Update azure_mandatory_sql_subscription_resource_group_mandatory.yaml

acx1729 · web-flow · commit 78f36f4227ef · 2025-01-06T16:45:50.000-05:00
diff --git a/compliance/controls/azure/azure_mandatory_sql_subscription_resource_group_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_subscription_resource_group_mandatory.yaml
@@ -5,41 +5,42 @@ integration_type:
   - azure_subscription
 parameters:
   - key: azureMandatoryTags
+    default: '["name","environment"]'
 policy:
-    language: sql
-    primary_resource: azure_resource_group
-    definition: |
-        WITH analysis AS (
-          SELECT
-            platform_integration_id,
-            platform_resource_id,
-            id,
-            title,
-            tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags,
-            TO_JSONB('{{.azureMandatoryTags}}'::text[]) - ARRAY(
-              SELECT jsonb_object_keys(tags)
-            ) AS missing_tags,
-            subscription_id
-          FROM
-            azure_resource_group
-        )
-        SELECT
-          platform_integration_id,
-          platform_resource_id,
-          id AS resource,
-          CASE
-            WHEN has_mandatory_tags THEN 'ok'
-            ELSE 'alarm'
-          END AS status,
-          CASE
-            WHEN has_mandatory_tags THEN title || ' has all mandatory tags.'
-            ELSE title || ' is missing tags: ' || array_to_string(
-              ARRAY(
-                SELECT jsonb_array_elements_text(missing_tags)
-              ), ', ') || '.'
-          END AS reason,
-          subscription_id
-        FROM
-          analysis;
+  language: sql
+  primary_resource: azure_resource_group
+  definition: |
+    WITH analysis AS (
+      SELECT
+        platform_integration_id,
+        platform_resource_id,
+        id,
+        title,
+        tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags,
+        TO_JSONB('{{.azureMandatoryTags}}'::text[]) - ARRAY(
+          SELECT jsonb_object_keys(tags)
+        ) AS missing_tags,
+        subscription_id
+      FROM
+        azure_resource_group
+    )
+    SELECT
+      platform_integration_id,
+      platform_resource_id,
+      id AS resource,
+      CASE
+        WHEN has_mandatory_tags THEN 'ok'
+        ELSE 'alarm'
+      END AS status,
+      CASE
+        WHEN has_mandatory_tags THEN title || ' has all mandatory tags.'
+        ELSE title || ' is missing tags: ' || array_to_string(
+          ARRAY(
+            SELECT jsonb_array_elements_text(missing_tags)
+          ), ', ') || '.'
+      END AS reason,
+      subscription_id
+    FROM
+      analysis;
 severity: high
 tags: {}
