checkov icon indicating copy to clipboard operation
checkov copied to clipboard
verified publisher icon bridgecrewio

Issue while using multiple resources blockd

Open prr19776 opened this issue 1 year ago • 2 comments

Describe the issue Im trying to create new checks either in yaml or python custom policies

I am using Azure postgres flexi server and using this TF resource azurerm_postgresql_flexible_server_configuration , which creates multiple block like ssl-enforce , pgaudit enabled etc

The issue I am facing is for example if I have three resource blocks and I'm trying to check whether one of the resource blocks with that particular name contains SSL enforcement or not when I use the scan-resource-conf It treats each resource block as a conf and trying to check in each resource block whether SSL is enforced or not which is not the desired behavior. I want to check in the whole file that is the terraform plant file, whether at least one block with that particular resource type contains SSL enforced or not , I will pass the check if at least one block satisfies the condition. If there are multiple other blocks but none of the block contains this value then I should Mark this whole check is failed

Examples Please share an example code sample (in the IaC of your choice) + the expected outcomes.

Version (please complete the following information):

  • Checkov Version [e.g. 22]

Additional context Add any other context about the problem here.

prr19776 avatar May 18 '24 01:05 prr19776

Hi @prr19776

Thank you for your willingness to contribute by adding new checks. did you still have the issue for creating the checks? for better understanding, can you please share example that descibes the issue you are facing?

itai1357 avatar Jul 18 '24 10:07 itai1357

Yes I still have an issue , my understanding is it's just a limitation in checkov itself,I didn't find any easy way to fix this. And python seem to have similar limitations as well. If there is any example or snippet out there or would help me

prr19776 avatar Jul 18 '24 11:07 prr19776

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!

stale[bot] avatar Jan 18 '25 07:01 stale[bot]

Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: codifiedsecurity.slack.com Thanks!

stale[bot] avatar Feb 01 '25 21:02 stale[bot]