Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure AKS failling to check the network policy status. #789

Closed
rogerscuall opened this issue May 18, 2021 · 1 comment · Fixed by #844
Closed

Azure AKS failling to check the network policy status. #789

rogerscuall opened this issue May 18, 2021 · 1 comment · Fixed by #844
Assignees
@Rchanger
Labels
bug

Comments

@rogerscuall
Copy link

rogerscuall commented May 18, 2021
edited
Loading

  • terrascan version: v1.5.1
  • Operating System: OSX

Description

Trying to validate some aks build with terraform falling with: Ensure AKS cluster has Network Policy configured. that is accurics.azure.NS.382.
This support to happen if the AKZ has no network policy enabled, but in this case it does.

#main.tf
resource "azurerm_kubernetes_cluster" "primary" {

  name                = var.cluster_name
  location            = var.region
  resource_group_name = var.resource_group
  dns_prefix          = var.dns_prefix
  kubernetes_version  = var.k8s_version
  network_profile {
    network_plugin = var.network_plugin
    network_policy = var.network_policy
  }
#variables.tf
variable "network_policy" {
  description = "Sets up network policy to be used with Azure CNI."
  type        = string
  default     = "azure"
}

variable "network_plugin" {
  description = "Network plugin to use for networking."
  type        = string
  default     = "azure"
}

After applying the configuration I get this from the state:

network_profile {
        dns_service_ip     = "10.0.0.10"
        docker_bridge_cidr = "172.17.0.1/16"
        load_balancer_sku  = "Standard"
        network_plugin     = "azure"
        network_policy     = "azure"
        outbound_type      = "loadBalancer"

What I Did

terrascan scan
Violation Details -
    
        Description    :        Ensure AKS cluster has Network Policy configured.
        File           :        main.tf
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------


Scan Summary -

        File/Folder         :   <PATH>/terraform-modules/azure/terraform-azure-aks
        IaC Type            :   terraform
        Scanned At          :   2021-05-18 20:29:32.780455 +0000 UTC
        Policies Validated  :   607
        Violated Policies   :   1
        Low                 :   0
        Medium              :   1
        High                :   0


Violation Details -
    
        Description    :        Ensure AKS cluster has Network Policy configured.
        File           :        main.tf
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------


Scan Summary -

        File/Folder         :   <PATH>/GitHub/terraform-modules/azure/terraform-azure-aks
        IaC Type            :   terraform
        Scanned At          :   2021-05-18 20:29:32.774897 +0000 UTC
        Policies Validated  :   607
        Violated Policies   :   1
        Low                 :   0
        Medium              :   1
        High                :   0
@amirbenv amirbenv added the policy Issue concerning policy maintainers. label May 19, 2021
@kanchwala-yusuf
Copy link
Contributor

Hey @rogerscuall,
Thank you for reporting this issue.

Just tried debugging this issue, it seems that there is some problem with reference resolution for variables network_plugin and network_policy.

@kanchwala-yusuf kanchwala-yusuf added bug and removed policy Issue concerning policy maintainers. labels May 19, 2021
@Rchanger Rchanger self-assigned this Jun 7, 2021
@Rchanger Rchanger linked a pull request Jun 8, 2021 that will close this issue
fixes: Terraform inner block reference resolution #844
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rchanger Rchanger

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixes: Terraform inner block reference resolution Rchanger/terrascan
4 participants
@rogerscuall @kanchwala-yusuf @Rchanger @amirbenv