Update azure_mandatory_sql_subscription_resource_group_mandatory.yaml

acx1729 · web-flow · commit 6e64359fc0c4 · 2025-01-06T17:03:28.000-05:00
diff --git a/compliance/controls/azure/azure_mandatory_sql_subscription_resource_group_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_subscription_resource_group_mandatory.yaml
@@ -1,11 +1,12 @@
+
 id: azure_mandatory_sql_subscription_resource_group_mandatory
 title: Resource groups should have mandatory tags
 description: Check if Resource groups have mandatory tags.
 integration_type:
   - azure_subscription
 parameters:
   - key: azureMandatoryTags
-    value: '["name","environment"]'
+    value: $global.mandatory_tags
 policy:
   language: sql
   primary_resource: azure_resource_group
@@ -16,8 +17,9 @@ policy:
         platform_resource_id,
         id,
         title,
-        tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags,
-        TO_JSONB('{{.azureMandatoryTags}}'::text[]) - ARRAY(
+        -- Use the $global.mandatory_tags reference in the SQL
+        tags ?& $global.mandatory_tags::text[] AS has_mandatory_tags,
+        TO_JSONB($global.mandatory_tags::text[]) - ARRAY(
           SELECT jsonb_object_keys(tags)
         ) AS missing_tags,
         subscription_id
@@ -37,7 +39,8 @@ policy:
         ELSE title || ' is missing tags: ' || array_to_string(
           ARRAY(
             SELECT jsonb_array_elements_text(missing_tags)
-          ), ', ') || '.'
+          ), ', '
+        ) || '.'
       END AS reason,
       subscription_id
     FROM
