CKV_AZURE_171 doesn't handle property rename in AzureRM provider 4.x #6681

tanadeau · 2024-08-24T17:08:38Z

Describe the issue
CKV_AZURE_171 checks that automatic_channel_upgrade is set. However, this check fails on AzureRM provider 4.x due to the property being renamed to automatic_upgrade_channel. The check should check that both are not set or base check on version.

Examples
Should succeed with the following:

resource "azurerm_kubernetes_cluster" "this" {
   # ...
   automatic_upgrade_channel = "stable"
   # ...
}

Version (please complete the following information):

Checkov Version 3.2.234

The text was updated successfully, but these errors were encountered:

tw-sematell · 2024-08-27T07:30:44Z

A similar problem comes up with the container registry and CKV_AZURE_167: there is no policy block anymore but the property retention_policy_in_days.

bo156 · 2024-08-29T15:08:47Z

thanks @tanadeau and @tw-sematell :)
Can I kindly suggest that you'll contribute a PR for those use-cases?
Using the community to help us keep checkov updated to the latest changes is the most efficient way to keep the policies up to date :)

tanadeau added the checks Check additions or changes label Aug 24, 2024

bo156 added the good first issue Good for newcomers label Aug 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CKV_AZURE_171 doesn't handle property rename in AzureRM provider 4.x #6681

CKV_AZURE_171 doesn't handle property rename in AzureRM provider 4.x #6681

tanadeau commented Aug 24, 2024

tw-sematell commented Aug 27, 2024

bo156 commented Aug 29, 2024

CKV_AZURE_171 doesn't handle property rename in AzureRM provider 4.x #6681

CKV_AZURE_171 doesn't handle property rename in AzureRM provider 4.x #6681

Comments

tanadeau commented Aug 24, 2024

tw-sematell commented Aug 27, 2024

bo156 commented Aug 29, 2024