Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Describe the issue
Im trying to create new checks either in yaml or python custom policies
I am using Azure postgres flexi server and using this TF resource azurerm_postgresql_flexible_server_configuration , which creates multiple block like ssl-enforce , pgaudit enabled etc
The issue I am facing is for example if I have three resource blocks and I'm trying to check whether one of the resource blocks with that particular name contains SSL enforcement or not when I use the scan-resource-conf It treats each resource block as a conf and trying to check in each resource block whether SSL is enforced or not which is not the desired behavior. I want to check in the whole file that is the terraform plant file, whether at least one block with that particular resource type contains SSL enforced or not , I will pass the check if at least one block satisfies the condition. If there are multiple other blocks but none of the block contains this value then I should Mark this whole check is failed
Examples
Please share an example code sample (in the IaC of your choice) + the expected outcomes.
Version (please complete the following information):
Checkov Version [e.g. 22]
Additional context
Add any other context about the problem here.
Describe the issue Im trying to create new checks either in yaml or python custom policies
I am using Azure postgres flexi server and using this TF resource azurerm_postgresql_flexible_server_configuration , which creates multiple block like ssl-enforce , pgaudit enabled etc
The issue I am facing is for example if I have three resource blocks and I'm trying to check whether one of the resource blocks with that particular name contains SSL enforcement or not when I use the scan-resource-conf It treats each resource block as a conf and trying to check in each resource block whether SSL is enforced or not which is not the desired behavior. I want to check in the whole file that is the terraform plant file, whether at least one block with that particular resource type contains SSL enforced or not , I will pass the check if at least one block satisfies the condition. If there are multiple other blocks but none of the block contains this value then I should Mark this whole check is failed
Examples Please share an example code sample (in the IaC of your choice) + the expected outcomes.
Version (please complete the following information):
Additional context Add any other context about the problem here.