Control: Key vault keys should not have prohibited tags
Description
Check if Key vault keys have any prohibited tags.
Usage
Run the control in your terminal:
powerpipe control run azure_tags.control.key_vault_key_prohibited
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_tags.control.key_vault_key_prohibited --share
Steampipe Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | prohibited_tags |
|
SQL
with analysis as ( select id, array_agg(k) as prohibited_tags, _ctx, resource_group, subscription_id, tags, region from azure_key_vault_key, jsonb_object_keys(tags) as k, unnest($1::text[]) as prohibited_key where k = prohibited_key group by id, _ctx, resource_group, tags, subscription_id, region)select r.id as resource, case when a.prohibited_tags <> array[]::text[] then 'alarm' else 'ok' end as status, case when a.prohibited_tags <> array[]::text[] then r.title || ' has prohibited tags: ' || array_to_string(a.prohibited_tags, ', ') || '.' else r.title || ' has no prohibited tags.' end as reason , r.subscription_id as subscription_idfrom azure_key_vault_key as rfull outer join analysis as a on a.id = r.id;