Outdated check for google_container_cluster binary authorization

[calexandre]

Describe the issue
Check: CKV_GCP_66: "Ensure use of Binary Authorization" is not checking against the updated property causing the check to fail.

The current property states that the old method enable_binary_authorization is deprecated in favor the new binary_authorization block

Examples

Before:

enable_binary_authorization = true

Now:

  binary_authorization {
    evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
  }

Version (please complete the following information):

• Checkov Version 2.1.149

[gruebel]

hey @calexandre thanks for reaching out. Great catch with the deprecation 🚀 are you maybe interested in contributing the needed change?

[gruebel]

Relevant files:
https://github.com/bridgecrewio/checkov/blob/master/checkov/terraform/checks/resource/gcp/GKEBinaryAuthorization.py
and the related test files
https://github.com/bridgecrewio/checkov/blob/master/tests/terraform/checks/resource/gcp/test_GKEBinaryAuthorization.py
https://github.com/bridgecrewio/checkov/blob/master/tests/terraform/checks/resource/gcp/test_GKEBinaryAuthorization/main.tf

[JamesWoolfenden]

@gruebel the changes is that that binary auth is now always on so the check isnt needed at all

[gruebel]

@JamesWoolfenden but as far as I understand, you can set the mode to DISABLED and then it is actually disabled. So it is more like a negative check, as long as you don't set it to DISABLED you are fine, right?

[losisin]

I think what @calexandre is trying to say is how we do the check needs to change. What used to be bool now is moved in module block. Missing block or setting evaluation_mode as DISABLED should still fail though. If @gruebel and @JamesWoolfenden agree I can have a go with this one.