Control: Key vault managed hardware security modules should not have prohibited tags
Description
Check if Key vault managed hardware security modules have any prohibited tags.
Usage
Run the control in your terminal:
powerpipe control run azure_tags.control.key_vault_managed_hardware_security_module_prohibited
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_tags.control.key_vault_managed_hardware_security_module_prohibited --share
Steampipe Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | prohibited_tags |
|
SQL
with analysis as ( select id, array_agg(k) as prohibited_tags from azure_key_vault_managed_hardware_security_module, jsonb_object_keys(tags) as k, unnest($1::text[]) as prohibited_key where k = prohibited_key group by id)select r.id as resource, case when a.prohibited_tags <> array[]::text[] then 'alarm' else 'ok' end as status, case when a.prohibited_tags <> array[]::text[] then r.title || ' has prohibited tags: ' || array_to_string(a.prohibited_tags, ', ') || '.' else r.title || ' has no prohibited tags.' end as reason, r.resource_group, r.subscription_idfrom azure_key_vault_managed_hardware_security_module as rfull outer join analysis as a on a.id = r.id;