diff --git a/pkg/iac/adapters/arm/storage/adapt.go b/pkg/iac/adapters/arm/storage/adapt.go index e0d3f69c795a..d789368264a4 100644 --- a/pkg/iac/adapters/arm/storage/adapt.go +++ b/pkg/iac/adapters/arm/storage/adapt.go @@ -49,6 +49,36 @@ func adaptAccounts(deployment azure.Deployment) []storage.Account { MinimumTLSVersion: resource.Properties.GetMapValue("minimumTlsVersion"). AsStringValue("TLS1_0", resource.Properties.GetMetadata()), Queues: queues, + BlobProperties: storage.BlobProperties{ + Metadata: resource.Properties.GetMetadata(), + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Metadata: resource.Properties.GetMetadata(), + Days: resource.Properties.GetMapValue("blobServices").GetMapValue("properties").GetMapValue("deleteRetentionPolicy").GetMapValue("days").AsIntValue(0, resource.Properties.GetMetadata()), + }, + }, + AccountReplicationType: resource.Properties.GetMapValue("sku").GetMapValue("name").AsStringValue("", resource.Properties.GetMetadata()), + InfrastructureEncryptionEnabled: resource.Properties.GetMapValue("encryption").GetMapValue("requireInfrastructureEncryption").AsBoolValue(false, resource.Properties.GetMetadata()), + CustomerManagedKey: storage.CustomerManagedKey{ + Metadata: resource.Properties.GetMetadata(), + KeyVaultKeyId: resource.Properties.GetMapValue("encryption").GetMapValue("keyVaultProperties").GetMapValue("keyUri").AsStringValue("", resource.Properties.GetMetadata()), + UserAssignedIdentityId: resource.Properties.GetMapValue("encryption").GetMapValue("identity").GetMapValue("userAssignedIdentity").AsStringValue("", resource.Properties.GetMetadata()), + }, + } + + // Adapt queue properties logging + queueServiceLogging := resource.Properties.GetMapValue("queueServices").GetMapValue("properties").GetMapValue("logging") + if !queueServiceLogging.IsNull() { + account.QueueProperties.Logging = storage.QueueLogging{ + Metadata: queueServiceLogging.GetMetadata(), + Delete: queueServiceLogging.GetMapValue("delete").AsBoolValue(false, queueServiceLogging.GetMetadata()), + Read: queueServiceLogging.GetMapValue("read").AsBoolValue(false, queueServiceLogging.GetMetadata()), + Write: queueServiceLogging.GetMapValue("write").AsBoolValue(false, queueServiceLogging.GetMetadata()), + Version: queueServiceLogging.GetMapValue("version").AsStringValue("", queueServiceLogging.GetMetadata()), + RetentionPolicyDays: queueServiceLogging.GetMapValue("retentionPolicy").GetMapValue("days").AsIntValue(0, queueServiceLogging.GetMetadata()), + } + if account.QueueProperties.Logging.Delete.IsTrue() || account.QueueProperties.Logging.Read.IsTrue() || account.QueueProperties.Logging.Write.IsTrue() { + account.QueueProperties.EnableLogging = types.Bool(true, queueServiceLogging.GetMetadata()) + } } publicNetworkAccess := resource.Properties.GetMapValue("publicNetworkAccess") diff --git a/pkg/iac/adapters/arm/storage/adapt_test.go b/pkg/iac/adapters/arm/storage/adapt_test.go index 56739f97cc42..bf3c4120ab44 100644 --- a/pkg/iac/adapters/arm/storage/adapt_test.go +++ b/pkg/iac/adapters/arm/storage/adapt_test.go @@ -32,7 +32,18 @@ func TestAdapt(t *testing.T) { Bypass: []types.StringValue{types.StringTest("AzureServices")}, AllowByDefault: types.BoolTest(true), }}, - PublicNetworkAccess: types.BoolTest(true), + PublicNetworkAccess: types.BoolTest(true), + AccountReplicationType: types.StringTest(""), + InfrastructureEncryptionEnabled: types.BoolTest(false), + BlobProperties: storage.BlobProperties{ + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Days: types.IntTest(0), + }, + }, + CustomerManagedKey: storage.CustomerManagedKey{ + KeyVaultKeyId: types.StringTest(""), + UserAssignedIdentityId: types.StringTest(""), + }, }}, }, }, @@ -57,9 +68,11 @@ func TestAdapt(t *testing.T) { }`, expected: storage.Storage{ Accounts: []storage.Account{{ - MinimumTLSVersion: types.StringTest("TLS1_2"), - EnforceHTTPS: types.BoolTest(true), - PublicNetworkAccess: types.BoolTest(false), + MinimumTLSVersion: types.StringTest("TLS1_2"), + EnforceHTTPS: types.BoolTest(true), + PublicNetworkAccess: types.BoolTest(false), + AccountReplicationType: types.StringTest(""), + InfrastructureEncryptionEnabled: types.BoolTest(false), NetworkRules: []storage.NetworkRule{{ Bypass: []types.StringValue{ types.StringTest("Logging"), @@ -67,6 +80,15 @@ func TestAdapt(t *testing.T) { }, AllowByDefault: types.BoolTest(true), }}, + BlobProperties: storage.BlobProperties{ + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Days: types.IntTest(0), + }, + }, + CustomerManagedKey: storage.CustomerManagedKey{ + KeyVaultKeyId: types.StringTest(""), + UserAssignedIdentityId: types.StringTest(""), + }, }}, }, }, diff --git a/pkg/iac/adapters/terraform/azure/storage/adapt.go b/pkg/iac/adapters/terraform/azure/storage/adapt.go index 34b7a58267a0..91852a4fb2ce 100644 --- a/pkg/iac/adapters/terraform/azure/storage/adapt.go +++ b/pkg/iac/adapters/terraform/azure/storage/adapt.go @@ -21,6 +21,20 @@ func Adapt(modules terraform.Modules) storage.Storage { EnableLogging: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + BlobProperties: storage.BlobProperties{ + Metadata: iacTypes.NewUnmanagedMetadata(), + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Metadata: iacTypes.NewUnmanagedMetadata(), + Days: iacTypes.IntDefault(7, iacTypes.NewUnmanagedMetadata()), + }, + }, + AccountReplicationType: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + InfrastructureEncryptionEnabled: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + CustomerManagedKey: storage.CustomerManagedKey{ + Metadata: iacTypes.NewUnmanagedMetadata(), + KeyVaultKeyId: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + UserAssignedIdentityId: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + }, } accounts = append(accounts, orphanAccount) @@ -91,6 +105,37 @@ func adaptAccounts(modules terraform.Modules) ([]storage.Account, []string, []st } account.Queues = append(account.Queues, queue) } + // Adapt customer managed key resource + // Only use the resource if the block wasn't already set (they are mutually exclusive in Terraform) + if account.CustomerManagedKey.KeyVaultKeyId.IsEmpty() { + customerManagedKeyResources := module.GetReferencingResources(resource, "azurerm_storage_account_customer_managed_key", "storage_account_id") + for _, cmkResource := range customerManagedKeyResources { + keyVaultKeyIdAttr := cmkResource.GetAttribute("key_vault_key_id") + if keyVaultKeyIdAttr.IsNotNil() { + account.CustomerManagedKey.KeyVaultKeyId = keyVaultKeyIdAttr.AsStringValueOrDefault("", cmkResource) + account.CustomerManagedKey.Metadata = cmkResource.GetMetadata() + } else { + // If key_vault_key_id is not directly set, try to construct from key_vault_id and key_name + keyVaultIdAttr := cmkResource.GetAttribute("key_vault_id") + keyNameAttr := cmkResource.GetAttribute("key_name") + if keyVaultIdAttr.IsNotNil() && keyNameAttr.IsNotNil() { + keyVaultId := keyVaultIdAttr.AsStringValueOrDefault("", cmkResource) + keyName := keyNameAttr.AsStringValueOrDefault("", cmkResource) + if !keyVaultId.IsEmpty() && !keyName.IsEmpty() { + // Construct the full key ID format: https://{keyVaultId}/keys/{keyName} + keyId := keyVaultId.Value() + "/keys/" + keyName.Value() + account.CustomerManagedKey.KeyVaultKeyId = iacTypes.String(keyId, cmkResource.GetMetadata()) + account.CustomerManagedKey.Metadata = cmkResource.GetMetadata() + } + } + } + userAssignedIdentityIdAttr := cmkResource.GetAttribute("user_assigned_identity_id") + if userAssignedIdentityIdAttr.IsNotNil() { + account.CustomerManagedKey.UserAssignedIdentityId = userAssignedIdentityIdAttr.AsStringValueOrDefault("", cmkResource) + } + break // Only process the first matching resource + } + } accounts = append(accounts, account) } } @@ -110,6 +155,20 @@ func adaptAccount(resource *terraform.Block) storage.Account { }, MinimumTLSVersion: iacTypes.StringDefault(minimumTlsVersionOneTwo, resource.GetMetadata()), PublicNetworkAccess: resource.GetAttribute("public_network_access_enabled").AsBoolValueOrDefault(true, resource), + BlobProperties: storage.BlobProperties{ + Metadata: resource.GetMetadata(), + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Metadata: resource.GetMetadata(), + Days: iacTypes.IntDefault(7, resource.GetMetadata()), + }, + }, + AccountReplicationType: resource.GetAttribute("account_replication_type").AsStringValueOrDefault("", resource), + InfrastructureEncryptionEnabled: resource.GetAttribute("infrastructure_encryption_enabled").AsBoolValueOrDefault(false, resource), + CustomerManagedKey: storage.CustomerManagedKey{ + Metadata: resource.GetMetadata(), + KeyVaultKeyId: iacTypes.StringDefault("", resource.GetMetadata()), + UserAssignedIdentityId: iacTypes.StringDefault("", resource.GetMetadata()), + }, } networkRulesBlocks := resource.GetBlocks("network_rules") @@ -120,12 +179,49 @@ func adaptAccount(resource *terraform.Block) storage.Account { httpsOnlyAttr := resource.GetAttribute("enable_https_traffic_only") account.EnforceHTTPS = httpsOnlyAttr.AsBoolValueOrDefault(true, resource) + // Adapt blob properties + blobPropertiesBlock := resource.GetBlock("blob_properties") + if blobPropertiesBlock.IsNotNil() { + account.BlobProperties.Metadata = blobPropertiesBlock.GetMetadata() + deleteRetentionPolicyBlock := blobPropertiesBlock.GetBlock("delete_retention_policy") + if deleteRetentionPolicyBlock.IsNotNil() { + account.BlobProperties.DeleteRetentionPolicy.Metadata = deleteRetentionPolicyBlock.GetMetadata() + daysAttr := deleteRetentionPolicyBlock.GetAttribute("days") + if daysAttr.IsNotNil() { + account.BlobProperties.DeleteRetentionPolicy.Days = daysAttr.AsIntValueOrDefault(7, deleteRetentionPolicyBlock) + } + } + } + + // Adapt customer managed key + customerManagedKeyBlock := resource.GetBlock("customer_managed_key") + if customerManagedKeyBlock.IsNotNil() { + account.CustomerManagedKey.Metadata = customerManagedKeyBlock.GetMetadata() + keyVaultKeyIdAttr := customerManagedKeyBlock.GetAttribute("key_vault_key_id") + if keyVaultKeyIdAttr.IsNotNil() { + account.CustomerManagedKey.KeyVaultKeyId = keyVaultKeyIdAttr.AsStringValueOrDefault("", customerManagedKeyBlock) + } + userAssignedIdentityIdAttr := customerManagedKeyBlock.GetAttribute("user_assigned_identity_id") + if userAssignedIdentityIdAttr.IsNotNil() { + account.CustomerManagedKey.UserAssignedIdentityId = userAssignedIdentityIdAttr.AsStringValueOrDefault("", customerManagedKeyBlock) + } + } + + // Adapt queue properties queuePropertiesBlock := resource.GetBlock("queue_properties") if queuePropertiesBlock.IsNotNil() { account.QueueProperties.Metadata = queuePropertiesBlock.GetMetadata() loggingBlock := queuePropertiesBlock.GetBlock("logging") if loggingBlock.IsNotNil() { account.QueueProperties.EnableLogging = iacTypes.Bool(true, loggingBlock.GetMetadata()) + account.QueueProperties.Logging = storage.QueueLogging{ + Metadata: loggingBlock.GetMetadata(), + Delete: loggingBlock.GetAttribute("delete").AsBoolValueOrDefault(false, loggingBlock), + Read: loggingBlock.GetAttribute("read").AsBoolValueOrDefault(false, loggingBlock), + Write: loggingBlock.GetAttribute("write").AsBoolValueOrDefault(false, loggingBlock), + Version: loggingBlock.GetAttribute("version").AsStringValueOrDefault("", loggingBlock), + RetentionPolicyDays: loggingBlock.GetAttribute("retention_policy_days").AsIntValueOrDefault(0, loggingBlock), + } } } diff --git a/pkg/iac/adapters/terraform/azure/storage/adapt_test.go b/pkg/iac/adapters/terraform/azure/storage/adapt_test.go index 5f576731d432..4d98174c1017 100644 --- a/pkg/iac/adapters/terraform/azure/storage/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/storage/adapt_test.go @@ -24,11 +24,28 @@ func Test_Adapt(t *testing.T) { expected: storage.Storage{ Accounts: []storage.Account{ { - PublicNetworkAccess: iacTypes.BoolTest(true), - MinimumTLSVersion: iacTypes.StringTest(minimumTlsVersionOneTwo), - EnforceHTTPS: iacTypes.BoolTest(true), + PublicNetworkAccess: iacTypes.BoolTest(true), + MinimumTLSVersion: iacTypes.StringTest(minimumTlsVersionOneTwo), + EnforceHTTPS: iacTypes.BoolTest(true), + AccountReplicationType: iacTypes.StringTest(""), + InfrastructureEncryptionEnabled: iacTypes.BoolTest(false), + BlobProperties: storage.BlobProperties{ + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Days: iacTypes.IntTest(7), + }, + }, + CustomerManagedKey: storage.CustomerManagedKey{ + KeyVaultKeyId: iacTypes.StringTest(""), + UserAssignedIdentityId: iacTypes.StringTest(""), + }, + }, + { + BlobProperties: storage.BlobProperties{ + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Days: iacTypes.IntTest(7), + }, + }, }, - {}, }, }, }, @@ -104,6 +121,24 @@ func Test_Adapt(t *testing.T) { QueueProperties: storage.QueueProperties{ Metadata: iacTypes.NewTestMetadata(), EnableLogging: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Logging: storage.QueueLogging{ + Delete: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Read: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Write: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Version: iacTypes.String("1.0", iacTypes.NewTestMetadata()), + RetentionPolicyDays: iacTypes.Int(10, iacTypes.NewTestMetadata()), + }, + }, + AccountReplicationType: iacTypes.StringTest(""), + InfrastructureEncryptionEnabled: iacTypes.BoolTest(false), + BlobProperties: storage.BlobProperties{ + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Days: iacTypes.IntTest(7), + }, + }, + CustomerManagedKey: storage.CustomerManagedKey{ + KeyVaultKeyId: iacTypes.StringTest(""), + UserAssignedIdentityId: iacTypes.StringTest(""), }, Containers: []storage.Container{ { @@ -119,7 +154,18 @@ func Test_Adapt(t *testing.T) { Metadata: iacTypes.NewUnmanagedMetadata(), EnableLogging: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, - MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + AccountReplicationType: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + InfrastructureEncryptionEnabled: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + BlobProperties: storage.BlobProperties{ + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Days: iacTypes.IntDefault(7, iacTypes.NewUnmanagedMetadata()), + }, + }, + CustomerManagedKey: storage.CustomerManagedKey{ + KeyVaultKeyId: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + UserAssignedIdentityId: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + }, }, }, }, @@ -154,7 +200,18 @@ func Test_Adapt(t *testing.T) { Metadata: iacTypes.NewUnmanagedMetadata(), EnableLogging: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, - MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + AccountReplicationType: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + InfrastructureEncryptionEnabled: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + BlobProperties: storage.BlobProperties{ + DeleteRetentionPolicy: storage.DeleteRetentionPolicy{ + Days: iacTypes.IntDefault(7, iacTypes.NewUnmanagedMetadata()), + }, + }, + CustomerManagedKey: storage.CustomerManagedKey{ + KeyVaultKeyId: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + UserAssignedIdentityId: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + }, Containers: []storage.Container{ { Metadata: iacTypes.NewTestMetadata(), diff --git a/pkg/iac/providers/azure/storage/storage.go b/pkg/iac/providers/azure/storage/storage.go index ce86ec8698cc..b6d3c440367b 100755 --- a/pkg/iac/providers/azure/storage/storage.go +++ b/pkg/iac/providers/azure/storage/storage.go @@ -9,14 +9,18 @@ type Storage struct { } type Account struct { - Metadata iacTypes.Metadata - NetworkRules []NetworkRule - EnforceHTTPS iacTypes.BoolValue - Containers []Container - QueueProperties QueueProperties - MinimumTLSVersion iacTypes.StringValue - Queues []Queue - PublicNetworkAccess iacTypes.BoolValue + Metadata iacTypes.Metadata + NetworkRules []NetworkRule + EnforceHTTPS iacTypes.BoolValue + Containers []Container + QueueProperties QueueProperties + MinimumTLSVersion iacTypes.StringValue + Queues []Queue + PublicNetworkAccess iacTypes.BoolValue + BlobProperties BlobProperties + AccountReplicationType iacTypes.StringValue + InfrastructureEncryptionEnabled iacTypes.BoolValue + CustomerManagedKey CustomerManagedKey } type Queue struct { @@ -27,6 +31,16 @@ type Queue struct { type QueueProperties struct { Metadata iacTypes.Metadata EnableLogging iacTypes.BoolValue + Logging QueueLogging +} + +type QueueLogging struct { + Metadata iacTypes.Metadata + Delete iacTypes.BoolValue + Read iacTypes.BoolValue + Write iacTypes.BoolValue + Version iacTypes.StringValue + RetentionPolicyDays iacTypes.IntValue } type NetworkRule struct { @@ -45,3 +59,19 @@ type Container struct { Metadata iacTypes.Metadata PublicAccess iacTypes.StringValue } + +type BlobProperties struct { + Metadata iacTypes.Metadata + DeleteRetentionPolicy DeleteRetentionPolicy +} + +type DeleteRetentionPolicy struct { + Metadata iacTypes.Metadata + Days iacTypes.IntValue +} + +type CustomerManagedKey struct { + Metadata iacTypes.Metadata + KeyVaultKeyId iacTypes.StringValue + UserAssignedIdentityId iacTypes.StringValue +} diff --git a/pkg/iac/rego/schemas/cloud.json b/pkg/iac/rego/schemas/cloud.json index 5d47e95c1482..70d18cdd33aa 100644 --- a/pkg/iac/rego/schemas/cloud.json +++ b/pkg/iac/rego/schemas/cloud.json @@ -5424,6 +5424,14 @@ "type": "object", "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.Metadata" }, + "accountreplicationtype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" + }, + "blobproperties": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.BlobProperties" + }, "containers": { "type": "array", "items": { @@ -5431,10 +5439,18 @@ "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Container" } }, + "customermanagedkey": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.CustomerManagedKey" + }, "enforcehttps": { "type": "object", "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, + "infrastructureencryptionenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" + }, "minimumtlsversion": { "type": "object", "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" @@ -5463,6 +5479,19 @@ } } }, + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.BlobProperties": { + "type": "object", + "properties": { + "__defsec_metadata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.Metadata" + }, + "deleteretentionpolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.DeleteRetentionPolicy" + } + } + }, "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Container": { "type": "object", "properties": { @@ -5476,6 +5505,36 @@ } } }, + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.CustomerManagedKey": { + "type": "object", + "properties": { + "__defsec_metadata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.Metadata" + }, + "keyvaultkeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" + }, + "userassignedidentityid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" + } + } + }, + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.DeleteRetentionPolicy": { + "type": "object", + "properties": { + "__defsec_metadata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.Metadata" + }, + "days": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" + } + } + }, "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.NetworkRule": { "type": "object", "properties": { @@ -5509,6 +5568,35 @@ } } }, + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.QueueLogging": { + "type": "object", + "properties": { + "__defsec_metadata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.Metadata" + }, + "delete": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" + }, + "read": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" + }, + "retentionpolicydays": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" + }, + "version": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" + }, + "write": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" + } + } + }, "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.QueueProperties": { "type": "object", "properties": { @@ -5519,6 +5607,10 @@ "enablelogging": { "type": "object", "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" + }, + "logging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.QueueLogging" } } },