turbot/terraform_oci_compliance
GitHub

Query: vcn_inbound_security_lists_are_stateless

Usage

steampipe query terraform_oci_compliance.query.vcn_inbound_security_lists_are_stateless

Plugins & Tables

SQL

with all_security_rules as (
select
*
from
terraform_resource
where
type = 'oci_core_security_list'
),
non_complaint as (
select
name,
count(name) as count
from
all_security_rules,
jsonb_array_elements(
case
jsonb_typeof(attributes_std -> 'ingress_security_rules')
when 'array' then (attributes_std -> 'ingress_security_rules')
else null
end
) as p
where
p ->> 'stateless' is not null
and (p ->> 'stateless') :: bool is not true
group by
name
)
select
a.address as resource,
case
when b.count > 0
or (
a.attributes_std -> 'ingress_security_rules' ->> 'stateless' is not null
and (
a.attributes_std -> 'ingress_security_rules' ->> 'stateless'
) :: bool is not true
) then 'alarm'
when (
a.attributes_std ->> 'ingress_security_rules' is null
) then 'skip'
else 'ok'
end as status,
split_part(a.address, '.', 2) || case
when b.count > 0
or (
a.attributes_std -> 'ingress_security_rules' ->> 'stateless' is not null
and (
a.attributes_std -> 'ingress_security_rules' ->> 'stateless'
) :: bool is not true
) then ' has stateful ingress security rules'
when (
a.attributes_std ->> 'ingress_security_rules' is null
) then ' has no ingress security rules'
else ' has stateless ingress security rules'
end || '.' reason,
path || ':' || start_line
from
all_security_rules as a
left join non_complaint as b on a.name = b.name;

Controls

The query is being used by the following controls: