From 7a40673cf3cd60c97c548808f133bc77275fd63d Mon Sep 17 00:00:00 2001 From: fredgate Date: Thu, 12 Jan 2023 00:13:57 +0100 Subject: [PATCH] fix(terraform): default value for CKV_AZURE_5 --- checkov/terraform/checks/resource/azure/AKSRbacEnabled.py | 6 +++--- .../terraform/checks/resource/azure/test_AKSRbacEnabled.py | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/checkov/terraform/checks/resource/azure/AKSRbacEnabled.py b/checkov/terraform/checks/resource/azure/AKSRbacEnabled.py index 25462fb15b2..259540b5d44 100644 --- a/checkov/terraform/checks/resource/azure/AKSRbacEnabled.py +++ b/checkov/terraform/checks/resource/azure/AKSRbacEnabled.py @@ -23,10 +23,10 @@ def scan_resource_conf(self, conf): ] for key in self.evaluated_keys: - if dpath.search(conf, key) and dpath.get(conf, key)[0]: - return CheckResult.PASSED + if dpath.search(conf, key): + return CheckResult.PASSED if dpath.get(conf, key)[0] else CheckResult.FAILED - return CheckResult.FAILED + return CheckResult.PASSED check = AKSRbacEnabled() diff --git a/tests/terraform/checks/resource/azure/test_AKSRbacEnabled.py b/tests/terraform/checks/resource/azure/test_AKSRbacEnabled.py index 6a217afdfb1..a4d5969c16d 100644 --- a/tests/terraform/checks/resource/azure/test_AKSRbacEnabled.py +++ b/tests/terraform/checks/resource/azure/test_AKSRbacEnabled.py @@ -45,7 +45,7 @@ def test_failure_false_new_syntax(self): scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result) - def test_failure_default(self): + def test_success_default(self): resource_conf = { "name": ["example-aks1"], "location": ["${azurerm_resource_group.example.location}"], @@ -64,7 +64,7 @@ def test_failure_default(self): } scan_result = check.scan_resource_conf(conf=resource_conf) - self.assertEqual(CheckResult.FAILED, scan_result) + self.assertEqual(CheckResult.PASSED, scan_result) # azurerm < 2.99.0 def test_success(self):