Loading controls...
Control: Key vault managed hardware security modules should not have prohibited tags
Description
Check if Key vault managed hardware security modules have any prohibited tags.
Usage
Run the control in your terminal:
powerpipe control run azure_tags.control.key_vault_managed_hardware_security_module_prohibitedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_tags.control.key_vault_managed_hardware_security_module_prohibited --shareSteampipe Tables
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | prohibited_tags | |
SQL
with analysis as ( select id, array_agg(k) as prohibited_tags from azure_key_vault_managed_hardware_security_module, jsonb_object_keys(tags) as k, unnest($1 :: text [ ]) as prohibited_key where k = prohibited_key group by id)select r.id as resource, case when a.prohibited_tags <> array [ ] :: text [ ] then 'alarm' else 'ok' end as status, case when a.prohibited_tags <> array [ ] :: text [ ] then r.title || ' has prohibited tags: ' || array_to_string(a.prohibited_tags, ', ') || '.' else r.title || ' has no prohibited tags.' end as reason, r.resource_group, r.subscription_idfrom azure_key_vault_managed_hardware_security_module as r full outer join analysis as a on a.id = r.id;