turbot/gcp_compliance

Query: kubernetes_cluster_node_no_default_service_account

Usage

powerpipe query gcp_compliance.query.kubernetes_cluster_node_no_default_service_account

Steampipe Tables

SQL

select
self_link resource,
case
when np -> 'config' ->> 'serviceAccount' = 'default' then 'alarm'
else 'ok'
end as status,
case
when np -> 'config' ->> 'serviceAccount' = 'default' then title || ' cluster ' || ( np ->> 'name' ) || ' uses default service account.'
else title || ' cluster ' || ( np ->> 'name' ) || ' does not uses default service account.'
end as reason
, location as location, project as project
from
gcp_kubernetes_cluster,
jsonb_array_elements(node_pools) as np;

Controls

The query is being used by the following controls: