v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →

Plugins Docs Home

turbot/oci_compliance

blockstorage_block_volume_cmk_encryption_enabled blockstorage_boot_volume_cmk_encryption_enabled cloudguard_enabled core_default_security_list_allow_icmp_only core_instance_encryption_in_transit_enabled core_instance_legacy_metadata_service_endpoint_disabled core_network_security_group_restrict_ingress_rdp_all core_network_security_group_restrict_ingress_ssh_all core_security_list_restrict_ingress_rdp_all core_security_list_restrict_ingress_ssh_all core_subnet_flow_log_enabled events_rule_notification_cloud_guard_problems_detected events_rule_notification_iam_group_changes events_rule_notification_iam_policy_changes events_rule_notification_iam_user_changes events_rule_notification_identity_provider_changes events_rule_notification_idp_group_mapping_changes events_rule_notification_network_gateway_changes events_rule_notification_network_security_list_changes events_rule_notification_route_table_changes events_rule_notification_security_list_changes events_rule_notification_vcn_changes filestorage_filesystem_cmk_encryption_enabled identity_administrator_user_with_no_api_key identity_auth_token_age_90 identity_authentication_password_policy_strong_min_length_14 identity_default_tag identity_iam_administrators_no_update_tenancy_administrators_group_permission identity_only_administrators_group_with_manage_all_resources_permission_in_tenancy identity_tenancy_audit_log_retention_period_365_days identity_tenancy_with_one_active_compartment identity_user_api_key_age_90 identity_user_console_access_mfa_enabled identity_user_customer_secret_key_age_90 identity_user_db_credential_age_90 identity_user_valid_email kms_cmk_rotation_365 manual_control notification_topic_with_subscription objectstorage_bucket_cmk_encryption_enabled objectstorage_bucket_public_access_blocked objectstorage_bucket_versioning_enabled oracle_autonomous_database_not_publicly_accessible

Query: identity_administrator_user_with_no_api_key

Usage

powerpipe query oci_compliance.query.identity_administrator_user_with_no_api_key

Steampipe Tables

oci_identity_api_key

oci_identity_group

oci_identity_user

Oracle Cloud Infrastructure plugin

SQL

with administrators_users as (
  select
    a.name as admin_user_name
  from
    oci_identity_user a,
    jsonb_array_elements(a.user_groups) as user_group
    inner join oci_identity_group b on (b.id = user_group ->> 'groupId' )
  where
    b.name = 'Administrators' or a.identity_provider_id is not null
)
select
  a.id as resource,
  case
    when c.user_name is not null then 'alarm'
    else 'ok'
  end as status,
  case
    when c.user_name is not null then a.name || ' has API Key.'
    else a.name || ' has no API Key.'
  end as reason
  
  , a.tenant_name as tenant
from
  oci_identity_user a
  left join administrators_users b on a.name = b.admin_user_name
  left join oci_identity_api_key c on a.name = c.user_name;

Controls

The query is being used by the following controls: