From 2ca5eb13b63516b6de209257dd238673e09c6bad Mon Sep 17 00:00:00 2001
From: maxgio <massimiliano.giovagnoli.1992@gmail.com>
Date: Mon, 14 Jun 2021 10:58:59 +0200
Subject: [PATCH] 
 fix(pkg/policies/opa/rego/azure/azurerm_container_registry/containerregistryresourcelock.rego):
 check correct fields (#858)

check that the azurerm_management_lock has the correct scope by
checking that is scoped to the correct terraform resource id.

Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>
---
 .../containerRegistryResourceLock.rego                     | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego b/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego
index 1f2a4074a..ad869328e 100755
--- a/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego
+++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/containerRegistryResourceLock.rego
@@ -26,4 +26,9 @@ resourceLockExist(registry, registry_input) = exists {
     registry_name := sprintf("azurerm_container_registry.%s", [registry.name])
 	resource_lock_exist_set[registry_name]
     exists = true
-}
\ No newline at end of file
+} else = exists {
+  # hcl inspection
+    resource_lock_exist_set := { resource_lock_id | resource_lock_id := split(input.azurerm_management_lock[i].config.scope, ".")[1] }
+    resource_lock_exist_set[registry.name]
+    exists = true
+}