Control: Compute snapshots should have mandatory labels

Description

Check if Compute snapshots have mandatory labels.

Usage

Run the control in your terminal:

powerpipe control run gcp_labels.control.compute_snapshot_mandatory

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_labels.control.compute_snapshot_mandatory --share

Steampipe Tables

gcp_compute_snapshot

SQL

with analysis as (
  select
    self_link,
    title,
    labels ? & $1 as has_mandatory_labels,
    to_jsonb($1) - array(
      select
        jsonb_object_keys(labels)
    ) as missing_labels,
    location,
    project
  from
    gcp_compute_snapshot
)
select
  self_link as resource,
  case
    when has_mandatory_labels then 'ok'
    else 'alarm'
  end as status,
  case
    when has_mandatory_labels then title || ' has all mandatory labels.'
    else title || ' is missing labels: ' || array_to_string(
      array(
        select
          jsonb_array_elements_text(missing_labels)
      ),
      ', '
    ) || '.'
  end as reason,
  location,
  project
from
  analysis

Params

Args	Name	Default	Description	Variable
$1	mandatory_labels	`["Environment","Owner"]`		mandatory_labels