Control: Blob versioning should be enabled for storage accounts

powerpipe control run azure_compliance.control.storage_account_blob_versioning_enabled

powerpipe login
powerpipe control run azure_compliance.control.storage_account_blob_versioning_enabled --share

select
  sa.id as resource,
  case
    when bs.is_versioning_enabled then 'ok'
    else 'alarm'
  end as status,
  case
    when bs.is_versioning_enabled then sa.name || ' has blob versioning enabled.'
    else sa.name || ' has blob versioning disabled.'
  end as reason
  
  , sa.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_storage_account as sa
  left join azure_storage_blob_service as bs on sa.name = bs.storage_account_name
  left join azure_subscription sub on sub.subscription_id = sa.subscription_id