Control: Service Bus should use virtual service endpoint
Description
Ensure that Service Bus uses virtual service endpoint. This contol is non-compliant if service bus does not uses virtual service endpoint.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.servicebus_use_virtual_service_endpointSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.servicebus_use_virtual_service_endpoint --shareSQL
This control uses a named query:
with service_bus as ( select name, region, network_rule_set -> 'properties' -> 'virtualNetworkRules' as virtual_network_rules from azure_servicebus_namespace where sku_tier = 'Premium' and ( jsonb_array_length(network_rule_set -> 'properties' -> 'virtualNetworkRules') = 0 or exists ( select * from jsonb_array_elements(network_rule_set -> 'properties' -> 'virtualNetworkRules') as t where t -> 'subnet' ->> 'id' is null ) ))select bus.id as resource, case when bus.name != service_bus.name then 'ok' else 'alarm' end as status, case when bus.name != service_bus.name then bus.name || ' configured with virtual service endpoint.' else bus.name || ' not configured with virtual service endpoint.' end as reason , bus.resource_group as resource_group , sub.display_name as subscriptionfrom azure_servicebus_namespace as bus left join azure_subscription as sub on sub.subscription_id = bus.subscription_id left join service_bus on true;