fix some..in lint issues

assets/.regal/config.yml

@@ -49,7 +49,7 @@ rules:
       level: warn
     prefer-some-in-iteration:
       # https://docs.styra.com/regal/rules/style/prefer-some-in-iteration
-      level: ignore
+      level: warn
     prefer-snake-case:
       # https://docs.styra.com/regal/rules/style/prefer-snake-case
       level: ignore

assets/queries/terraform/aws/ec2_not_ebs_optimized/query.rego

@@ -2,16 +2,18 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_instance[name]
+	some document in input.document
+	resource := document.resource.aws_instance[name]
 
 	instanceType := get_instance_type(resource, "instance_type")
 	not common_lib.is_aws_ebs_optimized_by_default(instanceType)
 	resource.ebs_optimized == false
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_instance",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_instance[{{%s}}].ebs_optimized", [name]),
@@ -28,7 +30,8 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	module := input.document[i].module[name]
+	some document in input.document
+	module := document.module[name]
 	keyToCheck := common_lib.get_module_equivalent_key("aws", module.source, "aws_instance", "ebs_optimized")
 
 	instanceTypeKey := common_lib.get_module_equivalent_key("aws", module.source, "aws_instance", "instance_type")
@@ -37,7 +40,7 @@ CxPolicy[result] {
 	module[keyToCheck] == false
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "n/a",
 		"resourceName": "n/a",
 		"searchKey": sprintf("module[%s].ebs_optimized", [name]),
@@ -54,14 +57,15 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_instance[name]
+	some document in input.document
+	resource := document.resource.aws_instance[name]
 
 	instanceType := get_instance_type(resource, "instance_type")
 	not common_lib.is_aws_ebs_optimized_by_default(instanceType)
 	not common_lib.valid_key(resource, "ebs_optimized")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_instance",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_instance[{{%s}}]", [name]),
@@ -75,7 +79,8 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	module := input.document[i].module[name]
+	some document in input.document
+	module := document.module[name]
 	keyToCheck := common_lib.get_module_equivalent_key("aws", module.source, "aws_instance", "ebs_optimized")
 	instanceTypeKey := common_lib.get_module_equivalent_key("aws", module.source, "aws_instance", "instance_type")
 
@@ -84,7 +89,7 @@ CxPolicy[result] {
 	not common_lib.valid_key(module, keyToCheck)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "n/a",
 		"resourceName": "n/a",
 		"searchKey": sprintf("module[%s]", [name]),

assets/queries/terraform/aws/ecr_image_tag_not_immutable/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecr_repository[name]
+	some document in input.document
+	resource := document.resource.aws_ecr_repository[name]
 
 	not common_lib.valid_key(resource, "image_tag_mutability")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecr_repository",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecr_repository.%s", [name]),
@@ -23,12 +25,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecr_repository[name]
+	some document in input.document
+	resource := document.resource.aws_ecr_repository[name]
 
 	resource.image_tag_mutability == "MUTABLE"
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecr_repository",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecr_repository.%s.image_tag_mutability", [name]),

assets/queries/terraform/aws/ecr_repository_is_publicly_accessible/query.rego

@@ -2,18 +2,20 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecr_repository_policy[name]
+	some document in input.document
+	resource := document.resource.aws_ecr_repository_policy[name]
 	policy := common_lib.json_unmarshal(resource.policy)
 	st := common_lib.get_statement(policy)
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	tf_lib.anyPrincipal(statement)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecr_repository_policy",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecr_repository_policy[%s].policy", [name]),

assets/queries/terraform/aws/ecr_repository_not_encrypted/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecr_repository[name]
+	some document in input.document
+	resource := document.resource.aws_ecr_repository[name]
 
 	not common_lib.valid_key(resource, "encryption_configuration")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecr_repository",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecr_repository[%s]", [name]),
@@ -20,13 +22,14 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecr_repository[name]
+	some document in input.document
+	resource := document.resource.aws_ecr_repository[name]
 
 	common_lib.valid_key(resource, "encryption_configuration")
 	not valid_encryption_configuration(resource)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecr_repository",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecr_repository[%s].encryption_configuration", [name]),

assets/queries/terraform/aws/ecr_repository_without_policy/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource
+	some document in input.document
+	resource := document.resource
 	ecr_repo := resource.aws_ecr_repository[name]
 	check_policy(resource, name)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecr_repository",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecr_repository[%s]", [name]),

assets/queries/terraform/aws/ecs_cluster_container_insights_disabled/query.rego

@@ -1,14 +1,16 @@
 package Cx
 
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecs_cluster[name]
+	some document in input.document
+	resource := document.resource.aws_ecs_cluster[name]
 
 	not container_insights_enabled(resource)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecs_cluster",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecs_cluster[%s]", [name]),

assets/queries/terraform/aws/ecs_service_admin_role_is_present/query.rego

@@ -1,13 +1,15 @@
 package Cx
 
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecs_service[name]
+	some document in input.document
+	resource := document.resource.aws_ecs_service[name]
 	contains(lower(resource.iam_role), "admin")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecs_service",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecs_service[%s].iam_role", [name]),

assets/queries/terraform/aws/ecs_service_without_running_tasks/query.rego

@@ -2,15 +2,17 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecs_service[name]
+	some document in input.document
+	resource := document.resource.aws_ecs_service[name]
 
 	not checkContent(resource)
 	checkDesiredCount(resource)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecs_service",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecs_service[%s]", [name]),

assets/queries/terraform/aws/ecs_task_definition_network_mode_not_recommended/query.rego

@@ -2,13 +2,15 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecs_task_definition[name]
+	some document in input.document
+	resource := document.resource.aws_ecs_task_definition[name]
 	lower(resource.network_mode) != "awsvpc"
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecs_task_definition",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecs_task_definition[%s].network_mode", [name]),

assets/queries/terraform/aws/ecs_task_definition_volume_not_encrypted/query.rego

@@ -2,13 +2,15 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecs_task_definition[name]
+	some document in input.document
+	resource := document.resource.aws_ecs_task_definition[name]
 	resource.volume.efs_volume_configuration.transit_encryption == "DISABLED"
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecs_task_definition",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecs_task_definition[{{%s}}].volume.efs_volume_configuration.transit_encryption", [name]),
@@ -25,12 +27,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecs_task_definition[name]
+	some document in input.document
+	resource := document.resource.aws_ecs_task_definition[name]
 	enc := resource.volume.efs_volume_configuration
 	not common_lib.valid_key(enc, "transit_encryption")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecs_task_definition",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecs_task_definition[{{%s}}].volume.efs_volume_configuration", [name]),
@@ -44,12 +47,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ecs_task_definition[name]
+	some document in input.document
+	resource := document.resource.aws_ecs_task_definition[name]
 	volume := resource.volume
 	not common_lib.valid_key(volume, "efs_volume_configuration")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_ecs_task_definition",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ecs_task_definition[{{%s}}].volume", [name]),

assets/queries/terraform/aws/efs_not_encrypted/query.rego

@@ -2,13 +2,15 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	efs := input.document[i].resource.aws_efs_file_system[name]
+	some document in input.document
+	efs := document.resource.aws_efs_file_system[name]
 	efs.encrypted == false
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_efs_file_system",
 		"resourceName": tf_lib.get_resource_name(efs, name),
 		"searchKey": sprintf("aws_efs_file_system[%s].encrypted", [name]),
@@ -25,11 +27,12 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	efs := input.document[i].resource.aws_efs_file_system[name]
+	some document in input.document
+	efs := document.resource.aws_efs_file_system[name]
 	not common_lib.valid_key(efs, "encrypted")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_efs_file_system",
 		"resourceName": tf_lib.get_resource_name(efs, name),
 		"searchKey": sprintf("aws_efs_file_system[%s]", [name]),

assets/queries/terraform/aws/efs_with_vulnerable_policy/query.rego

@@ -2,20 +2,22 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_efs_file_system_policy[name]
+	some document in input.document
+	resource := document.resource.aws_efs_file_system_policy[name]
 
 	policy := common_lib.json_unmarshal(resource.policy)
 	st := common_lib.get_statement(policy)
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	not common_lib.valid_key(statement, "Condition")
 	common_lib.has_wildcard(statement, "elasticfilesystem:*")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "aws_efs_file_system_policy",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_efs_file_system_policy[%s].policy", [name]),