iam_schema_managed_access_enablediam_user_at_least_two_users_with_accountadmin_roleiam_user_default_role_is_setiam_user_default_role_must_not_be_accountadminiam_user_with_accountadmin_role_have_emailiam_user_with_built_in_duo_mfa_enablediam_user_without_accountadmin_role_password_not_setmanual_controlmonitoring_user_password_rotated_regularlynetwork_policy_allowed_list_setnetwork_policy_blocked_list_set
Query: network_policy_allowed_list_set
Usage
powerpipe query snowflake_compliance.query.network_policy_allowed_list_set
Steampipe Tables
SQL
with applied_network_policy as ( select name, allowed_ip_list, account from snowflake_network_policy where name = ( select value from snowflake_account_parameter where key = 'NETWORK_POLICY')),analysis as ( select name, to_jsonb ($1::text[]) <@ array_to_json(string_to_array(allowed_ip_list, ','))::jsonb as has_allowed_ips, to_jsonb ($1) - string_to_array(allowed_ip_list, ',', '') as missing_ips, accountfrom applied_network_policy)select coalesce(analysis.name, sap.account) as resource, case when ( select count(*) from applied_network_policy group by name) is null then 'alarm' when has_allowed_ips then 'ok' else 'alarm' end as status, case when ( select count(*) from applied_network_policy group by name) is null then 'No network policy activated in the account.' when has_allowed_ips then name || ' has all allowed IPs.' else name || ' is missing allowed IPs: ' || array_to_string(array ( select jsonb_array_elements_text(missing_ips)), ', ') || '.' end as reason, sap.accountfrom snowflake_account_parameter as sap left join analysis on sap.account = analysis.accountwhere key = 'NETWORK_POLICY';
Controls
The query is being used by the following controls: