CKV_AZURE_189 should take into account virtual_network_subnet_ids

[Wiston999]

Describe the issue CKV_AZURE_189 should take into account virtual_network_subnet_ids too, in addition to ip_rules. Leaving public_network_access_enabled and network_acl.ip_rules empty makes the check fail even if network_acl.virtual_network_subnet_ids is configured properly.

Examples

resource "azurerm_key_vault" "keyvault" {
  name                        = var.keyvault_name == null ? substr(local.environment_name, 0, 23) : var.keyvault_name
  location                    = azurerm_resource_group.resourcegroup.location
  resource_group_name         = azurerm_resource_group.resourcegroup.name
  enabled_for_disk_encryption = true
  tenant_id                   = data.azurerm_subscription.current.tenant_id
  soft_delete_retention_days  = var.keyvault_soft_delete_retention_days
  purge_protection_enabled    = true

  sku_name = var.keyvault_sku

  tags = var.base_tags
  network_acls {
    bypass         = "AzureServices"
    default_action = "Deny"
    virtual_network_subnet_ids = ["SOME VALID SUBNET ID"]
  }
}

Version (please complete the following information):

• 3.2.44 Additional context Add any other context about the problem here.