Azurerm_storage_account make sure that omitting to log is safe here

Clean Code Report False-positive / False-negative...
1

Sonarcloud is scanning our terraform code for the azurerm_storage_account resource.

It reports this:

make sure that omitting to log is safe here

But there is no text in how can I fix this to show what to do. I am wondering if it wants me to add a logging block, but this is only relevant inside a queue_properties block. And I am not using queues.

My code is:

resource "azurerm_storage_account" "cdn_storage_account" {
  tags                     = local.tags
  name                     = "${local.stgname}stor07"
  location                 = azurerm_resource_group.keyvault_resource_group.location
  resource_group_name      = azurerm_resource_group.keyvault_resource_group.name
  account_tier             = "Standard"
  account_replication_type = "ZRS"
  min_tls_version          = "TLS1_2"
}

I think this is related to Azurerm_storage_account incorrectly flags log configuration - #3 by kensykora

2

I added this block:

  queue_properties {
    logging {
      delete                = true
      read                  = true
      write                 = true
      version               = 1
      retention_policy_days = 1
    }
  }

and it removed the sonarcloud issue. But we are not using storage queues. We are using blobs.

So I think this is a false positive.

3

Hi,

What language is the file this is raised in?

 
Thx,
Ann

4

Hi, this is terraform

1 Like
6

Hi,

Thanks. I’ve flagged this for the language experts.

 
Ann

10

Hi Scott,

This is indeed a false positive and it is related to the other post you mentioned. We have a pending internal ticket to address this issue but it is not yet implemented.

Regards

Sebastien

11

Ok - Thanks for the info. We will ignore this alert.