Trigger: Detect & correct Subscriptions without activity log alert for create and update SQL servers firewall rule

with alert_rule as (
  select
    alert.id as alert_id,
    alert.name as alert_name,
    alert.enabled,
    alert.location,
    alert.subscription_id,
    alert.resource_group,
    alert._ctx ->> 'connection_name' as conn,
    jsonb_array_length(alert.condition -> 'allOf')
  from
    azure_log_alert as alert,
    jsonb_array_elements_text(scopes) as sc
  where
    alert.location = 'Global'
    and alert.enabled
    and sc = '/subscriptions/' || alert.subscription_id
    and (
      (
        alert.condition -> 'allOf' @> '[{"equals":"Administrative","field":"category"}]'
        and alert.condition -> 'allOf' @> '[{"field": "operationName", "equals": "Microsoft.Sql/servers/firewallRules/write"}]'
      )
      or (
        alert.condition -> 'allOf' @> '[{"equals":"Administrative","field":"category"}]'
        and alert.condition -> 'allOf' @> '[{"field": "resourceType", "equals": "microsoft.sql/servers/firewallrules"}]'
        and jsonb_array_length(alert.condition -> 'allOf') = 2
      )
    )
  limit
    1
)
select
  sub.subscription_id as title,
  sub._ctx ->> 'connection_name' as conn
from
  azure_subscription sub
  left join alert_rule a on sub.subscription_id = a.subscription_id
group by
  sub.subscription_id,
  sub.display_name,
  sub._ctx,
  a.alert_id,
  a.alert_name,
  a.resource_group,
  a.subscription_id,
  a.conn
having
  not(count(a.subscription_id) > 0);