From 7aa0dc43ae1eeddbe5d9b96e10bb1a41f35c7116 Mon Sep 17 00:00:00 2001
From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com>
Date: Thu, 17 Feb 2022 23:34:36 +0530
Subject: [PATCH] fix rds encryptionc check policy

issue #1135
---
 .../rdsHasStorageEncrypted.rego               | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/pkg/policies/opa/rego/aws/aws_db_instance/rdsHasStorageEncrypted.rego b/pkg/policies/opa/rego/aws/aws_db_instance/rdsHasStorageEncrypted.rego
index a53d492db..c1ce7d855 100755
--- a/pkg/policies/opa/rego/aws/aws_db_instance/rdsHasStorageEncrypted.rego
+++ b/pkg/policies/opa/rego/aws/aws_db_instance/rdsHasStorageEncrypted.rego
@@ -1,21 +1,14 @@
 package accurics
 
 rdsHasStorageEncrypted[rds.id] {
-    rds := input.aws_db_instance[_]
-    rds.config.storage_encrypted == null
+	rds := input.aws_db_instance[_]
+	encryptionCheck(rds.config)
 }
 
-rdsHasStorageEncrypted[rds.id] {
-    rds := input.aws_db_instance[_]
-    rds.config.storage_encrypted == false
+encryptionCheck(rds_config) {
+	object.get(rds_config, "storage_encrypted", "undefined") == [[], null, "undefined"]
 }
 
-rdsHasStorageEncrypted[rds.id] {
-    rds := input.aws_db_instance[_]
-    not rds.config.kms_key_id
+encryptionCheck(rds_config) {
+	rds_config.storage_encrypted != true
 }
-
-rdsHasStorageEncrypted[rds.id] {
-    rds := input.aws_db_instance[_]
-    rds.config.kms_key_id == null
-}
\ No newline at end of file