turbot/gcp_compliance

Query: storage_bucket_log_object_versioning_enabled

Usage

powerpipe query gcp_compliance.query.storage_bucket_log_object_versioning_enabled

SQL

with log_sink_buckets as (
select
split_part(destination, '/', 2) as bucket_name,
project
from
gcp_logging_sink
where
destination like 'storage.googleapis.com/%'
)
select
b.self_link resource,
case
when s.bucket_name is null then 'skip'
when b.versioning_enabled then 'ok'
else 'alarm'
end as status,
case
when s.bucket_name is null then title || ' does not export logs.'
when b.versioning_enabled then title || ' has object versioning enabled.'
else title || ' has object versioning disabled.'
end as reason
, b.location as location, b.project as project
from
gcp_storage_bucket as b
left join log_sink_buckets as s on s.bucket_name = b.name and b.project = s.project;

Controls

The query is being used by the following controls: