feat(result): added resourceType and resourceName to Terraform querie…

…s result (#5387)

* added resource info for TF K8S, GITHUB, GENERAL

* added resourceType and resourceName to ANS GCP

* added resourceType and resourceName to TF AZURE

* added resourceType and resourceName to TF ALICLOUD

* added resourceType and resourceName to TF AWS

* correcting

* improved resourceName for TF

assets/libraries/terraform.rego

@@ -606,3 +606,36 @@ allows_action_from_all_principals(json_policy, action) {
     anyPrincipal(statement)
     common_lib.containsOrInArrayContains(statement.Action, action)
 }
+
+resourceFieldName = {
+	"google_bigquery_dataset": "friendly_name",
+	"alicloud_actiontrail_trail": "trail_name",
+	"alicloud_ros_stack": "stack_name",
+	"alicloud_oss_bucket": "bucket",
+	"aws_s3_bucket": "bucket",
+	"aws_msk_cluster": "cluster_name",
+	"aws_mq_broker": "broker_name",
+	"aws_elasticache_cluster": "cluster_id",
+}
+
+get_resource_name(resource, resourceDefinitionName) = name {
+	possibleNames := {"name", "display_name"}
+	targetName := possibleNames[_]
+	name := resource[targetName]
+} else = name {
+	name := resource.metadata.name
+} else = name {
+	prefix := resource.name_prefix
+	name := sprintf("%s<unknown-sufix>", [prefix])
+} else = name {
+	name := common_lib.get_tag_name_if_exists(resource)
+} else = name {
+	name := resourceDefinitionName
+}
+
+get_specific_resource_name(resource, resourceType, resourceDefinitionName) = name {
+	field := resourceFieldName[resourceType]
+	name := resource[field]
+} else = name {
+	name := get_resource_name(resource, resourceDefinitionName)
+}

assets/queries/dockerCompose/docker_socket_mounted_in_container/query.rego

@@ -13,7 +13,6 @@ CxPolicy[result] {
 
 
 	result := {
-    	"debug": sprintf("%s",[host_path]),
 		"documentId": sprintf("%s", [resource.id]),
 		"searchKey": sprintf("services.%s.volumes",[name]),
 		"issueType": "IncorrectValue",

assets/queries/dockerCompose/memory_not_limited/query.rego

@@ -64,7 +64,6 @@ CxPolicy[result] {
     not common_lib.valid_key(resources, "limits")
 
 	result := {
-    	"debug":sprintf("%s",[resources]),
 		"documentId": sprintf("%s", [resource.id]),
 		"searchKey": sprintf("services.%s.deploy.resources",[name]),
 		"issueType": "MissingAttribute",

assets/queries/terraform/alicloud/action_trail_logging_all_regions_disabled/query.rego

@@ -1,5 +1,7 @@
 package Cx
+
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 	some i
@@ -11,6 +13,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_actiontrail_trail",
+		"resourceName": tf_lib.get_specific_resource_name(resource, "alicloud_actiontrail_trail", name),
 		"searchKey": sprintf("alicloud_actiontrail_trail[%s]", [name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("'%s' is set.",[possibilities[p]]),
@@ -29,6 +33,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_actiontrail_trail",
+		"resourceName": tf_lib.get_specific_resource_name(resource, "alicloud_actiontrail_trail", name),
 		"searchKey": sprintf("alicloud_actiontrail_trail[%s].%s", [name, p[f]]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": sprintf("'%s' is set to All", [p[f]]),

assets/queries/terraform/alicloud/actiontrail_trail_oss_bucket_is_publicly_accessible/query.rego

@@ -1,6 +1,7 @@
 package Cx
 
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
     some i
@@ -13,6 +14,8 @@ CxPolicy[result] {
 
     result := {
         "documentId": input.document[i].id,
+        "resourceType": "alicloud_actiontrail_trail",
+		"resourceName": tf_lib.get_specific_resource_name(actiontrail, "alicloud_actiontrail_trail", name),
         "searchKey": sprintf("alicloud_actiontrail_trail[%s].oss_bucket_name", [name]),
         "issueType": "IncorrectValue",
         "keyExpectedValue": sprintf("'alicloud_actiontrail_trail[%s].oss_bucket_name' is private", [name]),

assets/queries/terraform/alicloud/alb_listening_on_http/query.rego

@@ -1,13 +1,16 @@
 package Cx
 
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 	resource := input.document[i].resource.alicloud_alb_listener[name]
 	resource.listener_protocol == "HTTP"
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_alb_listener",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_alb_listener[%s].listener_protocol", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": "'alicloud_alb_listener[%s].listener_protocol' should not be 'HTTP'",

assets/queries/terraform/alicloud/api_gateway_api_protocol_not_https/query.rego

@@ -1,5 +1,7 @@
 package Cx
+
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 	resource := input.document[i].resource.alicloud_api_gateway_api[name]
@@ -8,6 +10,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_api_gateway_api",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_api_gateway_api[%s].request_config.protocol", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": "'protocol' value should be 'HTTPS'",
@@ -24,6 +28,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_api_gateway_api",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_api_gateway_api[%s].request_config.protocol", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": "'protocol' value should be 'HTTPS'",

assets/queries/terraform/alicloud/cmk_is_unusable/query.rego

@@ -1,6 +1,7 @@
 package Cx
 
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 	resource := input.document[i].resource.alicloud_kms_key[name]
@@ -9,6 +10,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_kms_key",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_kms_key[%s].is_enabled", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": sprintf("alicloud_kms_key[%s].is_enabled to be set to true", [name]),
@@ -24,6 +27,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_kms_key",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_kms_key[%s]", [name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("alicloud_kms_key[%s].is_enabled to be set to true", [name]),

assets/queries/terraform/alicloud/cs_kubernetes_node_pool_auto_repair_disabled/query.rego

@@ -1,6 +1,7 @@
 package Cx
 
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 
@@ -11,6 +12,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_cs_kubernetes_node_pool",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_cs_kubernetes_node_pool[%s].resource.management.auto_repair ",[name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": sprintf("For the resource alicloud_cs_kubernetes_node_pool[%s] to have 'auto_repair' set to true.", [name]),
@@ -26,6 +29,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_cs_kubernetes_node_pool",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_cs_kubernetes_node_pool[%s]",[name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("For the resource alicloud_cs_kubernetes_node_pool[%s] to have a 'management' block containing 'auto_repair' set to true.", [name]),
@@ -41,6 +46,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_cs_kubernetes_node_pool",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_cs_kubernetes_node_pool[%s].management",[name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("For the resource alicloud_cs_kubernetes_node_pool[%s] to have a 'management' block containing 'auto_repair' set to true.", [name]),

assets/queries/terraform/alicloud/db_instance_publicly_accessible/query.rego

@@ -1,13 +1,16 @@
 package Cx
 
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 	resource := input.document[i].resource.alicloud_db_instance[name]
 	resource.address == "0.0.0.0/0"
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_db_instance",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_db_instance[%s].address", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": "'address' should not be set to '0.0.0.0/0'",

assets/queries/terraform/alicloud/disk_encryption_disabled/query.rego

@@ -1,17 +1,18 @@
 package Cx
 
 import data.generic.common as common_lib
-import data.generic.terraform as terra_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 
 	resource := input.document[i].resource.alicloud_disk[name]
     resource.encrypted == false
 
-
-
+
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_disk",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_disk[%s].encrypted", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": sprintf("[%s] has encryption set to true", [name]),
@@ -29,6 +30,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_disk",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_disk[%s]",[name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("[%s] has encryption enabled",[name]),

assets/queries/terraform/alicloud/ecs_data_disk_kms_key_id_undefined/query.rego

@@ -1,7 +1,7 @@
 package Cx
 
 import data.generic.common as common_lib
-import data.generic.terraform as terra_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 
@@ -10,6 +10,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_disk",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_disk[%s]", [name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("[%s] has kms key id defined", [name]),

assets/queries/terraform/alicloud/high_kms_key_rotation_period/query.rego

@@ -1,6 +1,7 @@
 package Cx
 
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 	some i
@@ -10,6 +11,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_kms_key",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_kms_key[%s].rotation_interval", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": "'rotation_interval' value should not be higher than a year",
@@ -25,6 +28,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_kms_key",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_kms_key[%s].rotation_interval", [name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": "'automatic_rotation' should be defined and set to Enabled",
@@ -40,6 +45,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_kms_key",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_kms_key[%s].rotation_interval", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": "'automatic_rotation' should be set to Enabled",

assets/queries/terraform/alicloud/kubernetes_cluster_without_terway_as_cni_network_plugin/query.rego

@@ -1,6 +1,7 @@
 package Cx
 
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 	resource := input.document[i].resource.alicloud_cs_kubernetes[name]
@@ -9,6 +10,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_cs_kubernetes",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_cs_kubernetes[%s]", [name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("alicloud_cs_kubernetes[%s].pod_vswitch_ids is defined and not null",[name]),
@@ -24,6 +27,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_cs_kubernetes",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_cs_kubernetes[%s]", [name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("alicloud_cs_kubernetes[%s].addons specifies the terway-eniip",[name]),

assets/queries/terraform/alicloud/launch_template_is_not_encrypted/query.rego

@@ -1,13 +1,16 @@
 package Cx
 
 import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 	resource := input.document[i].resource.alicloud_launch_template[name]
 	resource.encrypted == false
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_launch_template",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_launch_template[%s].encrypted", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": sprintf("alicloud_launch_template[%s].encrypted to be true", [name]),
@@ -22,6 +25,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_launch_template",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_launch_template[%s]", [name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("alicloud_launch_template[%s] 'encrypted' should be defined and set to true", [name]),

assets/queries/terraform/alicloud/log_retention_is_not_greater_than_90_days/query.rego

@@ -1,7 +1,7 @@
 package Cx
 
 import data.generic.common as common_lib
-import data.generic.terraform as terra_lib
+import data.generic.terraform as tf_lib
 
 CxPolicy[result] {
 
@@ -10,6 +10,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_log_store",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_log_store[%s]", [name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": "For attribute 'retention_period' to be set and over 90 days.",
@@ -26,6 +28,8 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
+		"resourceType": "alicloud_log_store",
+		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("alicloud_log_store[%s].retention_period", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": "For the attribite 'retention_period' to be set to 90+ days",