fix: allowing attributes to be excluded from rendering by resource type

Introducing a dictionary that maps resource type to attributes that should
not be rendered (i.e. "attribute_condition" in case of GCP identity pools)

checkov/terraform/graph_builder/variable_rendering/renderer.py

@@ -37,6 +37,10 @@
     'map': {}
 }
 
+attrsToFilterByResourceType = {
+    "google_iam_workload_identity_pool_provider": ["attribute_condition"]
+}
+
 DYNAMIC_STRING = 'dynamic'
 DYNAMIC_BLOCKS_LISTS = 'list'
 DYNAMIC_BLOCKS_MAPS = 'map'
@@ -488,7 +492,15 @@ def _assign_dynamic_value_for_map(
                     dpath.set(block_conf, dynamic_argument, lookup_value, separator=DOT_SEPERATOR)
         else:
             dpath.set(block_conf, dynamic_argument, dynamic_value, separator=DOT_SEPERATOR)
-
+
+    def shouldBeFilteredByConditionAndResourceType(self, attr: str, resource_type: List[str]) -> bool:
+        if not resource_type:
+            return False
+        for resource in resource_type:
+            if resource in attrsToFilterByResourceType:
+                if attr in attrsToFilterByResourceType[resource]:
+                    return True
+
     def evaluate_non_rendered_values(self) -> None:
         for index, vertex in enumerate(self.local_graph.vertices):
             changed_attributes = {}
@@ -500,6 +512,7 @@ def evaluate_non_rendered_values(self) -> None:
                 for attr in vertex.attributes
                 if attr not in reserved_attribute_names and not attribute_has_nested_attributes(attr, vertex.attributes, attribute_is_leaf)
                 and not attribute_has_dup_with_dynamic_attributes(attr, vertex.attributes)
+                and not self.shouldBeFilteredByConditionAndResourceType(attr, vertex.attributes.get("resource_type", []))
             ]
             for attribute in filtered_attributes:
                 curr_val = vertex.attributes.get(attribute)