Merge pull request #33 from using-system/features/fix-checkov-issues

Features/fix checkov issues

Author: using-system

github/actions/checkov/entrypoint.sh

@@ -4,4 +4,4 @@ if [ ! -f $1/checkov.yml ]; then
   cp /config_empty.yml $1/checkov.yml
 fi
 
-checkov -d $1 --config-file $1/checkov.yml
+checkov -d $1 --config-file $1/checkov.yml -o github_failed_only

terraform/modules/az-aca/README.md

@@ -7,7 +7,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.78.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.82.0 |
 
 ## Modules
 

terraform/modules/az-acae-storage/README.md

@@ -7,7 +7,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.78.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.82.0 |
 
 ## Modules
 

terraform/modules/az-acae/README.md

@@ -7,7 +7,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.78.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.82.0 |
 
 ## Modules
 

terraform/modules/az-acr/README.md

@@ -7,7 +7,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.78.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.82.0 |
 
 ## Modules
 
@@ -40,6 +40,7 @@ No modules.
 | <a name="input_sku"></a> [sku](#input\_sku) | The SKU name of the container registry. | `string` | `"Premium"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to associate with resources. | `map(string)` | n/a | yes |
 | <a name="input_trust_policy_enabled"></a> [trust\_policy\_enabled](#input\_trust\_policy\_enabled) | Determines if the trust policy is enabled | `bool` | `true` | no |
+| <a name="input_zone_redundancy_enabled"></a> [zone\_redundancy\_enabled](#input\_zone\_redundancy\_enabled) | Determines if the zone redundancy is enabled | `bool` | `true` | no |
 
 ## Outputs
 

terraform/modules/az-acr/main.tf

@@ -21,10 +21,13 @@ resource "azurerm_container_registry" "acr" {
     for_each = var.georeplication_locations
 
     content {
-      location = georeplications.value
+      location                = georeplications.value
+      zone_redundancy_enabled = true
     }
   }
 
+  zone_redundancy_enabled = var.zone_redundancy_enabled
+
   identity {
     type         = var.identity_type
     identity_ids = var.identity_ids

terraform/modules/az-acr/tests/acr_not_secure.tftest.hcl

@@ -25,6 +25,7 @@ run "plan" {
     trust_policy_enabled            = false
     retention_policy_enabled        = false
     enable_lock_on_acr              = false
+    zone_redundancy_enabled         = false
     network_rule_bypass_option      = "AzureServices"
 
     tags                        = { Environment = "Test" }
@@ -105,6 +106,11 @@ run "plan" {
     error_message  = "acr georeplications must be empty"
   }
 
+  assert {
+    condition       = azurerm_container_registry.acr.zone_redundancy_enabled == false
+    error_message  = "acr zone_redundancy_enabled must be set to true"
+  }
+
   assert {
     condition       = length(azurerm_container_registry.acr.tags) == 1
     error_message  = "acr tags must contains one element"
@@ -133,6 +139,7 @@ run "apply" {
       trust_policy_enabled            = false
       retention_policy_enabled        = false
       enable_lock_on_acr              = false
+      zone_redundancy_enabled         = false
       network_rule_bypass_option      = "AzureServices"
 
       tags                        = { Environment = "Test" }

terraform/modules/az-acr/tests/acr_secure.tftest.hcl

@@ -101,6 +101,11 @@ run "plan" {
     error_message  = "acr georeplications must be empty"
   }
 
+  assert {
+    condition       = azurerm_container_registry.acr.zone_redundancy_enabled == true
+    error_message  = "acr zone_redundancy_enabled must be set to true"
+  }
+
   assert {
     condition       = length(azurerm_container_registry.acr.tags) == 1
     error_message  = "acr tags must contains one element"

terraform/modules/az-acr/variables.tf

@@ -69,6 +69,12 @@ variable "trust_policy_enabled" {
   default     = true
 }
 
+variable "zone_redundancy_enabled" {
+  description = "Determines if the zone redundancy is enabled"
+  type        = bool
+  default     = true
+}
+
 variable "identity_type" {
   description = "The type of identity used for the acr."
   type        = string

terraform/modules/az-ad-security-group-members/README.md

@@ -7,7 +7,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azuread"></a> [azuread](#provider\_azuread) | 2.45.0 |
+| <a name="provider_azuread"></a> [azuread](#provider\_azuread) | 2.46.0 |
 
 ## Modules