fix(kubernetes): fix in ServiceAccountTokens check (#3717)

handle edge-case of spec not a dict

checkov/kubernetes/checks/resource/k8s/ServiceAccountTokens.py

@@ -51,6 +51,8 @@ def scan_spec_conf(self, conf: dict[str, Any]) -> CheckResult:
 
         # Collect results
         if spec:
+            if not isinstance(spec, dict):
+                return CheckResult.UNKNOWN
             if spec.get("automountServiceAccountToken") is False:
                 return CheckResult.PASSED
         return CheckResult.FAILED

tests/kubernetes/checks/example_ServiceAccountTokens/ServiceAccountTokensUNKNOWN.yaml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1 #we know that all the communication in k8s happen through api. 
+#what we want to create
+#inside kind you need to define type of api you want to execute. 
+kind: Deployment #pod#service
+metadata: #using metada and name we define the name of deployment
+  name: myapp-deployment #a deployment name myapp-deployment is created using .metadata.name field
+  labels:
+    app: myapp 
+spec: #inside your deployment we need to provide spec how this deployment api will launch your pod
+  replicas: 3 #it will create three pod
+  selector: #the .spec.selector file define ho the deployment find which pod to manage. 
+    matchLabels: #.spec.selector.matchlabel it is euqivalent to map ke,value. something called as match expression
+      app: myapp 
+  template: #container template deploy in three pod
+    metadata:
+      name: myapp-pod  #using metadata name
+      labels: 
+        app: myapp #this label should match with pod label. 
+    spec: #we define container spec
+        - name: myapp-container 
+          image: nginx 
+          ports:
+           - containerPort: 80