Table: turbot_policy_setting
Policy settings in Turbot are policy definitions assigned to resources and then applied throughout the hierarchy below (policy values).
It is recommended that queries to this table specify (usually in the where clause) at least one
of these columns: id, resource_id, exception, orphan, policy_type_id,
policy_type_uri or filter.
Examples
Find all policy settings that are exceptions to another policy
select policy_type_uri, resource_id, is_calculated, exception, valuefrom turbot_policy_settingwhere exception;List policy settings with full resource and policy type information
select r.trunk_title as resource, pt.trunk_title as policy_type, ps.value, ps.is_calculated, ps.exceptionfrom turbot_policy_setting as ps left join turbot_policy_type as pt on pt.id = ps.policy_type_id left join turbot_resource as r on r.id = ps.resource_id;All policy settings set on a given resource
select r.trunk_title as resource, ps.resource_id, pt.trunk_title as policy_type, ps.value, ps.is_calculatedfrom turbot_policy_setting as ps left join turbot_policy_type as pt on pt.id = ps.policy_type_id left join turbot_resource as r on r.id = ps.resource_idwhere ps.resource_id = 173434983560398;All policy settings set on a given resource or below
select r.trunk_title as resource, ps.resource_id, pt.trunk_title as policy_type, ps.value, ps.is_calculatedfrom turbot_policy_setting as ps left join turbot_policy_type as pt on pt.id = ps.policy_type_id left join turbot_resource as r on r.id = ps.resource_idwhere ps.filter = 'resourceId:173434983560398 level:self,descendant';All policy settings related to AWS > S3 > Bucket
select r.trunk_title as resource, ps.resource_id, pt.trunk_title as policy_type, ps.value, ps.is_calculatedfrom turbot_policy_setting as ps left join turbot_policy_type as pt on pt.id = ps.policy_type_id left join turbot_resource as r on r.id = ps.resource_idwhere ps.filter = 'resourceTypeId:"tmod:@turbot/aws-s3#/resource/types/bucket"';Schema for turbot_policy_setting
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| create_timestamp | timestamp with time zone | When the policy setting was first discovered by Turbot. (It may have been created earlier.) | |
| default | boolean | True if this policy setting is the default. | |
| exception | boolean | = | True if this setting is an exception to a higher level setting. |
| filter | text | = | Filter used for this policy setting list. |
| id | bigint | = | Unique identifier of the policy setting. |
| input | text | For calculated policy settings, this is the input GraphQL query. | |
| is_calculated | boolean | True if this is a policy setting will be calculated for each value. | |
| note | text | Optional note or comment for the setting. | |
| orphan | boolean | = | True if this setting is orphaned by a higher level setting. |
| policy_type_id | bigint | = | ID of the policy type for this policy setting. |
| policy_type_trunk_title | text | Full title (including ancestor trunk) of the policy type. | |
| policy_type_uri | text | = | URI of the policy type for this policy setting. |
| precedence | text | Precedence of the setting: REQUIRED or RECOMMENDED. | |
| resource_id | bigint | = | ID of the resource this policy setting is associated with. |
| resource_trunk_title | text | Full title (including ancestor trunk) of the resource. | |
| template | text | For a calculated policy setting, this is the nunjucks template string defining a YAML string which is parsed to get the value. | |
| template_input | text | For calculated policy settings, this GraphQL query is run and used as input to the template. | |
| timestamp | timestamp with time zone | Timestamp when the policy setting was last modified (created, updated or deleted). | |
| update_timestamp | timestamp with time zone | When the policy setting was last updated in Turbot. | |
| valid_from_timestamp | timestamp with time zone | Timestamp when the policy setting becomes valid. | |
| valid_to_timestamp | timestamp with time zone | Timestamp when the policy setting expires. | |
| value | text | Value of the policy setting (for non-calculated policy settings). | |
| value_source | text | The raw value in YAML format. If the setting was made via YAML template including comments, these will be included here. | |
| version_id | bigint | Unique identifier for this version of the policy setting. | |
| workspace | text | Specifies the workspace URL. |