standard
turbot/azure_tags
- Detect & correct AI Search services with incorrect tags
- Detect & correct API Managements with incorrect tags
- Detect & correct App Service environments with incorrect tags
- Detect & correct App Service function apps with incorrect tags
- Detect & correct App Service plans with incorrect tags
- Detect & correct App Service web apps with incorrect tags
- Detect & correct Batch accounts with incorrect tags
- Detect & correct Compute availability sets with incorrect tags
- Detect & correct Compute disk encryption Sets with incorrect tags
- Detect & correct Compute disks with incorrect tags
- Detect & correct Compute images with incorrect tags
- Detect & correct Compute snapshots with incorrect tags
- Detect & correct Compute VM scale sets with incorrect tags
- Detect & correct Compute VMs with incorrect tags
- Detect & correct Container registries with incorrect tags
- Detect & correct Cosmos DB accounts with incorrect tags
- Detect & correct Cosmos DB mongo databases with incorrect tags
- Detect & correct Cosmos DB SQL databases with incorrect tags
- Detect & correct Data factories with incorrect tags
- Detect & correct Data lake analytics accounts with incorrect tags
- Detect & correct Data lake stores with incorrect tags
- Detect & correct Event Hub namespaces with incorrect tags
- Detect & correct ExpressRoute circuits with incorrect tags
- Detect & correct IoT Hubs with incorrect tags
- Detect & correct Key Vault deleted vaults with incorrect tags
- Detect & correct Key Vault keys with incorrect tags
- Detect & correct Key Vault managed hardware security module with incorrect tags
- Detect & correct Key Vault secrets with incorrect tags
- Detect & correct Key Vault vaults with incorrect tags
- Detect & correct Kubernetes clusters with incorrect tags
- Detect & correct Logic app workflows with incorrect tags
- Detect & correct MariaDB servers with incorrect tags
- Detect & correct Monitor log alerts with incorrect tags
- Detect & correct Monitor log profiles with incorrect tags
- Detect & correct Microsoft SQL elastic pools with incorrect tags
- Detect & correct Microsoft SQL managed instances with incorrect tags
- Detect & correct MySQL servers with incorrect tags
- Detect & correct Network application security groups with incorrect tags
- Detect & correct Network firewalls with incorrect tags
- Detect & correct Network interfaces with incorrect tags
- Detect & correct Network load balancers with incorrect tags
- Detect & correct Network public IPs with incorrect tags
- Detect & correct Network route tables with incorrect tags
- Detect & correct Network security groups with incorrect tags
- Detect & correct Network watcher flow logs with incorrect tags
- Detect & correct Network Watchers with incorrect tags
- Detect & correct PostgreSQL servers with incorrect tags
- Detect & correct Recovery Services vaults with incorrect tags
- Detect & correct Redis caches with incorrect tags
- Detect & correct Resource groups with incorrect tags
- Detect & correct ServiceBus namespaces with incorrect tags
- Detect & correct SQL databases with incorrect tags
- Detect & correct SQL servers with incorrect tags
- Detect & correct Storage Accounts with incorrect tags
- Detect & correct Virtual Network gateways with incorrect tags
- Detect & correct Virtual Networks with incorrect tags
Get Involved
Version
Trigger: Detect & correct Key Vault managed hardware security module with incorrect tags
Detects Key Vault managed hardware security module with incorrect tags and optionally attempts to correct them.
Query
with tags as ( select coalesce(name, title) as title, id, region, subscription_id, sp_connection_name as conn, coalesce(tags, '{}' :: jsonb) as tags, t.key, t.value from azure_key_vault_managed_hardware_security_module left join jsonb_each_text(tags) as t(key, value) on true),updated_tags as ( select id, key as old_key, case when false then key else key end as new_key, value from tags where key is not null),required_tags as ( select r.id, null as old_key, a.key as new_key, a.value from ( select distinct id from azure_key_vault_managed_hardware_security_module ) r cross join ( values (null, null) ) as a(key, value) where not exists ( select 1 from updated_tags ut where ut.id = r.id and ut.new_key = a.key )),all_tags as ( select id, old_key, new_key, value from updated_tags union all select id, old_key, new_key, value from required_tags where new_key is not null),allowed_tags as ( select distinct id, new_key from ( select id, new_key, case when new_key like '%' then true else false end as allowed from all_tags ) a where allowed = true),remove_tags as ( select distinct id, key from ( select id, new_key as key, case when new_key like '%' then false else false end as remove from all_tags ) r where remove = true union select id, new_key as key from all_tags a where not exists ( select 1 from allowed_tags at where at.id = a.id and at.new_key = a.new_key )),updated_values as ( select id, new_key, value as old_value, case when false then value else value end as updated_value from all_tags)select *from ( select t.title, t.id, t.region, t.subscription_id, t.conn, t.tags as old_tags, jsonb_object_agg(uv.new_key, uv.updated_value) as new_tags from tags t join updated_values uv on t.id = uv.id where not exists ( select 1 from remove_tags rt where rt.id = uv.id and rt.key = uv.new_key ) group by t.title, t.id, t.region, t.subscription_id, t.conn, t.tags ) resultwhere old_tags != new_tags;
Schedule
15m
Tags
category = tags
plugin = azure
service = Azure/KeyVault