turbot/guardrails
steampipe plugin install guardrails

Table: guardrails_policy_value - Query Guardrails Policy Values using SQL

Guardrails is a policy as code service that enables users to manage and enforce policies across their infrastructure. It allows users to define policy values that dictate the desired state of system configuration. These policy values can be used to ensure compliance, enforce security measures, and manage resource configurations.

Table Usage Guide

The guardrails_policy_value table provides insights into Guardrails policy values. As a system administrator or a compliance manager, explore policy-specific details through this table, including policy value, associated metadata, and the desired state of system configuration. Utilize it to uncover information about policy values, such as those associated with specific compliance requirements, and to verify the desired state of system configuration.

Important Notes

  • When querying this table, we recommend using at least one of these columns (usually in the where clause):
    • state
    • policy_type_id
    • resource_type_id
    • resource_type_uri
    • filter

Examples

List policy values by policy type ID

Explore specific policy values based on their type ID to understand their status, defaults, and calculations. This can help in analyzing and managing guardrail policies effectively.

select
id,
state,
is_default,
is_calculated,
policy_type_id,
type_mod_uri
from
guardrails_policy_value
where
policy_type_id = 221505068398189;
select
id,
state,
is_default,
is_calculated,
policy_type_id,
type_mod_uri
from
guardrails_policy_value
where
policy_type_id = 221505068398189;

List policy values by resource ID

Identify the status and types of policy values associated with a specific resource. This can aid in understanding the configuration and management of that resource.

select
id,
state,
is_default,
is_calculated,
resource_id,
type_mod_uri
from
guardrails_policy_value
where
resource_id = 161587219904115;
select
id,
state,
is_default,
is_calculated,
resource_id,
type_mod_uri
from
guardrails_policy_value
where
resource_id = 161587219904115;

List non-default calculated policy values

Analyze the settings to understand the non-standard calculated policy values. This is beneficial in identifying any deviations from the default settings, which could potentially impact resource management and security.

select
id,
state,
is_default,
is_calculated,
resource_type_id,
type_mod_uri
from
guardrails_policy_value
where
is_calculated
and not is_default;
select
id,
state,
is_default,
is_calculated,
resource_type_id,
type_mod_uri
from
guardrails_policy_value
where
is_calculated = 1
and not is_default = 1;

Filter policy values using Turbot filter syntax

Analyze the settings to understand the status of different policy values, specifically those that are currently in an 'ok' state. This allows for efficient monitoring and management of system policies.

select
id,
state,
is_default,
is_calculated,
policy_type_id,
resource_id,
resource_type_id
from
guardrails_policy_value
where
filter = 'state:ok';
select
id,
state,
is_default,
is_calculated,
policy_type_id,
resource_id,
resource_type_id
from
guardrails_policy_value
where
filter = 'state:ok';

Schema for guardrails_policy_value

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
create_timestamptimestamp with time zoneWhen the policy value was first set by Turbot. (It may have been created earlier.)
dependent_controlsjsonbThe controls that depends on this policy value.
dependent_policy_valuesjsonbThe policy values that depends on this policy value.
filtertext=Filter used for this policy value list.
idbigintUnique identifier of the policy value.
is_calculatedbooleanIf true this value is derived from calculated setting inputs e.g. templateInput and template.
is_defaultbooleanIf true this value is derived from the default value of the type.
policy_type_default_templatetextDefault template used to calculate template-based policy values. Should be a Jinja based YAML string.
policy_type_idbigint=ID of the policy type for this policy value.
policy_type_titletextTitle of the policy type.
policy_type_trunk_titletextTitle with full path of the policy type.
precedencetextPrecedence of the setting: REQUIRED or RECOMMENDED.
resource_idbigint=ID of the resource for the policy value.
resource_trunk_titletextFull title (including ancestor trunk) of the resource.
resource_type_idbigint=ID of the resource type for this policy setting.
secret_valuetextSecrect value of the policy value.
setting_idbigintPolicy setting Id for the policy value.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statetext=State of the policy value.
timestamptimestamp with time zoneTimestamp when the policy value was last modified (created, updated or deleted).
type_mod_uritextURI of the mod that contains the policy value.
update_timestamptimestamp with time zoneWhen the policy value was last updated in Turbot.
valuetextValue of the policy value.
version_idbigintUnique identifier for this version of the policy value.
workspacetextSpecifies the workspace URL.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- guardrails

You can pass the configuration to the command with the --config argument:

steampipe_export_guardrails --config '<your_config>' guardrails_policy_value