Mods

turbot/snowflake_compliance

GitHub
Overview
1Dashboards
18Controls
11Queries
3Variables
GitHub
iam_schema_managed_access_enablediam_user_at_least_two_users_with_accountadmin_roleiam_user_default_role_is_setiam_user_default_role_must_not_be_accountadminiam_user_with_accountadmin_role_have_emailiam_user_with_built_in_duo_mfa_enablediam_user_without_accountadmin_role_password_not_setmanual_controlmonitoring_user_password_rotated_regularlynetwork_policy_allowed_list_setnetwork_policy_blocked_list_set
On This Page
Usage
Plugins & Tables
SQL
Controls
Dashboards
Get Involved
Edit on GitHub
Discuss on Slack

Query: network_policy_blocked_list_set

Usage

steampipe query snowflake_compliance.query.network_policy_blocked_list_set

Plugins & Tables

snowflake_account_parameter
snowflake_network_policy
Snowflake plugin

SQL

with applied_network_policy as (
  select
    name,
    coalesce(blocked_ip_list, '') as blocked_ip_list,
    -- blocked_ip_list is optional therefore can be null
    account
  from
    snowflake_network_policy
  where
    name = (
      select
        value
      from
        snowflake_account_parameter
      where
        key = 'NETWORK_POLICY'
    )
),
analysis as (
  select
    name,
    to_jsonb ($1 :: text [ ]) < @ array_to_json(string_to_array(blocked_ip_list, ',')) :: jsonb as has_blocked_ips,
    to_jsonb ($1) - string_to_array(blocked_ip_list, ',', '') as missing_ips,
    account
  from
    applied_network_policy
)
select
  coalesce(analysis.name, sap.account) as resource,
  case
    when (
      select
        count(*)
      from
        applied_network_policy
      group by
        name
    ) is null then 'alarm'
    when has_blocked_ips then 'ok'
    else 'alarm'
  end as status,
  case
    when (
      select
        count(*)
      from
        applied_network_policy
      group by
        name
    ) is null then 'No network policy activated in the account.'
    when has_blocked_ips then name || ' has all blocked IPs.'
    else name || ' is missing blocked IPs: ' || array_to_string(
      array (
        select
          jsonb_array_elements_text(missing_ips)
      ),
      ', '
    ) || '.'
  end as reason,
  sap.account
from
  snowflake_account_parameter as sap
  left join analysis on sap.account = analysis.account
where
  key = 'NETWORK_POLICY';

Controls

The query is being used by the following controls: