turbot/azure_tags

Control: ExpressRoute circuits should not have prohibited tags

Description

Check if ExpressRoute circuits have any prohibited tags.

Usage

Run the control in your terminal:

powerpipe control run azure_tags.control.express_route_circuit_prohibited

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_tags.control.express_route_circuit_prohibited --share

Steampipe Tables

Params

ArgsNameDefaultDescriptionVariable
$1prohibited_tags
["Password","Key"]

SQL

with analysis as (
select
id,
array_agg(k) as prohibited_tags,
_ctx,
resource_group,
subscription_id,
tags,
region
from
azure_express_route_circuit,
jsonb_object_keys(tags) as k,
unnest($1::text[]) as prohibited_key
where
k = prohibited_key
group by
id,
_ctx,
resource_group,
tags,
subscription_id,
region
)
select
r.id as resource,
case
when a.prohibited_tags <> array[]::text[] then 'alarm'
else 'ok'
end as status,
case
when a.prohibited_tags <> array[]::text[] then r.title || ' has prohibited tags: ' || array_to_string(a.prohibited_tags, ', ') || '.'
else r.title || ' has no prohibited tags.'
end as reason
, r.subscription_id as subscription_id
from
azure_express_route_circuit as r
full outer join
analysis as a on a.id = r.id;