Loading controls...

Control: Key vault managed hardware security modules should not have prohibited tags

Description

Check if Key vault managed hardware security modules have any prohibited tags.

Usage

Run the control in your terminal:

steampipe check azure_tags.control.key_vault_managed_hardware_security_module_prohibited

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share azure_tags.control.key_vault_managed_hardware_security_module_prohibited

Plugins & Tables

azure_key_vault_managed_hardware_security_module

Params

Args	Name	Default	Description	Variable
$1	prohibited_tags	`["Password","Key"]`		prohibited_tags

SQL

with analysis as (
  select
    id,
    array_agg(k) as prohibited_tags
  from
    azure_key_vault_managed_hardware_security_module,
    jsonb_object_keys(tags) as k,
    unnest($1 :: text [ ]) as prohibited_key
  where
    k = prohibited_key
  group by
    id
)
select
  r.id as resource,
  case
    when a.prohibited_tags <> array [ ] :: text [ ] then 'alarm'
    else 'ok'
  end as status,
  case
    when a.prohibited_tags <> array [ ] :: text [ ] then r.title || ' has prohibited tags: ' || array_to_string(a.prohibited_tags, ', ') || '.'
    else r.title || ' has no prohibited tags.'
  end as reason,
  r.resource_group,
  r.subscription_id
from
  azure_key_vault_managed_hardware_security_module as r
  full outer join analysis as a on a.id = r.id;

turbot/azure_tags

Control: Key vault managed hardware security modules should not have prohibited tags

Description

Usage

Plugins & Tables

Params

SQL

Steampipe

Resources

Community