GCS Bucket Logging Checks with Undetermined Value

[DustinChaloupka]

Describe the issue
For check IDs CKV_GCP_62 and CKV_GCP_63, the terraform plan json is checked for a logging.*.log_bucket value, which does not exist when configured with an undetermined value like including a random string.

Examples

resource "random_id" "log_bucket" {
  byte_length = 4
}

resource "google_storage_bucket" "main" {
  name     = "my-bucket"
  project  = "my-project"
  location = "US"
  logging {
    log_bucket        = "other-bucket-${random_id.log_bucket.hex}"
    log_object_prefix = "my-prefix/"
  }
}

The above terraform configuration shows the following in the terraform plan json:

                "logging": [
                  {
                    "log_object_prefix": "my-prefix/"
                  }
                ],

since the random_id resource is unknown at plan time.

FWIW, there is a section in the plan json that shows it has a reference to another resource and will be configured:

        {
          "address": "google_storage_bucket.main",
          "mode": "managed",
          "type": "google_storage_bucket",
          "name": "main",
          "provider_config_key": "google",
          "expressions": {
            "location": {
              "constant_value": "US"
            },
            "logging": [
              {
                "log_bucket": {
                  "references": [
                    "random_id.log_bucket.hex",
                    "random_id.log_bucket"
                  ]
                },
                "log_object_prefix": {
                  "constant_value": "my-prefix/"
                }
              }
            ],

Version (please complete the following information):

• Checkov Version: 3.2.510

Additional context
This is a unique scenario where both the randomly generated logging bucket and specific bucket that uses it are configured together.