New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AC_AZURE_0285 policy does not work with inline rules #1453
Comments
Did some more detective work, and tested following terraform snippet:
Which returned following output:
So the .rego implementation works, but the policy is only asserted for in-line and out-line network security rules if there is a |
Description
Azure Policiy
AC_AZURE_0285
for Network security rule allowing communication to Tcp port 22 is not caught by terrascan if the network rule is defined inline assecurity_rule
property of theazurerm_network_security_group
I have not checked any other similar policies, but I imagine this issue is also relevant for those.
I see this as a bug, but it may also be a missing policy for
azurerm_network_security_group
resource, but the end result is that using inline rules circumvents theAC_AZURE_0285
policy. Meaning that the deployed resource will be the same disregarding if the rules are defined inline or as independent azurerm resource.Either a policy should work disregarding which way a resource is configured, or several separate policies should exist covering the same issue. One cannot know or expect that developers are following one or the other way of configuring a resource.
What I Did
Following terraform code with inline rule:
Produced following terrascan output:
Using an azurerm resource for network rule with following code:
Produces following expected output:
The text was updated successfully, but these errors were encountered: