Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api_server_authorized_ip_ranges in Teraform deprecated and causing false positives #3850

Closed
huornlmj opened this issue Mar 15, 2023 · 3 comments
Closed

api_server_authorized_ip_ranges in Teraform deprecated and causing false positives #3850

huornlmj opened this issue Mar 15, 2023 · 3 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning

Comments

@huornlmj
Copy link

Description

Trivy will ignore "authorized_ip_ranges" and will complain if it doesn't find the now deprecated term "api_server_authorized_ip_ranges"

CRITICAL: Cluster does not limit API access to specific IP addresses.

What did you expect to happen?

Not get a false positive, and for Trivy to observe the newer construct as a pass

What happened instead?

A failed scan
@huornlmj huornlmj added the kind/bug Categorizes issue or PR as related to a bug. label Mar 15, 2023
@itaysk
Copy link
Contributor

itaysk commented Mar 15, 2023
edited
Loading

just to clarify, you are referring to check AVD-AZU-0041 which asserts the following argument: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#authorized_ip_ranges
correct?

@huornlmj
Copy link
Author

Yes @itaysk that's correct.

@itaysk itaysk added the scan/misconfiguration Issues relating to misconfiguration scanning label Mar 15, 2023
@huornlmj
Copy link
Author

This is very similar to https://github.com/aquasecurity/defsec/issues/1142 in defsec

@SanaaYousaf SanaaYousaf mentioned this issue Mar 27, 2023
Merged
@aquasecurity aquasecurity locked and limited conversation to collaborators May 11, 2023
@knqyf263 knqyf263 converted this issue into discussion #4331 May 11, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@itaysk @huornlmj