Steampipe mods are now Powerpipe →

Plugins Docs Home

turbot/oci_compliance

blockstorage_block_volume_cmk_encryption_enabled blockstorage_boot_volume_cmk_encryption_enabled cloudguard_enabled core_default_security_list_allow_icmp_only core_instance_encryption_in_transit_enabled core_instance_legacy_metadata_service_endpoint_disabled core_network_security_group_restrict_ingress_rdp_all core_network_security_group_restrict_ingress_ssh_all core_security_list_restrict_ingress_rdp_all core_security_list_restrict_ingress_ssh_all core_subnet_flow_log_enabled events_rule_notification_cloud_guard_problems_detected events_rule_notification_iam_group_changes events_rule_notification_iam_policy_changes events_rule_notification_iam_user_changes events_rule_notification_identity_provider_changes events_rule_notification_idp_group_mapping_changes events_rule_notification_network_gateway_changes events_rule_notification_network_security_list_changes events_rule_notification_route_table_changes events_rule_notification_security_list_changes events_rule_notification_vcn_changes filestorage_filesystem_cmk_encryption_enabled identity_administrator_user_with_no_api_key identity_auth_token_age_90 identity_authentication_password_policy_strong_min_length_14 identity_default_tag identity_iam_administrators_no_update_tenancy_administrators_group_permission identity_only_administrators_group_with_manage_all_resources_permission_in_tenancy identity_tenancy_audit_log_retention_period_365_days identity_tenancy_with_one_active_compartment identity_user_api_key_age_90 identity_user_console_access_mfa_enabled identity_user_customer_secret_key_age_90 identity_user_db_credential_age_90 identity_user_valid_email kms_cmk_rotation_365 manual_control notification_topic_with_subscription objectstorage_bucket_cmk_encryption_enabled objectstorage_bucket_public_access_blocked objectstorage_bucket_versioning_enabled oracle_autonomous_database_not_publicly_accessible

Query: identity_tenancy_with_one_active_compartment

Usage

powerpipe query oci_compliance.query.identity_tenancy_with_one_active_compartment

Steampipe Tables

oci_identity_compartment

oci_identity_tenancy

Oracle Cloud Infrastructure plugin

SQL

with compartment_count as (
  select
    count (compartment_id),
    tenant_id,
    tenant_name,
    _ctx
  from
    oci_identity_compartment
  where
    lifecycle_state = 'ACTIVE'
    and name <> 'ManagedCompartmentForPaaS'
  group by
    tenant_id,
    _ctx,
    tenant_name
)
select
  a.tenant_id as resource,
  case
    when a.count > 1 then 'ok'
    else 'alarm'
  end as status,
  case
    when a.count > 1 then a.count || ' compartments exist in tenancy.'
    else 'No additional compartments exist in tenancy.'
  end as reason,
  a.tenant_name as tenant
from
  compartment_count as a
  left join oci_identity_tenancy as b on b.tenant_id = a.tenant_id;

Controls

The query is being used by the following controls: