Control: Data lake stores should not have prohibited tags
Description
Check if Data lake stores have any prohibited tags.
Usage
Run the control in your terminal:
powerpipe control run azure_tags.control.data_lake_store_prohibited
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_tags.control.data_lake_store_prohibited --share
Steampipe Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | prohibited_tags |
|
SQL
with analysis as ( select id, array_agg(k) as prohibited_tags from azure_data_lake_store, jsonb_object_keys(tags) as k, unnest($1::text[]) as prohibited_key where k = prohibited_key group by id)select r.id as resource, case when a.prohibited_tags <> array[]::text[] then 'alarm' else 'ok' end as status, case when a.prohibited_tags <> array[]::text[] then r.title || ' has prohibited tags: ' || array_to_string(a.prohibited_tags, ', ') || '.' else r.title || ' has no prohibited tags.' end as reason, r.resource_group, r.subscription_idfrom azure_data_lake_store as rfull outer join analysis as a on a.id = r.id;