/
objectstorage.sp
87 lines (84 loc) · 2.4 KB
/
objectstorage.sp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
query "objectstorage_bucket_encryption_enabled" {
sql = <<-EOQ
select
address as resource,
case
when coalesce((attributes_std ->> 'kms_key_id'), '') = '' then 'alarm'
else 'ok'
end as status,
split_part(address, '.', 2) || case
when coalesce((attributes_std ->> 'kms_key_id'), '') = '' then ' encryption disabled'
else ' encryption enabled'
end || '.' reason
${local.tag_dimensions_sql}
${local.common_dimensions_sql}
from
terraform_resource
where
type = 'oci_objectstorage_bucket';
EOQ
}
query "objectstorage_bucket_public_access_blocked" {
sql = <<-EOQ
select
address as resource,
case
when (attributes_std ->> 'access_type') in ('ObjectRead', 'ObjectReadWithoutList')
then 'alarm'
else 'ok'
end as status,
split_part(address, '.', 2) || case
when (attributes_std ->> 'access_type') in ('ObjectRead', 'ObjectReadWithoutList')
then ' is publicly accessible'
else ' is not publicly accessible'
end || '.' reason
${local.tag_dimensions_sql}
${local.common_dimensions_sql}
from
terraform_resource
where
type = 'oci_objectstorage_bucket';
EOQ
}
query "objectstorage_bucket_versioning_enabled" {
sql = <<-EOQ
select
address as resource,
case
when (attributes_std ->> 'versioning') = 'Enabled'
then 'ok'
else 'alarm'
end as status,
split_part(address, '.', 2) || case
when (attributes_std ->> 'versioning') = 'Enabled'
then ' has versioning enabled'
else ' has versioning disabled'
end || '.' reason
${local.tag_dimensions_sql}
${local.common_dimensions_sql}
from
terraform_resource
where
type = 'oci_objectstorage_bucket';
EOQ
}
query "objectstorage_bucket_object_events_enabled" {
sql = <<-EOQ
select
address as resource,
case
when (attributes_std ->> 'object_events_enabled')::bool then 'ok'
else 'alarm'
end as status,
split_part(address, '.', 2) || case
when (attributes_std ->> 'object_events_enabled')::bool then ' object events enabled'
else ' object events disabled'
end || '.' reason
${local.tag_dimensions_sql}
${local.common_dimensions_sql}
from
terraform_resource
where
type = 'oci_objectstorage_bucket';
EOQ
}