AVD-AZU-0051 triggers on any public IP, not just /0 #7135

chanster · 2024-07-09T16:18:56Z

chanster
Jul 9, 2024

IDs

AVD-AZU-0051

Description

The title of the check is An outbound network security rule allows traffic to /0 but the actual trigger is any public IP range.

The code is just checking if the IP is a public IP and does not validate the mask. The title or triggger should be updated to match the other.

Link to specific code line: https://github.com/aquasecurity/trivy-checks/blame/3c54ac8393e3ae60e70a638940f5dbb636717843/checks/cloud/azure/network/no_public_egress.go#L43)

Reproduction Steps

1. Set destination IP to any public IP `x.x.x.x/32`
1. Run `trivy fs --scanners misconfig --severity CRITICAL /path/to/terraform/files`

Target

Filesystem

Scanner

Misconfiguration

Target OS

n/a

Debug Output

trivy fs --scanners misconfig,secret --severity CRITICAL ./modules/azure/network/ --debug
2024-07-09T08:15:36-05:00       DEBUG   Cache dir       dir="/Users/user/Library/Caches/trivy"
2024-07-09T08:15:36-05:00       DEBUG   Parsed severities       severities=[CRITICAL]
2024-07-09T08:15:36-05:00       DEBUG   Ignore statuses statuses=[]
2024-07-09T08:15:36-05:00       INFO    Misconfiguration scanning is enabled
2024-07-09T08:15:36-05:00       DEBUG   Policies successfully loaded from disk
2024-07-09T08:15:36-05:00       INFO    Secret scanning is enabled
2024-07-09T08:15:36-05:00       INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T08:15:36-05:00       INFO    Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T08:15:36-05:00       DEBUG   Enabling misconfiguration scanners      scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-07-09T08:15:36-05:00       DEBUG   Initializing scan cache...      type="memory"
2024-07-09T08:15:36-05:00       DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2024-07-09T08:15:36-05:00       DEBUG   [nuget] The nuget packages directory couldn't be found. License search disabled
2024-07-09T08:15:36-05:00       DEBUG   Scanning files for misconfigurations... scanner="Terraform"
2024-07-09T08:15:36-05:00       DEBUG   [misconf] 15:36.855368000 terraform.scanner                Scanning [&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950862872791433072 905235198 0x113ded3e0} <nil>} {{{0 0} {[] {} 0xc0032cb9e0} map[flow_logs:0xc0000ba538 flow_logs.tf:0xc0000ba5b8 locals.tf:0xc0000ba5d8 nat_gateway.tf:0xc0000ba5f0 nsg_rules:0xc0000ba5f8 outputs.tf:0xc0000ba640 private_link.tf:0xc0000ba650 route_table.tf:0xc0000ba670 subnet_api.tf:0xc0000ba680 subnet_data.tf:0xc0000ba690 subnet_dmz.tf:0xc0000ba6a0 subnet_dnsr_in.tf:0xc0000ba6b8 subnet_dnsr_out.tf:0xc0000ba6c8 subnet_mgmt.tf:0xc0000ba6e0 subnet_web.tf:0xc0000ba6f0 subnet_worker.tf:0xc0000ba700 variables.tf:0xc0000ba710 virtual_network.tf:0xc0000ba720] 2}}}) modules/azure/network}] at '.'...
2024-07-09T08:15:36-05:00       DEBUG   [misconf] 15:36.858988000 terraform.scanner.rego           Overriding filesystem for checks!
2024-07-09T08:15:36-05:00       DEBUG   [misconf] 15:36.860139000 terraform.scanner.rego           Loaded 3 embedded libraries.
2024-07-09T08:15:36-05:00       DEBUG   [misconf] 15:36.924910000 terraform.scanner.rego           Loaded 192 embedded policies.
2024-07-09T08:15:38-05:00       DEBUG   [misconf] 15:38.806499000 terraform.scanner.rego           Loaded 195 checks from disk.
2024-07-09T08:15:38-05:00       DEBUG   [misconf] 15:38.806956000 terraform.scanner.rego           Overriding filesystem for data!
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.209752000 terraform.parser.<root>          Setting project/module root to '.'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.209802000 terraform.parser.<root>          Parsing FS from '.'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.209915000 terraform.parser.<root>          Parsing 'flow_logs.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.213498000 terraform.parser.<root>          Added file flow_logs.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.213558000 terraform.parser.<root>          Parsing 'locals.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.213696000 terraform.parser.<root>          Added file locals.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.213730000 terraform.parser.<root>          Parsing 'nat_gateway.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.213970000 terraform.parser.<root>          Added file nat_gateway.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.214006000 terraform.parser.<root>          Parsing 'outputs.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.214267000 terraform.parser.<root>          Added file outputs.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.214306000 terraform.parser.<root>          Parsing 'private_link.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.214422000 terraform.parser.<root>          Added file private_link.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.214464000 terraform.parser.<root>          Parsing 'route_table.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.214618000 terraform.parser.<root>          Added file route_table.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.214651000 terraform.parser.<root>          Parsing 'subnet_api.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.215782000 terraform.parser.<root>          Added file subnet_api.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.215824000 terraform.parser.<root>          Parsing 'subnet_data.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.216561000 terraform.parser.<root>          Added file subnet_data.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.216598000 terraform.parser.<root>          Parsing 'subnet_dmz.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.217446000 terraform.parser.<root>          Added file subnet_dmz.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.217490000 terraform.parser.<root>          Parsing 'subnet_dnsr_in.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.218217000 terraform.parser.<root>          Added file subnet_dnsr_in.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.218264000 terraform.parser.<root>          Parsing 'subnet_dnsr_out.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.218882000 terraform.parser.<root>          Added file subnet_dnsr_out.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.218919000 terraform.parser.<root>          Parsing 'subnet_mgmt.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.220308000 terraform.parser.<root>          Added file subnet_mgmt.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.220361000 terraform.parser.<root>          Parsing 'subnet_web.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.221316000 terraform.parser.<root>          Added file subnet_web.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.221357000 terraform.parser.<root>          Parsing 'subnet_worker.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.223381000 terraform.parser.<root>          Added file subnet_worker.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.223430000 terraform.parser.<root>          Parsing 'variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.223773000 terraform.parser.<root>          Added file variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.223809000 terraform.parser.<root>          Parsing 'virtual_network.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.223919000 terraform.parser.<root>          Added file virtual_network.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.223951000 terraform.parser.<root>          Parsing FS from 'flow_logs'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.223992000 terraform.parser.<root>          Parsing 'flow_logs/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.224300000 terraform.parser.<root>          Added file flow_logs/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.224334000 terraform.parser.<root>          Parsing 'flow_logs/storage_account.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.226162000 terraform.parser.<root>          Added file flow_logs/storage_account.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.226228000 terraform.parser.<root>          Parsing 'flow_logs/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.226529000 terraform.parser.<root>          Added file flow_logs/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.226567000 terraform.parser.<root>          Parsing FS from 'nsg_rules'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.226603000 terraform.parser.<root>          Parsing 'nsg_rules/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.227034000 terraform.parser.<root>          Added file nsg_rules/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.227070000 terraform.parser.<root>          Parsing 'nsg_rules/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.227418000 terraform.parser.<root>          Added file nsg_rules/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.236551000 terraform.scanner                Scanning root module '.'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.236620000 terraform.parser.<root>          Setting project/module root to '.'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.236639000 terraform.parser.<root>          Parsing FS from '.'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.236754000 terraform.parser.<root>          Parsing 'flow_logs.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.237106000 terraform.parser.<root>          Added file flow_logs.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.237163000 terraform.parser.<root>          Parsing 'locals.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.237281000 terraform.parser.<root>          Added file locals.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.237325000 terraform.parser.<root>          Parsing 'nat_gateway.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.237574000 terraform.parser.<root>          Added file nat_gateway.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.237621000 terraform.parser.<root>          Parsing 'outputs.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.237857000 terraform.parser.<root>          Added file outputs.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.237889000 terraform.parser.<root>          Parsing 'private_link.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.237980000 terraform.parser.<root>          Added file private_link.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.238008000 terraform.parser.<root>          Parsing 'route_table.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.238119000 terraform.parser.<root>          Added file route_table.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.238150000 terraform.parser.<root>          Parsing 'subnet_api.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.239269000 terraform.parser.<root>          Added file subnet_api.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.239307000 terraform.parser.<root>          Parsing 'subnet_data.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.240033000 terraform.parser.<root>          Added file subnet_data.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.240081000 terraform.parser.<root>          Parsing 'subnet_dmz.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.240921000 terraform.parser.<root>          Added file subnet_dmz.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.240976000 terraform.parser.<root>          Parsing 'subnet_dnsr_in.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.241581000 terraform.parser.<root>          Added file subnet_dnsr_in.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.241619000 terraform.parser.<root>          Parsing 'subnet_dnsr_out.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.242230000 terraform.parser.<root>          Added file subnet_dnsr_out.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.242268000 terraform.parser.<root>          Parsing 'subnet_mgmt.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.243152000 terraform.parser.<root>          Added file subnet_mgmt.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.243188000 terraform.parser.<root>          Parsing 'subnet_web.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.244063000 terraform.parser.<root>          Added file subnet_web.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.244097000 terraform.parser.<root>          Parsing 'subnet_worker.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.246195000 terraform.parser.<root>          Added file subnet_worker.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.246258000 terraform.parser.<root>          Parsing 'variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.246613000 terraform.parser.<root>          Added file variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.246658000 terraform.parser.<root>          Parsing 'virtual_network.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.246755000 terraform.parser.<root>          Added file virtual_network.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.246786000 terraform.parser.<root>          Evaluating module...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.252160000 terraform.parser.<root>          Read 75 block(s) and 0 ignore(s) for module 'root' (16 file[s])...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.252219000 terraform.parser.<root>          Added 0 variables from tfvars.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.252260000 terraform.parser.<root>          Working directory for module evaluation is "/Users/user/projects/infra"
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.252791000 terraform.parser.<root>.evaluator Filesystem key is '6066d1a6e43365d5a5fbadf49b4b930eef03c727c8bc9b80dc5b5112c46afd15'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.252832000 terraform.parser.<root>.evaluator Starting module evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.265348000 terraform.parser.<root>.evaluator Expanded block 'azurerm_monitor_diagnostic_setting.api' into 0 clones via 'count' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.265413000 terraform.parser.<root>.evaluator Expanded block 'azurerm_monitor_diagnostic_setting.data' into 0 clones via 'count' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.265454000 terraform.parser.<root>.evaluator Expanded block 'azurerm_monitor_diagnostic_setting.dmz' into 0 clones via 'count' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.265492000 terraform.parser.<root>.evaluator Expanded block 'azurerm_monitor_diagnostic_setting.dns_resolver_inbound' into 0 clones via 'count' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.265528000 terraform.parser.<root>.evaluator Expanded block 'azurerm_monitor_diagnostic_setting.dns_resolver_outbound' into 0 clones via 'count' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.265563000 terraform.parser.<root>.evaluator Expanded block 'azurerm_monitor_diagnostic_setting.mgmt' into 0 clones via 'count' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.265600000 terraform.parser.<root>.evaluator Expanded block 'azurerm_monitor_diagnostic_setting.web' into 0 clones via 'count' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.265636000 terraform.parser.<root>.evaluator Expanded block 'azurerm_monitor_diagnostic_setting.worker' into 0 clones via 'count' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.265674000 terraform.parser.<root>.evaluator Expanded block 'module.flow_logs' into 0 clones via 'count' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.267068000 terraform.parser.<root>.evaluator Expanded block 'azurerm_subnet_nat_gateway_association.this' into 8 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268044000 terraform.parser.<root>.evaluator Expanded block 'azurerm_subnet_route_table_association.this' into 8 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268091000 terraform.parser.<root>.evaluator Starting submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268123000 terraform.parser.<root>.evaluator locating non-initialized module './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268148000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.api_nsg_rules' with source: './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268174000 terraform.parser.<root>.evaluator.resolver Module 'module.api_nsg_rules' resolved locally to nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268190000 terraform.parser.<root>.evaluator.resolver Module path is nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268208000 terraform.parser.<root>.evaluator Module 'module.api_nsg_rules' resolved to path 'nsg_rules' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950862872791433072 905235198 0x113ded3e0} <nil>} {{{0 0} {[] {} 0xc002d16460} map[] 0}}}) modules/azure/network}' with prefix ''
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268225000 terraform.parser.<api_nsg_rules> Parsing FS from 'nsg_rules'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268261000 terraform.parser.<api_nsg_rules> Parsing 'nsg_rules/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268768000 terraform.parser.<api_nsg_rules> Added file nsg_rules/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.268810000 terraform.parser.<api_nsg_rules> Parsing 'nsg_rules/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269183000 terraform.parser.<api_nsg_rules> Added file nsg_rules/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269225000 terraform.parser.<root>.evaluator Loaded module "api_nsg_rules" from "nsg_rules".
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269245000 terraform.parser.<root>.evaluator locating non-initialized module './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269266000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.data_nsg_rules' with source: './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269287000 terraform.parser.<root>.evaluator.resolver Module 'module.data_nsg_rules' resolved locally to nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269311000 terraform.parser.<root>.evaluator.resolver Module path is nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269345000 terraform.parser.<root>.evaluator Module 'module.data_nsg_rules' resolved to path 'nsg_rules' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950862872791433072 905235198 0x113ded3e0} <nil>} {{{0 0} {[] {} 0xc002d16460} map[] 0}}}) modules/azure/network}' with prefix ''
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269379000 terraform.parser.<data_nsg_rules> Parsing FS from 'nsg_rules'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269423000 terraform.parser.<data_nsg_rules> Parsing 'nsg_rules/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269885000 terraform.parser.<data_nsg_rules> Added file nsg_rules/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.269923000 terraform.parser.<data_nsg_rules> Parsing 'nsg_rules/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270227000 terraform.parser.<data_nsg_rules> Added file nsg_rules/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270314000 terraform.parser.<root>.evaluator Loaded module "data_nsg_rules" from "nsg_rules".
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270347000 terraform.parser.<root>.evaluator locating non-initialized module './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270372000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.dmz_nsg_rules' with source: './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270395000 terraform.parser.<root>.evaluator.resolver Module 'module.dmz_nsg_rules' resolved locally to nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270409000 terraform.parser.<root>.evaluator.resolver Module path is nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270431000 terraform.parser.<root>.evaluator Module 'module.dmz_nsg_rules' resolved to path 'nsg_rules' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950862872791433072 905235198 0x113ded3e0} <nil>} {{{0 0} {[] {} 0xc002d16460} map[] 0}}}) modules/azure/network}' with prefix ''
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270451000 terraform.parser.<dmz_nsg_rules> Parsing FS from 'nsg_rules'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270484000 terraform.parser.<dmz_nsg_rules> Parsing 'nsg_rules/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270946000 terraform.parser.<dmz_nsg_rules> Added file nsg_rules/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.270991000 terraform.parser.<dmz_nsg_rules> Parsing 'nsg_rules/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271297000 terraform.parser.<dmz_nsg_rules> Added file nsg_rules/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271334000 terraform.parser.<root>.evaluator Loaded module "dmz_nsg_rules" from "nsg_rules".
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271355000 terraform.parser.<root>.evaluator locating non-initialized module './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271371000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.dns_resolver_inbound_nsg_rules' with source: './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271388000 terraform.parser.<root>.evaluator.resolver Module 'module.dns_resolver_inbound_nsg_rules' resolved locally to nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271401000 terraform.parser.<root>.evaluator.resolver Module path is nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271421000 terraform.parser.<root>.evaluator Module 'module.dns_resolver_inbound_nsg_rules' resolved to path 'nsg_rules' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950862872791433072 905235198 0x113ded3e0} <nil>} {{{0 0} {[] {} 0xc002d16460} map[] 0}}}) modules/azure/network}' with prefix ''
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271437000 terraform.parser.<dns_resolver_inbound_nsg_rules> Parsing FS from 'nsg_rules'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271466000 terraform.parser.<dns_resolver_inbound_nsg_rules> Parsing 'nsg_rules/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271885000 terraform.parser.<dns_resolver_inbound_nsg_rules> Added file nsg_rules/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.271919000 terraform.parser.<dns_resolver_inbound_nsg_rules> Parsing 'nsg_rules/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272224000 terraform.parser.<dns_resolver_inbound_nsg_rules> Added file nsg_rules/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272265000 terraform.parser.<root>.evaluator Loaded module "dns_resolver_inbound_nsg_rules" from "nsg_rules".
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272286000 terraform.parser.<root>.evaluator locating non-initialized module './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272302000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.dns_resolver_outbound_nsg_rules' with source: './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272319000 terraform.parser.<root>.evaluator.resolver Module 'module.dns_resolver_outbound_nsg_rules' resolved locally to nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272333000 terraform.parser.<root>.evaluator.resolver Module path is nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272353000 terraform.parser.<root>.evaluator Module 'module.dns_resolver_outbound_nsg_rules' resolved to path 'nsg_rules' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950862872791433072 905235198 0x113ded3e0} <nil>} {{{0 0} {[] {} 0xc002d16460} map[] 0}}}) modules/azure/network}' with prefix ''
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272380000 terraform.parser.<dns_resolver_outbound_nsg_rules> Parsing FS from 'nsg_rules'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272426000 terraform.parser.<dns_resolver_outbound_nsg_rules> Parsing 'nsg_rules/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272918000 terraform.parser.<dns_resolver_outbound_nsg_rules> Added file nsg_rules/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.272962000 terraform.parser.<dns_resolver_outbound_nsg_rules> Parsing 'nsg_rules/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.273350000 terraform.parser.<dns_resolver_outbound_nsg_rules> Added file nsg_rules/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.273408000 terraform.parser.<root>.evaluator Loaded module "dns_resolver_outbound_nsg_rules" from "nsg_rules".
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.273436000 terraform.parser.<root>.evaluator locating non-initialized module './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.273461000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.mgmt_nsg_rules' with source: './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.273485000 terraform.parser.<root>.evaluator.resolver Module 'module.mgmt_nsg_rules' resolved locally to nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.273501000 terraform.parser.<root>.evaluator.resolver Module path is nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.273525000 terraform.parser.<root>.evaluator Module 'module.mgmt_nsg_rules' resolved to path 'nsg_rules' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950862872791433072 905235198 0x113ded3e0} <nil>} {{{0 0} {[] {} 0xc002d16460} map[] 0}}}) modules/azure/network}' with prefix ''
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.273541000 terraform.parser.<mgmt_nsg_rules> Parsing FS from 'nsg_rules'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.273575000 terraform.parser.<mgmt_nsg_rules> Parsing 'nsg_rules/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274239000 terraform.parser.<mgmt_nsg_rules> Added file nsg_rules/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274306000 terraform.parser.<mgmt_nsg_rules> Parsing 'nsg_rules/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274756000 terraform.parser.<mgmt_nsg_rules> Added file nsg_rules/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274802000 terraform.parser.<root>.evaluator Loaded module "mgmt_nsg_rules" from "nsg_rules".
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274825000 terraform.parser.<root>.evaluator locating non-initialized module './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274842000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.web_nsg_rules' with source: './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274861000 terraform.parser.<root>.evaluator.resolver Module 'module.web_nsg_rules' resolved locally to nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274876000 terraform.parser.<root>.evaluator.resolver Module path is nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274898000 terraform.parser.<root>.evaluator Module 'module.web_nsg_rules' resolved to path 'nsg_rules' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950862872791433072 905235198 0x113ded3e0} <nil>} {{{0 0} {[] {} 0xc002d16460} map[] 0}}}) modules/azure/network}' with prefix ''
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274915000 terraform.parser.<web_nsg_rules> Parsing FS from 'nsg_rules'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.274947000 terraform.parser.<web_nsg_rules> Parsing 'nsg_rules/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275370000 terraform.parser.<web_nsg_rules> Added file nsg_rules/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275404000 terraform.parser.<web_nsg_rules> Parsing 'nsg_rules/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275713000 terraform.parser.<web_nsg_rules> Added file nsg_rules/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275751000 terraform.parser.<root>.evaluator Loaded module "web_nsg_rules" from "nsg_rules".
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275770000 terraform.parser.<root>.evaluator locating non-initialized module './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275785000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.worker_nsg_rules' with source: './nsg_rules'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275801000 terraform.parser.<root>.evaluator.resolver Module 'module.worker_nsg_rules' resolved locally to nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275815000 terraform.parser.<root>.evaluator.resolver Module path is nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275842000 terraform.parser.<root>.evaluator Module 'module.worker_nsg_rules' resolved to path 'nsg_rules' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950862872791433072 905235198 0x113ded3e0} <nil>} {{{0 0} {[] {} 0xc002d16460} map[] 0}}}) modules/azure/network}' with prefix ''
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275867000 terraform.parser.<worker_nsg_rules> Parsing FS from 'nsg_rules'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.275901000 terraform.parser.<worker_nsg_rules> Parsing 'nsg_rules/main.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.276376000 terraform.parser.<worker_nsg_rules> Added file nsg_rules/main.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.276415000 terraform.parser.<worker_nsg_rules> Parsing 'nsg_rules/variables.tf'...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.276833000 terraform.parser.<worker_nsg_rules> Added file nsg_rules/variables.tf.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.276875000 terraform.parser.<root>.evaluator Loaded module "worker_nsg_rules" from "nsg_rules".
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.276890000 terraform.parser.<api_nsg_rules> Evaluating module...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.277349000 terraform.parser.<api_nsg_rules> Read 6 block(s) and 0 ignore(s) for module 'api_nsg_rules' (2 file[s])...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.277528000 terraform.parser.<api_nsg_rules> Added 6 input variables from module definition.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.277575000 terraform.parser.<api_nsg_rules> Working directory for module evaluation is "/Users/user/projects/infra"
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.277643000 terraform.parser.<data_nsg_rules> Evaluating module...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.278031000 terraform.parser.<data_nsg_rules> Read 6 block(s) and 0 ignore(s) for module 'data_nsg_rules' (2 file[s])...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.278139000 terraform.parser.<data_nsg_rules> Added 6 input variables from module definition.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.278172000 terraform.parser.<data_nsg_rules> Working directory for module evaluation is "/Users/user/projects/infra"
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.278211000 terraform.parser.<dmz_nsg_rules> Evaluating module...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.278576000 terraform.parser.<dmz_nsg_rules> Read 6 block(s) and 0 ignore(s) for module 'dmz_nsg_rules' (2 file[s])...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.278686000 terraform.parser.<dmz_nsg_rules> Added 6 input variables from module definition.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.278716000 terraform.parser.<dmz_nsg_rules> Working directory for module evaluation is "/Users/user/projects/infra"
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.278754000 terraform.parser.<dns_resolver_inbound_nsg_rules> Evaluating module...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.279113000 terraform.parser.<dns_resolver_inbound_nsg_rules> Read 6 block(s) and 0 ignore(s) for module 'dns_resolver_inbound_nsg_rules' (2 file[s])...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.279183000 terraform.parser.<dns_resolver_inbound_nsg_rules> Added 6 input variables from module definition.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.279213000 terraform.parser.<dns_resolver_inbound_nsg_rules> Working directory for module evaluation is "/Users/user/projects/infra"
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.279251000 terraform.parser.<dns_resolver_outbound_nsg_rules> Evaluating module...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.279613000 terraform.parser.<dns_resolver_outbound_nsg_rules> Read 6 block(s) and 0 ignore(s) for module 'dns_resolver_outbound_nsg_rules' (2 file[s])...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.279686000 terraform.parser.<dns_resolver_outbound_nsg_rules> Added 6 input variables from module definition.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.279714000 terraform.parser.<dns_resolver_outbound_nsg_rules> Working directory for module evaluation is "/Users/user/projects/infra"
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.279751000 terraform.parser.<mgmt_nsg_rules> Evaluating module...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.280139000 terraform.parser.<mgmt_nsg_rules> Read 6 block(s) and 0 ignore(s) for module 'mgmt_nsg_rules' (2 file[s])...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.280277000 terraform.parser.<mgmt_nsg_rules> Added 6 input variables from module definition.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.280308000 terraform.parser.<mgmt_nsg_rules> Working directory for module evaluation is "/Users/user/projects/infra"
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.280346000 terraform.parser.<web_nsg_rules> Evaluating module...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.280710000 terraform.parser.<web_nsg_rules> Read 6 block(s) and 0 ignore(s) for module 'web_nsg_rules' (2 file[s])...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.280845000 terraform.parser.<web_nsg_rules> Added 6 input variables from module definition.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.280875000 terraform.parser.<web_nsg_rules> Working directory for module evaluation is "/Users/user/projects/infra"
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.280912000 terraform.parser.<worker_nsg_rules> Evaluating module...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.281272000 terraform.parser.<worker_nsg_rules> Read 6 block(s) and 0 ignore(s) for module 'worker_nsg_rules' (2 file[s])...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.281586000 terraform.parser.<worker_nsg_rules> Added 6 input variables from module definition.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.281616000 terraform.parser.<worker_nsg_rules> Working directory for module evaluation is "/Users/user/projects/infra"
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.281797000 terraform.parser.<root>.evaluator Evaluating submodule api_nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.281830000 terraform.parser.<api_nsg_rules>.evaluator Filesystem key is '6066d1a6e43365d5a5fbadf49b4b930eef03c727c8bc9b80dc5b5112c46afd15'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.281848000 terraform.parser.<api_nsg_rules>.evaluator Starting module evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.286325000 terraform.parser.<api_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.inbound' into 6 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.287688000 terraform.parser.<api_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.outbound' into 6 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.287730000 terraform.parser.<api_nsg_rules>.evaluator Starting submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.287749000 terraform.parser.<api_nsg_rules>.evaluator All submodules are evaluated at i=0
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.287763000 terraform.parser.<api_nsg_rules>.evaluator Starting post-submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.297243000 terraform.parser.<api_nsg_rules>.evaluator Finished processing 0 submodule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.297317000 terraform.parser.<api_nsg_rules>.evaluator Module evaluation complete.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.313591000 terraform.parser.<root>.evaluator Submodule api_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.313749000 terraform.parser.<root>.evaluator Evaluating submodule data_nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.313795000 terraform.parser.<data_nsg_rules>.evaluator Filesystem key is '6066d1a6e43365d5a5fbadf49b4b930eef03c727c8bc9b80dc5b5112c46afd15'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.313816000 terraform.parser.<data_nsg_rules>.evaluator Starting module evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.316775000 terraform.parser.<data_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.inbound' into 4 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.317655000 terraform.parser.<data_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.outbound' into 3 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.317698000 terraform.parser.<data_nsg_rules>.evaluator Starting submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.317716000 terraform.parser.<data_nsg_rules>.evaluator All submodules are evaluated at i=0
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.317729000 terraform.parser.<data_nsg_rules>.evaluator Starting post-submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.321620000 terraform.parser.<data_nsg_rules>.evaluator Finished processing 0 submodule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.321670000 terraform.parser.<data_nsg_rules>.evaluator Module evaluation complete.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.335421000 terraform.parser.<root>.evaluator Submodule api_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.335628000 terraform.parser.<root>.evaluator Submodule data_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.335735000 terraform.parser.<root>.evaluator Evaluating submodule dmz_nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.335784000 terraform.parser.<dmz_nsg_rules>.evaluator Filesystem key is '6066d1a6e43365d5a5fbadf49b4b930eef03c727c8bc9b80dc5b5112c46afd15'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.335809000 terraform.parser.<dmz_nsg_rules>.evaluator Starting module evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.338769000 terraform.parser.<dmz_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.inbound' into 4 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.339571000 terraform.parser.<dmz_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.outbound' into 4 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.339601000 terraform.parser.<dmz_nsg_rules>.evaluator Starting submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.339617000 terraform.parser.<dmz_nsg_rules>.evaluator All submodules are evaluated at i=0
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.339632000 terraform.parser.<dmz_nsg_rules>.evaluator Starting post-submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.343042000 terraform.parser.<dmz_nsg_rules>.evaluator Finished processing 0 submodule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.343081000 terraform.parser.<dmz_nsg_rules>.evaluator Module evaluation complete.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.359550000 terraform.parser.<root>.evaluator Submodule api_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.359813000 terraform.parser.<root>.evaluator Submodule data_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.360102000 terraform.parser.<root>.evaluator Submodule dmz_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.360188000 terraform.parser.<root>.evaluator Evaluating submodule dns_resolver_inbound_nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.360224000 terraform.parser.<dns_resolver_inbound_nsg_rules>.evaluator Filesystem key is '6066d1a6e43365d5a5fbadf49b4b930eef03c727c8bc9b80dc5b5112c46afd15'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.360241000 terraform.parser.<dns_resolver_inbound_nsg_rules>.evaluator Starting module evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.362336000 terraform.parser.<dns_resolver_inbound_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.inbound' into 3 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.362569000 terraform.parser.<dns_resolver_inbound_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.outbound' into 1 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.362602000 terraform.parser.<dns_resolver_inbound_nsg_rules>.evaluator Starting submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.362629000 terraform.parser.<dns_resolver_inbound_nsg_rules>.evaluator All submodules are evaluated at i=0
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.362651000 terraform.parser.<dns_resolver_inbound_nsg_rules>.evaluator Starting post-submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.364295000 terraform.parser.<dns_resolver_inbound_nsg_rules>.evaluator Finished processing 0 submodule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.364334000 terraform.parser.<dns_resolver_inbound_nsg_rules>.evaluator Module evaluation complete.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.378530000 terraform.parser.<root>.evaluator Submodule api_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.378751000 terraform.parser.<root>.evaluator Submodule data_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.378971000 terraform.parser.<root>.evaluator Submodule dmz_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.379098000 terraform.parser.<root>.evaluator Submodule dns_resolver_inbound_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.379173000 terraform.parser.<root>.evaluator Evaluating submodule dns_resolver_outbound_nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.379207000 terraform.parser.<dns_resolver_outbound_nsg_rules>.evaluator Filesystem key is '6066d1a6e43365d5a5fbadf49b4b930eef03c727c8bc9b80dc5b5112c46afd15'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.379224000 terraform.parser.<dns_resolver_outbound_nsg_rules>.evaluator Starting module evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.380721000 terraform.parser.<dns_resolver_outbound_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.inbound' into 1 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.381329000 terraform.parser.<dns_resolver_outbound_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.outbound' into 3 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.381358000 terraform.parser.<dns_resolver_outbound_nsg_rules>.evaluator Starting submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.381374000 terraform.parser.<dns_resolver_outbound_nsg_rules>.evaluator All submodules are evaluated at i=0
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.381387000 terraform.parser.<dns_resolver_outbound_nsg_rules>.evaluator Starting post-submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.382869000 terraform.parser.<dns_resolver_outbound_nsg_rules>.evaluator Finished processing 0 submodule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.382896000 terraform.parser.<dns_resolver_outbound_nsg_rules>.evaluator Module evaluation complete.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.405217000 terraform.parser.<root>.evaluator Submodule api_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.405470000 terraform.parser.<root>.evaluator Submodule data_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.405782000 terraform.parser.<root>.evaluator Submodule dmz_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.406034000 terraform.parser.<root>.evaluator Submodule dns_resolver_inbound_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.406206000 terraform.parser.<root>.evaluator Submodule dns_resolver_outbound_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.406465000 terraform.parser.<root>.evaluator Evaluating submodule mgmt_nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.406527000 terraform.parser.<mgmt_nsg_rules>.evaluator Filesystem key is '6066d1a6e43365d5a5fbadf49b4b930eef03c727c8bc9b80dc5b5112c46afd15'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.406558000 terraform.parser.<mgmt_nsg_rules>.evaluator Starting module evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.410639000 terraform.parser.<mgmt_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.inbound' into 4 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.411932000 terraform.parser.<mgmt_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.outbound' into 6 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.411972000 terraform.parser.<mgmt_nsg_rules>.evaluator Starting submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.411989000 terraform.parser.<mgmt_nsg_rules>.evaluator All submodules are evaluated at i=0
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.412002000 terraform.parser.<mgmt_nsg_rules>.evaluator Starting post-submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.417055000 terraform.parser.<mgmt_nsg_rules>.evaluator Finished processing 0 submodule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.417104000 terraform.parser.<mgmt_nsg_rules>.evaluator Module evaluation complete.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.431899000 terraform.parser.<root>.evaluator Submodule api_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.432116000 terraform.parser.<root>.evaluator Submodule data_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.432364000 terraform.parser.<root>.evaluator Submodule dmz_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.432547000 terraform.parser.<root>.evaluator Submodule dns_resolver_inbound_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.432671000 terraform.parser.<root>.evaluator Submodule dns_resolver_outbound_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.432937000 terraform.parser.<root>.evaluator Submodule mgmt_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.433070000 terraform.parser.<root>.evaluator Evaluating submodule web_nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.433105000 terraform.parser.<web_nsg_rules>.evaluator Filesystem key is '6066d1a6e43365d5a5fbadf49b4b930eef03c727c8bc9b80dc5b5112c46afd15'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.433122000 terraform.parser.<web_nsg_rules>.evaluator Starting module evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.436799000 terraform.parser.<web_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.inbound' into 5 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.437771000 terraform.parser.<web_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.outbound' into 5 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.437802000 terraform.parser.<web_nsg_rules>.evaluator Starting submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.437818000 terraform.parser.<web_nsg_rules>.evaluator All submodules are evaluated at i=0
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.437831000 terraform.parser.<web_nsg_rules>.evaluator Starting post-submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.442392000 terraform.parser.<web_nsg_rules>.evaluator Finished processing 0 submodule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.442432000 terraform.parser.<web_nsg_rules>.evaluator Module evaluation complete.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.458043000 terraform.parser.<root>.evaluator Submodule api_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.458263000 terraform.parser.<root>.evaluator Submodule data_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.458485000 terraform.parser.<root>.evaluator Submodule dmz_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.458608000 terraform.parser.<root>.evaluator Submodule dns_resolver_inbound_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.458764000 terraform.parser.<root>.evaluator Submodule dns_resolver_outbound_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.459098000 terraform.parser.<root>.evaluator Submodule mgmt_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.459433000 terraform.parser.<root>.evaluator Submodule web_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.459949000 terraform.parser.<root>.evaluator Evaluating submodule worker_nsg_rules
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.459995000 terraform.parser.<worker_nsg_rules>.evaluator Filesystem key is '6066d1a6e43365d5a5fbadf49b4b930eef03c727c8bc9b80dc5b5112c46afd15'
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.460013000 terraform.parser.<worker_nsg_rules>.evaluator Starting module evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.471611000 terraform.parser.<worker_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.inbound' into 13 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.474392000 terraform.parser.<worker_nsg_rules>.evaluator Expanded block 'azurerm_network_security_rule.outbound' into 13 clones via 'for_each' attribute.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.474452000 terraform.parser.<worker_nsg_rules>.evaluator Starting submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.474472000 terraform.parser.<worker_nsg_rules>.evaluator All submodules are evaluated at i=0
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.474485000 terraform.parser.<worker_nsg_rules>.evaluator Starting post-submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.500467000 terraform.parser.<worker_nsg_rules>.evaluator Finished processing 0 submodule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.500522000 terraform.parser.<worker_nsg_rules>.evaluator Module evaluation complete.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.517188000 terraform.parser.<root>.evaluator Submodule api_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.517423000 terraform.parser.<root>.evaluator Submodule data_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.517655000 terraform.parser.<root>.evaluator Submodule dmz_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.517779000 terraform.parser.<root>.evaluator Submodule dns_resolver_inbound_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.517905000 terraform.parser.<root>.evaluator Submodule dns_resolver_outbound_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.518160000 terraform.parser.<root>.evaluator Submodule mgmt_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.518426000 terraform.parser.<root>.evaluator Submodule web_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.519129000 terraform.parser.<root>.evaluator Submodule worker_nsg_rules inputs unchanged
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.519154000 terraform.parser.<root>.evaluator All submodules are evaluated at i=8
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.519168000 terraform.parser.<root>.evaluator Starting post-submodule evaluation...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.529597000 terraform.parser.<root>.evaluator Finished processing 8 submodule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.529654000 terraform.parser.<root>.evaluator Module evaluation complete.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.529695000 terraform.parser.<root>          Finished parsing module 'root'.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.529747000 terraform.parser.<root>.evaluator Added module output nat=cty.ObjectVal(map[string]cty.Value{"id":cty.StringVal("8b5808ac-65bf-4a0d-8d2f-a83db536b295"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "sku_name":cty.StringVal("Standard"), "tags":cty.NilVal}).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.529858000 terraform.parser.<root>.evaluator Added module output sg_map=cty.ObjectVal(map[string]cty.Value{"api":cty.ObjectVal(map[string]cty.Value{"id":cty.StringVal("c7de375f-f563-4172-92d9-f0078d67201b"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "tags":cty.NilVal}), "data":cty.ObjectVal(map[string]cty.Value{"id":cty.StringVal("02cf4dad-d9c2-4d7a-8f67-aa7ba949fa53"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "tags":cty.NilVal}), "dmz":cty.ObjectVal(map[string]cty.Value{"id":cty.StringVal("d5170e55-1795-4e1f-af4b-36c82490d6f9"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "tags":cty.NilVal}), "dnsr_in":cty.ObjectVal(map[string]cty.Value{"id":cty.StringVal("4359568f-90c0-451c-b4f5-d1c0d9456c1e"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "tags":cty.NilVal}), "dnsr_out":cty.ObjectVal(map[string]cty.Value{"id":cty.StringVal("efc0b6b9-f1a5-4d98-a01c-e2f115889962"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "tags":cty.NilVal}), "mgmt":cty.ObjectVal(map[string]cty.Value{"id":cty.StringVal("b2e1b363-36ae-4f27-a546-155eb71b2f39"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "tags":cty.NilVal}), "web":cty.ObjectVal(map[string]cty.Value{"id":cty.StringVal("920a7c20-4862-4d45-9b64-247dc73352e7"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "tags":cty.NilVal}), "worker":cty.ObjectVal(map[string]cty.Value{"id":cty.StringVal("d1c78f71-e0f4-466d-a887-9c407c843463"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "tags":cty.NilVal})}).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.530043000 terraform.parser.<root>.evaluator Added module output subnet_map=cty.ObjectVal(map[string]cty.Value{"api":cty.ObjectVal(map[string]cty.Value{"address_prefixes":cty.TupleVal([]cty.Value{cty.DynamicVal}), "id":cty.StringVal("2fb3ea07-3424-4d93-bb46-587cc3f178f2"), "name":cty.NilVal, "private_link_service_network_policies_enabled":cty.False, "resource_group_name":cty.NilVal, "virtual_network_name":cty.NilVal}), "data":cty.ObjectVal(map[string]cty.Value{"address_prefixes":cty.TupleVal([]cty.Value{cty.DynamicVal}), "id":cty.StringVal("b291e428-190b-47e5-b8b1-ccd91ba01100"), "name":cty.NilVal, "private_link_service_network_policies_enabled":cty.False, "resource_group_name":cty.NilVal, "service_endpoints":cty.TupleVal([]cty.Value{cty.StringVal("Microsoft.Storage"), cty.StringVal("Microsoft.KeyVault")}), "virtual_network_name":cty.NilVal}), "dmz":cty.ObjectVal(map[string]cty.Value{"address_prefixes":cty.TupleVal([]cty.Value{cty.DynamicVal}), "id":cty.StringVal("effd051e-df11-42e8-8af2-67b9f04c12f8"), "name":cty.NilVal, "private_link_service_network_policies_enabled":cty.False, "resource_group_name":cty.NilVal, "virtual_network_name":cty.NilVal}), "dnsr_in":cty.ObjectVal(map[string]cty.Value{"address_prefixes":cty.TupleVal([]cty.Value{cty.DynamicVal}), "id":cty.StringVal("390c26af-9b45-41fa-8f85-ec245ea2eb6c"), "name":cty.NilVal, "private_link_service_network_policies_enabled":cty.False, "resource_group_name":cty.NilVal, "virtual_network_name":cty.NilVal}), "dnsr_out":cty.ObjectVal(map[string]cty.Value{"address_prefixes":cty.TupleVal([]cty.Value{cty.DynamicVal}), "id":cty.StringVal("d66aa7a8-7ec5-4d25-a449-73bb2a8130aa"), "name":cty.NilVal, "private_link_service_network_policies_enabled":cty.False, "resource_group_name":cty.NilVal, "virtual_network_name":cty.NilVal}), "mgmt":cty.ObjectVal(map[string]cty.Value{"address_prefixes":cty.TupleVal([]cty.Value{cty.DynamicVal}), "id":cty.StringVal("022439b8-ebd6-4b06-a6df-907352e08435"), "name":cty.NilVal, "private_link_service_network_policies_enabled":cty.False, "resource_group_name":cty.NilVal, "virtual_network_name":cty.NilVal}), "web":cty.ObjectVal(map[string]cty.Value{"address_prefixes":cty.TupleVal([]cty.Value{cty.DynamicVal}), "id":cty.StringVal("2f4cacbf-d5aa-4553-b973-ef8bfdb18386"), "name":cty.NilVal, "private_link_service_network_policies_enabled":cty.False, "resource_group_name":cty.NilVal, "virtual_network_name":cty.NilVal}), "worker":cty.ObjectVal(map[string]cty.Value{"address_prefixes":cty.TupleVal([]cty.Value{cty.DynamicVal}), "id":cty.StringVal("cc1a6c47-7776-4b92-922a-5c67e8319822"), "name":cty.NilVal, "private_link_service_network_policies_enabled":cty.False, "resource_group_name":cty.NilVal, "service_endpoints":cty.TupleVal([]cty.Value{cty.StringVal("Microsoft.Storage"), cty.StringVal("Microsoft.KeyVault"), cty.StringVal("Microsoft.ContainerRegistry")}), "virtual_network_name":cty.NilVal})}).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.530416000 terraform.parser.<root>.evaluator Added module output vnet=cty.ObjectVal(map[string]cty.Value{"address_space":cty.NilVal, "id":cty.StringVal("8aad1cb7-1a2f-49bb-be1e-2c6b6da60611"), "location":cty.NilVal, "name":cty.NilVal, "resource_group_name":cty.NilVal, "tags":cty.NilVal}).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.530579000 terraform.executor               Adapting modules...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.543761000 terraform.executor               Adapted 9 module(s) into defsec state data.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.543818000 terraform.executor               Using max routines of 11
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.543945000 terraform.executor               Initialized 487 rule(s).
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.543966000 terraform.executor               Created pool with 11 worker(s) to apply rules.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.561039000 terraform.scanner.rego           Scanning 1 inputs...
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.587536000 terraform.executor               Finished applying rules.
2024-07-09T08:15:39-05:00       DEBUG   [misconf] 15:39.587589000 terraform.executor               Applying ignores...
2024-07-09T08:15:40-05:00       DEBUG   OS is not detected.
2024-07-09T08:15:40-05:00       INFO    Detected config files   num=11
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="subnet_dmz.tf"
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="subnet_dnsr_in.tf"
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="subnet_dnsr_out.tf"
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="subnet_mgmt.tf"
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="subnet_web.tf"
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="subnet_worker.tf"
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path=""
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="."
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="subnet_data.tf"
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="nsg_rules/main.tf"
2024-07-09T08:15:40-05:00       DEBUG   Scanned config file     path="subnet_api.tf"
2024-07-09T08:15:40-05:00       DEBUG   Found an ignore file    path=".trivyignore"

nsg_rules/main.tf (terraform)

Tests: 2 (SUCCESSES: 0, FAILURES: 2, EXCEPTIONS: 0)
Failures: 2 (CRITICAL: 2)

CRITICAL: Security group rule allows egress to public internet.
═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
Network security rules should not use very broad subnets.

Where possible, segments should be broken into smaller subnets.

See https://avd.aquasec.com/misconfig/avd-azu-0051
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 nsg_rules/main.tf:54
   via nsg_rules/main.tf:31-59 (azurerm_network_security_rule.outbound["dns_resolver_to_corp_udp"])
    via subnet_dnsr_out.tf:36-91 (module.dns_resolver_outbound_nsg_rules)
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  31   resource "azurerm_network_security_rule" "outbound" {
  ..
  54 [   destination_address_prefix   = try(each.value.destination_address_prefix, null)
  ..
  59   }
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────


CRITICAL: Security group rule allows egress to public internet.
═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
Network security rules should not use very broad subnets.

Where possible, segments should be broken into smaller subnets.

See https://avd.aquasec.com/misconfig/avd-azu-0051
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 nsg_rules/main.tf:54
   via nsg_rules/main.tf:31-59 (azurerm_network_security_rule.outbound["dns_resolver_to_corp_tcp"])
    via subnet_dnsr_out.tf:36-91 (module.dns_resolver_outbound_nsg_rules)
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  31   resource "azurerm_network_security_rule" "outbound" {
  ..
  54 [   destination_address_prefix   = try(each.value.destination_address_prefix, null)
  ..
  59   }
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Version

Version: 0.53.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-07-09 00:18:30.980256974 +0000 UTC
  NextUpdate: 2024-07-09 06:18:30.980256813 +0000 UTC
  DownloadedAt: 2024-07-09 02:47:08.113915 +0000 UTC
Check Bundle:
  Digest: sha256:ef2d9ad4fce0f933b20a662004d7e55bf200987c180e7f2cd531af631f408bb3
  DownloadedAt: 2024-07-09 02:49:01.360072 +0000 UTC

Checklist

Read the documentation regarding wrong detection
Ran Trivy with -f json that shows data sources and confirmed that the security advisory in data sources was correct

simar7 · 2024-07-10T02:55:13Z

simar7
Jul 10, 2024
Maintainer

We should update the title in this case. The /0 implied it was egress to a public space but you're right it can be considered misleading. I'll cut an issue to track it.

1 reply

simar7 Jul 10, 2024
Maintainer

Track #7137

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AVD-AZU-0051 triggers on any public IP, not just /0 #7135

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

AVD-AZU-0051 triggers on any public IP, not just /0 #7135

chanster Jul 9, 2024

IDs

Description

Reproduction Steps

Target

Scanner

Target OS

Debug Output

Version

Checklist

Replies: 1 comment · 1 reply

simar7 Jul 10, 2024 Maintainer

simar7 Jul 10, 2024 Maintainer

chanster
Jul 9, 2024

Replies: 1 comment 1 reply

simar7
Jul 10, 2024
Maintainer

simar7 Jul 10, 2024
Maintainer