fix some..in lint issues with input.document iteration

assets/queries/terraform/azure/azure_active_directory_authentication/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	active := input.document[i].resource.azurerm_service_fabric_cluster[name].azure_active_directory
+	some document in input.document
+	active := document.resource.azurerm_service_fabric_cluster[name].azure_active_directory
 
 	not common_lib.valid_key(active, "tenant_id")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_service_fabric_cluster",
 		"resourceName": tf_lib.get_resource_name(active, name),
 		"searchKey": sprintf("azurerm_service_fabric_cluster[%s].azure_active_directory", [name]),
@@ -21,12 +23,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	azure := input.document[i].resource.azurerm_service_fabric_cluster[name]
+	some document in input.document
+	azure := document.resource.azurerm_service_fabric_cluster[name]
 
 	not common_lib.valid_key(azure, "azure_active_directory")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_service_fabric_cluster",
 		"resourceName": tf_lib.get_resource_name(azure, name),
 		"searchKey": sprintf("azurerm_service_fabric_cluster[%s]", [name]),

assets/queries/terraform/azure/azure_app_service_client_certificate_disabled/query.rego

@@ -2,15 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	doc := input.document[i]
-	resource := doc.resource.azurerm_app_service[name]
+	some document in input.document
+	resource := document.resource.azurerm_app_service[name]
 
 	not common_lib.valid_key(resource, "client_cert_enabled")
 
 	result := {
-		"documentId": doc.id,
+		"documentId": document.id,
 		"resourceType": "azurerm_app_service",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("azurerm_app_service[%s]", [name]),
@@ -24,13 +25,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	doc := input.document[i]
-	resource := doc.resource.azurerm_app_service[name]
+	some document in input.document
+	resource := document.resource.azurerm_app_service[name]
 
 	resource.client_cert_enabled == false
 
 	result := {
-		"documentId": doc.id,
+		"documentId": document.id,
 		"resourceType": "azurerm_app_service",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("azurerm_app_service[%s].client_cert_enabled", [name]),

assets/queries/terraform/azure/azure_cognitive_search_public_network_access_enabled/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	search := input.document[i].resource.azurerm_search_service[name]
+	some document in input.document
+	search := document.resource.azurerm_search_service[name]
 
 	not common_lib.valid_key(search, "public_network_access_enabled")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_search_service",
 		"resourceName": tf_lib.get_resource_name(search, name),
 		"searchKey": sprintf("azurerm_search_service[%s]", [name]),
@@ -23,12 +25,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	search := input.document[i].resource.azurerm_search_service[name]
+	some document in input.document
+	search := document.resource.azurerm_search_service[name]
 
 	search.public_network_access_enabled == true
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_search_service",
 		"resourceName": tf_lib.get_resource_name(search, name),
 		"searchKey": sprintf("azurerm_search_service[%s].public_network_access_enabled", [name]),

assets/queries/terraform/azure/azure_container_registry_with_no_locks/query.rego

@@ -1,16 +1,18 @@
 package Cx
 
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resourceRegistry := input.document[i].resource.azurerm_container_registry[name]
-	resourceLock := input.document[i].resource.azurerm_management_lock[k]
+	some document in input.document
+	resourceRegistry := document.resource.azurerm_container_registry[name]
+	resourceLock := document.resource.azurerm_management_lock[k]
 
 	scopeSplitted := split(resourceLock.scope, ".")
 	not re_match(scopeSplitted[1], name)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_container_registry",
 		"resourceName": tf_lib.get_resource_name(resourceRegistry, name),
 		"searchKey": sprintf("azurerm_container_registry[%s]", [name]),

assets/queries/terraform/azure/azure_front_door_waf_disabled/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	door := input.document[i].resource.azurerm_frontdoor[name].frontend_endpoint
+	some document in input.document
+	door := document.resource.azurerm_frontdoor[name].frontend_endpoint
 
 	not common_lib.valid_key(door, "web_application_firewall_policy_link_id")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_frontdoor",
 		"resourceName": tf_lib.get_resource_name(door, name),
 		"searchKey": sprintf("azurerm_frontdoor[%s].frontend_endpoint", [name]),

assets/queries/terraform/azure/azure_instance_using_basic_authentication/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.terraform as tf_lib
 import future.keywords.if
+import future.keywords.in
 
 CxPolicy[result] {
-	vm := input.document[i].resource.azurerm_virtual_machine[name]
+	some document in input.document
+	vm := document.resource.azurerm_virtual_machine[name]
 	object.get(vm, "os_profile_linux_config", false)
 	vm.os_profile_linux_config.disable_password_authentication == false
 	resource_type := "azurerm_virtual_machine"
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": resource_type,
 		"resourceName": tf_lib.get_resource_name(vm, name),
 		"searchKey": sprintf("%s[%s].admin_ssh_key", [resource_type, name]),
@@ -20,11 +22,12 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	vm := input.document[i].resource.azurerm_linux_virtual_machine[name]
+	some document in input.document
+	vm := document.resource.azurerm_linux_virtual_machine[name]
 	vm.disable_password_authentication == false
 	resource_type := "azurerm_linux_virtual_machine"
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": resource_type,
 		"resourceName": tf_lib.get_resource_name(vm, name),
 		"searchKey": sprintf("%s[%s].admin_ssh_key", [resource_type, name]),

assets/queries/terraform/azure/cosmos_db_account_without_tags/query.rego

@@ -1,13 +1,15 @@
 package Cx
 
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.azurerm_cosmosdb_account[name]
+	some document in input.document
+	resource := document.resource.azurerm_cosmosdb_account[name]
 	not resource.tags
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_cosmosdb_account",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("azurerm_cosmosdb_account[%s]", [name]),

assets/queries/terraform/azure/cosmosdb_account_ip_range_filter_not_set/query.rego

@@ -1,14 +1,16 @@
 package Cx
 
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.azurerm_cosmosdb_account[name]
+	some document in input.document
+	resource := document.resource.azurerm_cosmosdb_account[name]
 
 	not resource.ip_range_filter
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_cosmosdb_account",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("azurerm_cosmosdb_account[%s].ip_range_filter", [name]),

assets/queries/terraform/azure/dashboard_is_enabled/query.rego

@@ -2,16 +2,18 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	cluster := input.document[i].resource.azurerm_kubernetes_cluster[name]
+	some document in input.document
+	cluster := document.resource.azurerm_kubernetes_cluster[name]
 	profile := cluster.addon_profile
 	kube := profile.kube_dashboard
 
 	kube.enabled == true
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_kubernetes_cluster",
 		"resourceName": tf_lib.get_resource_name(cluster, name),
 		"searchKey": sprintf("azurerm_kubernetes_cluster[%s].addon_profile.kube_dashboard.enabled", [name]),

assets/queries/terraform/azure/email_alerts_disabled/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.azurerm_security_center_contact[name]
+	some document in input.document
+	resource := document.resource.azurerm_security_center_contact[name]
 
 	resource.alert_notifications == false
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_security_center_contact",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("azurerm_security_center_contact[%s].alert_notifications", [name]),

assets/queries/terraform/azure/encryption_on_managed_disk_disabled/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource
+	some document in input.document
+	resource := document.resource
 	encryption := resource.azurerm_managed_disk[name]
 	not common_lib.valid_key(encryption, "encryption_settings")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_managed_disk",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("azurerm_managed_disk[%s]", [name]),
@@ -23,12 +25,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	resource := input.document[i].resource
+	some document in input.document
+	resource := document.resource
 	encryption := resource.azurerm_managed_disk[name]
 	encryption.encryption_settings.enabled == false
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_managed_disk",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("azurerm_managed_disk[%s].encryption_settings.enabled", [name]),

assets/queries/terraform/azure/firewall_rule_allows_too_many_hosts_to_access_redis_cache/query.rego

@@ -2,17 +2,19 @@ package Cx
 
 import data.generic.common as commonLib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	fire_rule := input.document[i].resource.azurerm_redis_firewall_rule[name]
+	some document in input.document
+	fire_rule := document.resource.azurerm_redis_firewall_rule[name]
 	occupied_hosts := commonLib.calc_IP_value(fire_rule.start_ip)
 	all_hosts := commonLib.calc_IP_value(fire_rule.end_ip)
 	available := abs(all_hosts - occupied_hosts)
 
 	available > 255
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_redis_firewall_rule",
 		"resourceName": tf_lib.get_resource_name(fire_rule, name),
 		"searchKey": sprintf("azurerm_redis_firewall_rule[%s].start_ip", [name]),

assets/queries/terraform/azure/function_app_authentication_disabled/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	function := input.document[i].resource.azurerm_function_app[name]
+	some document in input.document
+	function := document.resource.azurerm_function_app[name]
 
 	not common_lib.valid_key(function, "auth_settings")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_function_app",
 		"resourceName": tf_lib.get_resource_name(function, name),
 		"searchKey": sprintf("azurerm_function_app[%s]", [name]),
@@ -23,12 +25,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	function := input.document[i].resource.azurerm_function_app[name]
+	some document in input.document
+	function := document.resource.azurerm_function_app[name]
 
 	function.auth_settings.enabled != true
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_function_app",
 		"resourceName": tf_lib.get_resource_name(function, name),
 		"searchKey": sprintf("azurerm_function_app[%s].auth_settings.enabled", [name]),

assets/queries/terraform/azure/function_app_client_certificates_unrequired/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	function := input.document[i].resource.azurerm_function_app[name]
+	some document in input.document
+	function := document.resource.azurerm_function_app[name]
 
 	not common_lib.valid_key(function, "client_cert_mode")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_function_app",
 		"resourceName": tf_lib.get_resource_name(function, name),
 		"searchKey": sprintf("azurerm_function_app[%s]", [name]),
@@ -23,12 +25,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	function := input.document[i].resource.azurerm_function_app[name]
+	some document in input.document
+	function := document.resource.azurerm_function_app[name]
 
 	function.client_cert_mode != "Required"
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": "azurerm_function_app",
 		"resourceName": tf_lib.get_resource_name(function, name),
 		"searchKey": sprintf("azurerm_function_app[%s].client_cert_mode", [name]),