Module for_each with for expression is not evaluated

[pszypowicz]

When a module's for_each uses a for expression (e.g. { for k in var.list : k.name => k }), checkov stores it as a literal string and never expands the module. Direct map/set references work correctly.

Minimal reproducer (2 files)

modules/child/main.tf

variable "val" { type = string }
resource "terraform_data" "test" { input = var.val }

main.tf

variable "items" {
  type    = list(string)
  default = ["a", "b"]
}

module "child" {
  source   = "./modules/child"
  for_each = { for v in var.items : v => v }
  val      = each.value
}

Expected

Module expands to child["a"] and child["b"], resource resolves input.

Actual

Module child is not expanded. for_each stored as string:

"{for v in ['a', 'b'] : v :> v}"

Workaround

Use a direct map reference instead of a for expression:

variable "items" {
  type    = map(string)
  default = { a = "a", b = "b" }
}

module "child" {
  source   = "./modules/child"
  for_each = var.items
  val      = each.value
}

This expands child["a"] and child["b"] correctly.

Environment

Verified on main (8bd89be03). terraform validate passes on the reproducer.

[flesko-profinit]

I have similar issues.
#7215
#7358

[pszypowicz]

@flesko-profinit The fix in #7505 addresses a different root cause than #7215 and #7358. This issue is specifically about for expressions (e.g. { for v in list : v => v }) not being evaluated inside for_each -- the expression evaluator assumed iterable items are always dicts. #7215 is about function evaluation (concat/toset) in locals, and #7358 is about graph edge resolution with indexed references after expansion -- both separate code paths.