Table: guardrails_policy_value - Query Guardrails Policy Values using SQL

Guardrails is a policy as code service that enables users to manage and enforce policies across their infrastructure. It allows users to define policy values that dictate the desired state of system configuration. These policy values can be used to ensure compliance, enforce security measures, and manage resource configurations.

Table Usage Guide

The guardrails_policy_value table provides insights into Guardrails policy values. As a system administrator or a compliance manager, explore policy-specific details through this table, including policy value, associated metadata, and the desired state of system configuration. Utilize it to uncover information about policy values, such as those associated with specific compliance requirements, and to verify the desired state of system configuration.

Important Notes

When querying this table, we recommend using at least one of these columns (usually in the where clause):
- state
- policy_type_id
- resource_type_id
- resource_type_uri
- filter

Examples

List policy values by policy type ID

Explore specific policy values based on their type ID to understand their status, defaults, and calculations. This can help in analyzing and managing guardrail policies effectively.

select
  id,
  state,
  is_default,
  is_calculated,
  policy_type_id,
  type_mod_uri
from
  guardrails_policy_value
where
  policy_type_id = 221505068398189;

select
  id,
  state,
  is_default,
  is_calculated,
  policy_type_id,
  type_mod_uri
from
  guardrails_policy_value
where
  policy_type_id = 221505068398189;

List policy values by resource ID

Identify the status and types of policy values associated with a specific resource. This can aid in understanding the configuration and management of that resource.

select
  id,
  state,
  is_default,
  is_calculated,
  resource_id,
  type_mod_uri
from
  guardrails_policy_value
where
  resource_id = 161587219904115;

select
  id,
  state,
  is_default,
  is_calculated,
  resource_id,
  type_mod_uri
from
  guardrails_policy_value
where
  resource_id = 161587219904115;

List non-default calculated policy values

Analyze the settings to understand the non-standard calculated policy values. This is beneficial in identifying any deviations from the default settings, which could potentially impact resource management and security.

select
  id,
  state,
  is_default,
  is_calculated,
  resource_type_id,
  type_mod_uri
from
  guardrails_policy_value
where
  is_calculated
  and not is_default;

select
  id,
  state,
  is_default,
  is_calculated,
  resource_type_id,
  type_mod_uri
from
  guardrails_policy_value
where
  is_calculated = 1
  and not is_default = 1;

Filter policy values using Turbot filter syntax

Analyze the settings to understand the status of different policy values, specifically those that are currently in an 'ok' state. This allows for efficient monitoring and management of system policies.

select
  id,
  state,
  is_default,
  is_calculated,
  policy_type_id,
  resource_id,
  resource_type_id
from
  guardrails_policy_value
where
  filter = 'state:ok';

select
  id,
  state,
  is_default,
  is_calculated,
  policy_type_id,
  resource_id,
  resource_type_id
from
  guardrails_policy_value
where
  filter = 'state:ok';

Schema for guardrails_policy_value

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
create_timestamp	timestamp with time zone		When the policy value was first set by Turbot. (It may have been created earlier.)
dependent_controls	jsonb		The controls that depends on this policy value.
dependent_policy_values	jsonb		The policy values that depends on this policy value.
filter	text	=	Filter used for this policy value list.
id	bigint		Unique identifier of the policy value.
is_calculated	boolean		If true this value is derived from calculated setting inputs e.g. templateInput and template.
is_default	boolean		If true this value is derived from the default value of the type.
policy_type_default_template	text		Default template used to calculate template-based policy values. Should be a Jinja based YAML string.
policy_type_id	bigint	=	ID of the policy type for this policy value.
policy_type_title	text		Title of the policy type.
policy_type_trunk_title	text		Title with full path of the policy type.
precedence	text		Precedence of the setting: REQUIRED or RECOMMENDED.
resource_id	bigint	=	ID of the resource for the policy value.
resource_trunk_title	text		Full title (including ancestor trunk) of the resource.
resource_type_id	bigint	=	ID of the resource type for this policy setting.
secret_value	text		Secrect value of the policy value.
setting_id	bigint		Policy setting Id for the policy value.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
state	text	=	State of the policy value.
timestamp	timestamp with time zone		Timestamp when the policy value was last modified (created, updated or deleted).
type_mod_uri	text		URI of the mod that contains the policy value.
update_timestamp	timestamp with time zone		When the policy value was last updated in Turbot.
value	text		Value of the policy value.
version_id	bigint		Unique identifier for this version of the policy value.
workspace	text		Specifies the workspace URL.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- guardrails

You can pass the configuration to the command with the --config argument:

steampipe_export_guardrails --config '<your_config>' guardrails_policy_value