turbot/kubernetes_compliance

Query: ingress_nginx_annotations_snippets_lua_code_not_used

Usage

powerpipe query kubernetes_compliance.query.ingress_nginx_annotations_snippets_lua_code_not_used

Steampipe Tables

SQL

select
coalesce(uid, concat(path, ':', start_line)) as resource,
case when a.key like '%snippet%' and a.value ~ '(lua_|_lua|_lua_|kubernetes\.io)' then 'alarm'
else 'ok'
end as status,
case
when a.key like '%snippet%' and a.value ~ '(lua_|_lua|_lua_|kubernetes\.io)' then a.key || ' annotation snippet contains lua code execution.'
else a.key || ' annotation snippet does not contain lua code execution.'
end as reason,
name as ingress_name
, coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as path
from
kubernetes_ingress,
jsonb_each_text(annotations) as a;

Controls

The query is being used by the following controls: