Checkov attribute reference

439 Views Asked by jk1234 At 27 January 2022 at 14:02

I am currently learning policy-as-code with the help of Checkov. In the process, I am also writing my own policies.

I would like to write a policy that checks the content inside "managed_rule_set". I know how to reference the attributes from the terraform-file correctly, but not how to do it in this particular case. I define the custom policies via a yaml-file and orient myself on the documentation of checkov.

Terraform-file: tf-file

    resource "azurerm_web_application_firewall_policy" "waf_network" {
  name                = "waf-${var.tag_project}-network-${var.tag_environment}"
  resource_group_name = azurerm_resource_group.rg_network.name
  location            = "azurerm_resource_group.rg_network.location"
  
  policy_settings {
    enabled = true
    mode    = "Prevention"
  }

  managed_rules {
    managed_rule_set {
      type    = "OWASP"
      version = "3.1"
    }
    managed_rule_set {
      type    = "Microsoft_BotManagerRuleSet"
      version = "0.1"
    }
  }

  tags = merge(local.common_tags, local.intrinsic_tags)
}

Has anyone an idea? Thanks!

Original Q&A

There are 1 best solutions below

gruebel On 31 January 2022 at 15:44

depending on what you want to achieve you can use .*. to reference all the managed_rule_set blocks, like that

- cond_type: "attribute"
resource_types: 
    - "azurerm_web_application_firewall_policy"
    attribute: "managed_rules.managed_rule_set.*.type"
    operator: "contains"
    value: "OWASP"

Checkov attribute reference

There are 1 best solutions below

Related Questions in TERRAFORM

Related Questions in POLICY

Related Questions in CHECKOV

Trending Questions

Popular # Hahtags

Popular Questions