matansha
commented
3 months ago Hi @SebastianBalle, thank you for reaching out. Can you share the piece of code that give you this true-negative?
Closed SebastianBalle closed 2 months ago
matansha
commented
3 months ago Hi @SebastianBalle, thank you for reaching out. Can you share the piece of code that give you this true-negative?
marcindulak
commented
3 months ago The problem shows up for a terraform code which uses
resource "azurerm_cognitive_account" "cognitive_formrecognizer_account" {
local_auth_enabled = true
}The description of the check is inconsistent with the check, compare these lines: the description requires the local authentication, but the check asserts it's False
Apart from this inconsistency, the question is whether the local authentication should be recommended to be disabled in favor of Microsoft Entra https://learn.microsoft.com/en-us/azure/ai-services/disable-local-auth
matansha
commented
3 months ago Hi @marcindulak / @SebastianBalle ,
We investigate the case and we found that the rule is ok but the describe is not.
local_auth_enabled should be false.
Describe the issue If it is related to an existing check, please note the relevant check ID. Also, explain the logic for this addition / change.
Exisiting check: CKV_AZURE_236 The exisiting check located at: https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CognitiveServicesEnableLocalAuth.py expect a
local_auth_enabled = falseto pass. This seems to go against the policy itself as it is expected to succeed whenlocal_auth_enabled = trueas indicated by the description.Examples Please share an example code sample (in the IaC of your choice) + the expected outcomes.
Version (please complete the following information):
Additional context Add any other context about the problem here.