turbot/gcp_labels
GitHub
Loading controls...

Control: Bigtable instances should not have prohibited labels

Description

Check if Bigtable instances have any prohibited labels.

Usage

Run the control in your terminal:

steampipe check gcp_labels.control.bigtable_instance_prohibited

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share gcp_labels.control.bigtable_instance_prohibited

Plugins & Tables

Params

ArgsNameDefaultDescriptionVariable
$1prohibited_labels
["Password","Key"]

SQL

with analysis as (
select
self_link,
array_agg(k) as prohibited_labels
from
gcp_bigtable_instance,
jsonb_object_keys(labels) as k,
unnest($1 :: text [ ]) as prohibited_key
where
k = prohibited_key
group by
self_link
)
select
r.self_link as resource,
case
when a.prohibited_labels <> array [ ] :: text [ ] then 'alarm'
else 'ok'
end as status,
case
when a.prohibited_labels <> array [ ] :: text [ ] then r.title || ' has prohibited labels: ' || array_to_string(a.prohibited_labels, ', ') || '.'
else r.title || ' has no prohibited labels.'
end as reason,
r.location,
r.project
from
gcp_bigtable_instance as r
full outer join analysis as a on a.self_link = r.self_link