turbot/azure_tags
Loading controls...

Control: Key vault managed hardware security modules should have mandatory tags

Description

Check if Key vault managed hardware security modules have mandatory tags.

Usage

Run the control in your terminal:

powerpipe control run azure_tags.control.key_vault_managed_hardware_security_module_mandatory

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_tags.control.key_vault_managed_hardware_security_module_mandatory --share

Steampipe Tables

Params

ArgsNameDefaultDescriptionVariable
$1mandatory_tags
["Environment","Owner"]

SQL

with analysis as (
select
id,
title,
tags ? & $1 as has_mandatory_tags,
to_jsonb($1) - array(
select
jsonb_object_keys(tags)
) as missing_tags,
resource_group,
subscription_id
from
azure_key_vault_managed_hardware_security_module
)
select
id as resource,
case
when has_mandatory_tags then 'ok'
else 'alarm'
end as status,
case
when has_mandatory_tags then title || ' has all mandatory tags.'
else title || ' is missing tags: ' || array_to_string(
array(
select
jsonb_array_elements_text(missing_tags)
),
', '
) || '.'
end as reason,
resource_group,
subscription_id
from
analysis;