checkov
checkov copied to clipboard
bridgecrewio
`CKV_AZURE_33` doesn't consider `azurerm_storage_account_queue_properties` resource
Describe the issue
The queue_properties property for the azurerm_storage_account resource is deprecated in terraform-provider-azurerm. CKV_AZURE_33 doesn't consider the newer azurerm_storage_account_queue_properties resource.
Examples
variable "location" {
default = "WestUS2"
description = "The Azure region where the resources will be created."
type = string
}
resource "azurerm_resource_group" "primary" {
name = "tfstate-rg"
location = var.location
}
resource "azurerm_storage_account" "primary" {
# TODO: Consider using customer-managed keys
# checkov:skip=CKV2_AZURE_1:We don't use customer-managed keys for non-prod resources
name = "tfstate"
resource_group_name = azurerm_resource_group.primary.name
location = azurerm_resource_group.primary.location
account_tier = "Standard"
# checkov:skip=CKV_AZURE_206:Non-prod resources don't need to be geo-redundant
account_replication_type = "LRS"
allow_nested_items_to_be_public = false
blob_properties {
delete_retention_policy {
days = 7
}
}
min_tls_version = "TLS1_2"
# checkov:skip=CKV_AZURE_59,CKV2_AZURE_33:Non-public access would require a VPN prior to setting up the infrastructure
public_network_access_enabled = true
shared_access_key_enabled = false
}
resource "azurerm_storage_account_queue_properties" "primary" {
storage_account_id = azurerm_storage_account.primary.id
hour_metrics {
include_apis = true
version = "1.0"
retention_policy_days = 10
}
logging {
delete = true
read = true
write = true
version = "1.0"
retention_policy_days = 10
}
minute_metrics {
include_apis = true
version = "1.0"
retention_policy_days = 10
}
}
Version (please complete the following information):
- Checkov Version: 3.2.424
Additional context N/A
