Closed SebastianBalle closed 2 months ago
Hi @SebastianBalle, thank you for reaching out. Can you share the piece of code that give you this true-negative?
The problem shows up for a terraform code which uses
resource "azurerm_cognitive_account" "cognitive_formrecognizer_account" {
local_auth_enabled = true
}
The description of the check is inconsistent with the check, compare these lines: the description requires the local authentication, but the check asserts it's False
Apart from this inconsistency, the question is whether the local authentication should be recommended to be disabled in favor of Microsoft Entra https://learn.microsoft.com/en-us/azure/ai-services/disable-local-auth
Hi @marcindulak / @SebastianBalle ,
We investigate the case and we found that the rule is ok but the describe is not.
local_auth_enabled
should be false.
Describe the issue If it is related to an existing check, please note the relevant check ID. Also, explain the logic for this addition / change.
Exisiting check: CKV_AZURE_236 The exisiting check located at: https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/CognitiveServicesEnableLocalAuth.py expect a
local_auth_enabled = false
to pass. This seems to go against the policy itself as it is expected to succeed whenlocal_auth_enabled = true
as indicated by the description.Examples Please share an example code sample (in the IaC of your choice) + the expected outcomes.
Version (please complete the following information):
Additional context Add any other context about the problem here.