fix(pkg/policies/opa/rego/azure/azurerm_container_registry/containerr…

…egistryresourcelock.rego): check correct fields (#858) check that the azurerm_management_lock has the correct scope by checking that is scoped to the correct terraform resource id. Signed-off-by: maxgio92 <[email protected]>
tenable · Jun 14, 2021 · 2ca5eb1 · 2ca5eb1
1 parent c642063
commit 2ca5eb1
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego b/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego
@@ -26,4 +26,9 @@ resourceLockExist(registry, registry_input) = exists {
     registry_name := sprintf("azurerm_container_registry.%s", [registry.name])
 	resource_lock_exist_set[registry_name]
     exists = true
-}
+} else = exists {
+  # hcl inspection
+    resource_lock_exist_set := { resource_lock_id | resource_lock_id := split(input.azurerm_management_lock[i].config.scope, ".")[1] }
+    resource_lock_exist_set[registry.name]
+    exists = true
+}