Query: network_virtual_network_gateway_aad_only

select
  g.id as resource,
  case
    when vpn_client_configuration -> 'vpnAuthenticationTypes' @> '["AAD"]'::jsonb and jsonb_array_length(vpn_client_configuration -> 'vpnAuthenticationTypes') = 1 then 'ok'
    when jsonb_array_length(vpn_client_configuration -> 'vpnAuthenticationTypes') < 1 then 'skip'
    else 'alarm'
  end as status,
  case
    when vpn_client_configuration -> 'vpnAuthenticationTypes' @> '["AAD"]'::jsonb
     and jsonb_array_length(vpn_client_configuration -> 'vpnAuthenticationTypes') = 1 then g.name || ' VPN authentication type is set to only Azure Active Directory.'
    when jsonb_array_length(vpn_client_configuration -> 'vpnAuthenticationTypes') < 1 then g.name || ' has no point-to-site configuration defined.'
    else g.name || ' VPN authentication type is not restricted to only Azure Active Directory.'
  end as reason
  
  , g.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_virtual_network_gateway as g
  left join azure_subscription as sub on g.subscription_id = sub.subscription_id;