From 72e3ebcab9f89533b8cba2ab770b21bc106c87a6 Mon Sep 17 00:00:00 2001 From: Tim Earle Date: Mon, 17 May 2021 01:45:48 -0400 Subject: [PATCH] Fix accurics.azure.AKS.3 (#712) --- .../containerRegistryResourceLock.rego | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego b/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego index fffa7f7c3..1f2a4074a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego @@ -16,10 +16,12 @@ package accurics } resourceLockExist(registry, registry_input) = exists { + # plan file inspection resource_lock_exist_set := { resource_lock_id | input.azurerm_management_lock[i].type == "azurerm_management_lock"; resource_lock_id := input.azurerm_management_lock[i].config.scope } - resource_lock_exist_set[registry.id] + resource_lock_exist_set[registry.config.id] exists = true } else = exists { + # hcl inspection resource_lock_exist_set := { resource_id | input.azurerm_management_lock[i].type == "azurerm_management_lock"; resource_id := input.azurerm_management_lock[i].config.name } registry_name := sprintf("azurerm_container_registry.%s", [registry.name]) resource_lock_exist_set[registry_name]