Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/terraform_oci_compliance
Overview
8Dashboards
30Controls
30Queries
2Variables
GitHub

Query: vcn_inbound_security_lists_are_stateless

Usage

powerpipe query terraform_oci_compliance.query.vcn_inbound_security_lists_are_stateless

Steampipe Tables

terraform_resource
Terraform plugin

SQL

with all_security_rules as (
  select
    *
  from
    terraform_resource
  where
    type = 'oci_core_security_list'
),
non_complaint as (
  select
    name,
    count(name) as count
  from
    all_security_rules,
    jsonb_array_elements(
      case
        jsonb_typeof(attributes_std -> 'ingress_security_rules')
        when 'array' then (attributes_std -> 'ingress_security_rules')
        else null
      end
    ) as p
  where
    p ->> 'stateless' is not null
    and (p ->> 'stateless') :: bool is not true
  group by
    name
)
select
  a.address as resource,
  case
    when b.count > 0
    or (
      a.attributes_std -> 'ingress_security_rules' ->> 'stateless' is not null
      and (
        a.attributes_std -> 'ingress_security_rules' ->> 'stateless'
      ) :: bool is not true
    ) then 'alarm'
    when (
      a.attributes_std ->> 'ingress_security_rules' is null
    ) then 'skip'
    else 'ok'
  end as status,
  split_part(a.address, '.', 2) || case
    when b.count > 0
    or (
      a.attributes_std -> 'ingress_security_rules' ->> 'stateless' is not null
      and (
        a.attributes_std -> 'ingress_security_rules' ->> 'stateless'
      ) :: bool is not true
    ) then ' has stateful ingress security rules'
    when (
      a.attributes_std ->> 'ingress_security_rules' is null
    ) then ' has no ingress security rules'
    else ' has stateless ingress security rules'
  end || '.' reason,
  path || ':' || start_line
from
  all_security_rules as a
  left join non_complaint as b on a.name = b.name;

Controls

The query is being used by the following controls: