform.go                                           | 2 +-
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/syft/pkg/cataloger/terraform/cataloger_test.go b/syft/pkg/cataloger/terraform/cataloger_test.go
index 5c5989b3d..618f069f6 100644
--- a/syft/pkg/cataloger/terraform/cataloger_test.go
+++ b/syft/pkg/cataloger/terraform/cataloger_test.go
@@ -59,7 +59,7 @@ func TestTerraformCataloger(t *testing.T) {
 		Metadata: pkg.TerraformLockProviderEntry{
 			URL:         "registry.terraform.io/hashicorp/google",
 			Version:     "6.8.0",
-			Constraints: "6.8.0",
+			Constraints: "",
 			Hashes: []string{
 				"h1:GlCaVPk6eKMg2ZbRY7C5tUeHGNIABT+qFtMl8+XWZHM=",
 				"zh:1b78f4451f1617092eb6891c9c13eda79671060601c40947feea6794c732157a",
diff --git a/syft/pkg/cataloger/terraform/test-fixtures/two-providers/.terraform.lock.hcl b/syft/pkg/cataloger/terraform/test-fixtures/two-providers/.terraform.lock.hcl
index 2f1ac3894..6cdf708cb 100644
--- a/syft/pkg/cataloger/terraform/test-fixtures/two-providers/.terraform.lock.hcl
+++ b/syft/pkg/cataloger/terraform/test-fixtures/two-providers/.terraform.lock.hcl
@@ -26,7 +26,6 @@ provider "registry.terraform.io/hashicorp/aws" {
 
 provider "registry.terraform.io/hashicorp/google" {
   version     = "6.8.0"
-  constraints = "6.8.0"
   hashes = [
     "h1:GlCaVPk6eKMg2ZbRY7C5tUeHGNIABT+qFtMl8+XWZHM=",
     "zh:1b78f4451f1617092eb6891c9c13eda79671060601c40947feea6794c732157a",
diff --git a/syft/pkg/terraform.go b/syft/pkg/terraform.go
index 3db50bcbe..30b191838 100644
--- a/syft/pkg/terraform.go
+++ b/syft/pkg/terraform.go
@@ -3,7 +3,7 @@ package pkg
 // TerraformLockProviderEntry represents a single provider entry in a Terraform dependency lock file (.terraform.lock.hcl).
 type TerraformLockProviderEntry struct {
 	URL         string   `hcl:",label" json:"url"`
-	Constraints string   `hcl:"constraints" json:"constraints"`
+	Constraints string   `hcl:"constraints,optional" json:"constraints"`
 	Version     string   `hcl:"version" json:"version"`
 	Hashes      []string `hcl:"hashes" json:"hashes"`
 }