checkov
checkov copied to clipboard
CKV_AZURE_189 should take into account virtual_network_subnet_ids
Describe the issue
CKV_AZURE_189 should take into account virtual_network_subnet_ids
too, in addition to ip_rules
.
Leaving public_network_access_enabled
and network_acl.ip_rules
empty makes the check fail even if network_acl.virtual_network_subnet_ids
is configured properly.
Examples
resource "azurerm_key_vault" "keyvault" {
name = var.keyvault_name == null ? substr(local.environment_name, 0, 23) : var.keyvault_name
location = azurerm_resource_group.resourcegroup.location
resource_group_name = azurerm_resource_group.resourcegroup.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_subscription.current.tenant_id
soft_delete_retention_days = var.keyvault_soft_delete_retention_days
purge_protection_enabled = true
sku_name = var.keyvault_sku
tags = var.base_tags
network_acls {
bypass = "AzureServices"
default_action = "Deny"
virtual_network_subnet_ids = ["SOME VALID SUBNET ID"]
}
}
Version (please complete the following information):
- 3.2.44 Additional context Add any other context about the problem here.