search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.97k stars 1.1k forks source link

CKV_AZURE_171 doesn't handle property rename in AzureRM provider 4.x #6681

Open tanadeau opened 2 weeks ago

tanadeau commented 2 weeks ago

Describe the issue CKV_AZURE_171 checks that automatic_channel_upgrade is set. However, this check fails on AzureRM provider 4.x due to the property being renamed to automatic_upgrade_channel. The check should check that both are not set or base check on version.

Examples Should succeed with the following:

resource "azurerm_kubernetes_cluster" "this" {
   # ...
   automatic_upgrade_channel = "stable"
   # ...
}

Version (please complete the following information):

tw-sematell commented 2 weeks ago

A similar problem comes up with the container registry and CKV_AZURE_167: there is no policy block anymore but the property retention_policy_in_days.

bo156 commented 2 weeks ago

thanks @tanadeau and @tw-sematell :) Can I kindly suggest that you'll contribute a PR for those use-cases? Using the community to help us keep checkov updated to the latest changes is the most efficient way to keep the policies up to date :)