I'm writing a custom policy in checkov in yaml format. For demo purpose I created a policy which will check the name of storage account and throws error if it has non-alphanumeric characters. My policy file is :
metadata:
name: "Ensure that storage account has no special characters"
category: "convention"
id: "SCV_VARIABLE_01"
definition:
resource_types:
- "azurerm_storage_account"
attribute: "name"
operator: regex_match
value: "^[a-z0-9]{3,24}$"
my variable.tf
variable "storage_account_name"{
type = string
default = "test-12324-$"
}
my main.tf will look like:
resource "azurerm_storage_account" "storage_account" {
name = var.storage_account_name
resource_group_name = var.resource_group_name
location = var.location
}
I created a policy folder and kept my policy-file.yaml only in it. policy folder is in $PWD location. All tf files are also in $PWD location.
If I execute checkov docker command:
docker run -t -v $PWD:/tf bridgecrew/checkov -d /tf --external-checks-dir /tf/policy
checkov internal policy "CKV_AZURE_43" is able to catch that my variable has some special characters and show it as Failed but my custom policy is Passed.
If I directly keep storage account name in main.tf then my custom policy is throwing error and working as expected.
Could you tell me what to specify in my custom policy file to throw error when I pass wrong variable value?
thanks, Santosh
