CKV2_AZURE_4 Doesn't Process azurerm_mssql_server_extended_auditing_policy

[darren-johnson]

We configure our Azure SQL Server auditing policy using the azurerm_mssql_server_extended_auditing_policy resource as opposed to configuring inline in the azurerm_mssql_server resource via the extended_auditing_policy block.

With this in mind, I have added the line below to the azurerm_mssql_server resource:

checkov:skip=CKV_AZURE_24:this is Enabled and handled by a separate resource 'azurerm_mssql_server_extended_auditing_policy'

However when I then test that setting the 'retention_in_days' to less than 90 within the azurerm_mssql_server_extended_auditing_policy resource checkov does not pick this up.

I am using version: 2.0.317

An Example block of code is:

resource "azurerm_mssql_server_extended_auditing_policy" "sql" {
  server_id                  = azurerm_mssql_server.sql.id
  storage_account_access_key = null
  storage_endpoint           = null
  retention_in_days          = 80
}

[Pretty-19]

Hi @schosterbarak is this task taken up can I have a look at it?

[nimrodkor]

We welcome any contribution on this issue. The fix would be extending the check (CKV2_AZURE_4) to take another option - that the configuration is in a connected resource as mentioned in the original issue description

[stale[bot]]

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io Thanks!

[stale[bot]]

Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: https://slack.bridgecrew.io Thanks!