fix: change og_ prefex to platform_

artaasadi · artaasadi · commit f7c26dc3b8dd · 2024-11-27T02:15:18.000+01:00
diff --git a/compliance/controls/aws/aws_apigateway_stage_logging_enabled.yaml b/compliance/controls/aws/aws_apigateway_stage_logging_enabled.yaml
@@ -21,7 +21,7 @@ Query:
         tags,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_api_gateway_stage' AS og_table_name,
+        'aws_api_gateway_stage' AS platform_table_name,
         _ctx
       FROM
         aws_api_gateway_stage
@@ -36,7 +36,7 @@ Query:
         tags,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_api_gatewayv2_stage' AS og_table_name,
+        'aws_api_gatewayv2_stage' AS platform_table_name,
         _ctx
       FROM
         aws_api_gatewayv2_stage
@@ -45,7 +45,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      og_table_name AS og_table_name,
+      platform_table_name AS platform_table_name,
       CASE
         WHEN log_level IS NULL OR log_level = '' OR log_level = 'OFF' THEN 'alarm'
         ELSE 'ok'
diff --git a/compliance/controls/aws/aws_elb_application_classic_lb_logging_enabled.yaml b/compliance/controls/aws/aws_elb_application_classic_lb_logging_enabled.yaml
@@ -15,7 +15,7 @@ Query:
         arn AS resource,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_ec2_application_load_balancer' AS og_table_name,
+        'aws_ec2_application_load_balancer' AS platform_table_name,
         CASE
           WHEN load_balancer_attributes @> '[{"Key": "access_logs.s3.enabled", "Value": "true"}]' THEN 'ok'
           ELSE 'alarm'
@@ -34,7 +34,7 @@ Query:
         'arn:' || partition || ':elasticloadbalancing:' || region || ':' || account_id || ':loadbalancer/' || title AS resource,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_ec2_classic_load_balancer' AS og_table_name,
+        'aws_ec2_classic_load_balancer' AS platform_table_name,
         CASE
           WHEN access_log_enabled = 'true' THEN 'ok'
           ELSE 'alarm'
diff --git a/compliance/controls/aws/aws_elb_application_gateway_network_lb_multiple_az_configured.yaml b/compliance/controls/aws/aws_elb_application_gateway_network_lb_multiple_az_configured.yaml
@@ -15,7 +15,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_ec2_application_load_balancer' AS og_table_name,
+      'aws_ec2_application_load_balancer' AS platform_table_name,
       CASE
         WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm'
         ELSE 'ok'
@@ -30,7 +30,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_ec2_network_load_balancer' AS og_table_name,
+      'aws_ec2_network_load_balancer' AS platform_table_name,
       CASE
         WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm'
         ELSE 'ok'
@@ -45,7 +45,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_ec2_gateway_load_balancer' AS og_table_name,
+      'aws_ec2_gateway_load_balancer' AS platform_table_name,
       CASE
         WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm'
         ELSE 'ok'
diff --git a/compliance/controls/aws/aws_elb_application_network_lb_use_ssl_certificate.yaml b/compliance/controls/aws/aws_elb_application_network_lb_use_ssl_certificate.yaml
@@ -37,7 +37,7 @@ Query:
         title,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_ec2_application_load_balancer' AS og_table_name,
+        'aws_ec2_application_load_balancer' AS platform_table_name,
         _ctx
       FROM
         aws_ec2_application_load_balancer
@@ -49,7 +49,7 @@ Query:
         title,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_ec2_network_load_balancer' AS og_table_name,
+        'aws_ec2_network_load_balancer' AS platform_table_name,
         _ctx
       FROM
         aws_ec2_network_load_balancer
@@ -58,7 +58,7 @@ Query:
       a.arn AS resource,
       a.platform_account_id AS platform_account_id,
       a.platform_resource_id AS platform_resource_id,
-      a.og_table_name AS og_table_name,
+      a.platform_table_name AS platform_table_name,
       CASE
         WHEN b.load_balancer_arn IS NULL THEN 'ok'
         ELSE 'alarm'
diff --git a/compliance/controls/aws/aws_iam_group_user_role_no_inline_policies.yaml b/compliance/controls/aws/aws_iam_group_user_role_no_inline_policies.yaml
@@ -15,7 +15,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_iam_user' AS og_table_name,
+      'aws_iam_user' AS platform_table_name,
       CASE
         WHEN inline_policies IS NULL THEN 'ok'
         ELSE 'alarm'
@@ -29,7 +29,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_iam_role' AS og_table_name,
+      'aws_iam_role' AS platform_table_name,
       CASE
         WHEN inline_policies IS NULL THEN 'ok'
         ELSE 'alarm'
@@ -45,7 +45,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_iam_group' AS og_table_name,
+      'aws_iam_group' AS platform_table_name,
       CASE
         WHEN inline_policies IS NULL THEN 'ok'
         ELSE 'alarm'
diff --git a/compliance/controls/aws/aws_iam_policy_inline_no_blocked_kms_actions.yaml b/compliance/controls/aws/aws_iam_policy_inline_no_blocked_kms_actions.yaml
@@ -20,7 +20,7 @@ Query:
         region,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_iam_user' AS og_table_name,
+        'aws_iam_user' AS platform_table_name,
         _ctx
       FROM
         aws_iam_user
@@ -33,7 +33,7 @@ Query:
         region,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_iam_role' AS og_table_name,
+        'aws_iam_role' AS platform_table_name,
         _ctx
       FROM
         aws_iam_role
@@ -46,7 +46,7 @@ Query:
         region,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_iam_group' AS og_table_name,
+        'aws_iam_group' AS platform_table_name,
         _ctx
       FROM
         aws_iam_group
@@ -71,7 +71,7 @@ Query:
       u.arn AS resource,
       u.platform_account_id AS platform_account_id,
       u.platform_resource_id AS platform_resource_id,
-      u.og_table_name AS og_table_name,
+      u.platform_table_name AS platform_table_name,
       CASE
         WHEN w.arn IS NULL THEN 'ok'
         ELSE 'alarm'
diff --git a/compliance/controls/aws/aws_iam_user_group_role_cloudshell_fullaccess_restricted.yaml b/compliance/controls/aws/aws_iam_user_group_role_cloudshell_fullaccess_restricted.yaml
@@ -15,7 +15,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_iam_user' AS og_table_name,
+      'aws_iam_user' AS platform_table_name,
       CASE 
         WHEN attached_policy_arns @> '["arn:aws:iam::aws:policy/AWSCloudShellFullAccess"]' 
           THEN 'alarm' 
@@ -34,7 +34,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_iam_role' AS og_table_name,
+      'aws_iam_role' AS platform_table_name,
       CASE 
         WHEN attached_policy_arns @> '["arn:aws:iam::aws:policy/AWSCloudShellFullAccess"]' 
           THEN 'alarm' 
@@ -53,7 +53,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_iam_group' AS og_table_name,
+      'aws_iam_group' AS platform_table_name,
       CASE 
         WHEN attached_policy_arns @> '["arn:aws:iam::aws:policy/AWSCloudShellFullAccess"]' 
           THEN 'alarm' 
diff --git a/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_inline_policy.yaml b/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_inline_policy.yaml
@@ -51,7 +51,7 @@ Query:
       i.arn AS resource,
       i.platform_account_id AS platform_account_id,
       i.platform_resource_id AS platform_resource_id,
-      'aws_iam_user' AS og_table_name,
+      'aws_iam_user' AS platform_table_name,
       CASE
         WHEN d.arn IS NULL THEN 'ok'
         ELSE 'alarm'
@@ -69,7 +69,7 @@ Query:
       r.arn AS resource,
       r.platform_account_id AS platform_account_id,
       r.platform_resource_id AS platform_resource_id,
-      'aws_iam_role' AS og_table_name,
+      'aws_iam_role' AS platform_table_name,
       CASE
         WHEN d.arn IS NULL THEN 'ok'
         ELSE 'alarm'
@@ -89,7 +89,7 @@ Query:
       g.arn AS resource,
       g.platform_account_id AS platform_account_id,
       g.platform_resource_id AS platform_resource_id,
-      'aws_iam_group' AS og_table_name,
+      'aws_iam_group' AS platform_table_name,
       CASE
         WHEN d.arn IS NULL THEN 'ok'
         ELSE 'alarm'
diff --git a/compliance/controls/aws/aws_rds_db_instance_and_cluster_enhanced_monitoring_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_and_cluster_enhanced_monitoring_enabled.yaml
@@ -15,7 +15,7 @@ Query:
         arn AS resource,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_rds_db_cluster' AS og_table_name,
+        'aws_rds_db_cluster' AS platform_table_name,
         CASE
           WHEN enabled_cloudwatch_logs_exports IS NOT NULL THEN 'ok'
           ELSE 'alarm'
@@ -35,7 +35,7 @@ Query:
         arn AS resource,
         platform_account_id AS platform_account_id,
         platform_resource_id AS platform_resource_id,
-        'aws_rds_db_instance' AS og_table_name,
+        'aws_rds_db_instance' AS platform_table_name,
         CASE
           WHEN class = 'db.m1.small' THEN 'skip'
           WHEN enhanced_monitoring_resource_arn IS NOT NULL THEN 'ok'
diff --git a/compliance/controls/aws/aws_rds_db_instance_and_cluster_no_default_port.yaml b/compliance/controls/aws/aws_rds_db_instance_and_cluster_no_default_port.yaml
@@ -15,7 +15,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_rds_db_cluster' AS og_table_name,
+      'aws_rds_db_cluster' AS platform_table_name,
       CASE
         WHEN engine SIMILAR TO '%(aurora|mysql|mariadb)%' AND port = '3306' THEN 'alarm'
         WHEN engine LIKE '%postgres%' AND port = '5432' THEN 'alarm'
@@ -40,7 +40,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_rds_db_instance' AS og_table_name,
+      'aws_rds_db_instance' AS platform_table_name,
       CASE
         WHEN engine SIMILAR TO '%(aurora|mysql|mariadb)%' AND port = '3306' THEN 'alarm'
         WHEN engine LIKE '%postgres%' AND port = '5432' THEN 'alarm'
diff --git a/compliance/controls/aws/aws_rds_db_snapshot_encrypted_at_rest.yaml b/compliance/controls/aws/aws_rds_db_snapshot_encrypted_at_rest.yaml
@@ -15,7 +15,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_rds_db_cluster_snapshot' AS og_table_name,
+      'aws_rds_db_cluster_snapshot' AS platform_table_name,
       CASE
         WHEN storage_encrypted THEN 'ok'
         ELSE 'alarm'
@@ -35,7 +35,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_rds_db_snapshot' AS og_table_name,
+      'aws_rds_db_snapshot' AS platform_table_name,
       CASE
         WHEN encrypted THEN 'ok'
         ELSE 'alarm'
diff --git a/compliance/controls/aws/aws_rds_db_snapshot_prohibit_public_access.yaml b/compliance/controls/aws/aws_rds_db_snapshot_prohibit_public_access.yaml
@@ -15,7 +15,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_rds_db_cluster_snapshot' AS og_table_name,
+      'aws_rds_db_cluster_snapshot' AS platform_table_name,
       CASE
         WHEN cluster_snapshot -> 'AttributeValues' = '["all"]' THEN 'alarm'
         ELSE 'ok'
@@ -36,7 +36,7 @@ Query:
       arn AS resource,
       platform_account_id AS platform_account_id,
       platform_resource_id AS platform_resource_id,
-      'aws_rds_db_snapshot' AS og_table_name,
+      'aws_rds_db_snapshot' AS platform_table_name,
       CASE
         WHEN database_snapshot -> 'AttributeValues' = '["all"]' THEN 'alarm'
         ELSE 'ok'
diff --git a/compliance/controls/azure/azure_appservice_ftp_deployment_disabled.yaml b/compliance/controls/azure/azure_appservice_ftp_deployment_disabled.yaml
@@ -17,7 +17,7 @@ Query:
         fa.id AS resource,
         fa.platform_account_id AS platform_account_id,
         fa.platform_resource_id AS platform_resource_id,
-        'azure_app_service_function_app' AS og_table_name,
+        'azure_app_service_function_app' AS platform_table_name,
         CASE
             WHEN configuration -> 'properties' ->> 'ftpsState' = 'AllAllowed' THEN 'alarm'
             ELSE 'ok'
@@ -40,7 +40,7 @@ Query:
         wa.id AS resource,
         wa.platform_account_id AS platform_account_id,
         wa.platform_resource_id AS platform_resource_id,
-        'azure_app_service_web_app' AS og_table_name,
+        'azure_app_service_web_app' AS platform_table_name,
         CASE
             WHEN configuration -> 'properties' ->> 'ftpsState' = 'AllAllowed' THEN 'alarm'
             ELSE 'ok'
diff --git a/compliance/controls/azure/azure_compute_vm_and_sacle_set_encryption_at_host_enabled.yaml b/compliance/controls/azure/azure_compute_vm_and_sacle_set_encryption_at_host_enabled.yaml
@@ -16,7 +16,7 @@ Query:
         a.id AS resource,
         a.platform_account_id AS platform_account_id,
         a.platform_resource_id AS platform_resource_id,
-        'azure_compute_virtual_machine' AS og_table_name,
+        'azure_compute_virtual_machine' AS platform_table_name,
         CASE
           WHEN security_profile -> 'encryptionAtHost' = 'true' THEN 'ok'
           ELSE 'alarm'
@@ -39,7 +39,7 @@ Query:
         a.id AS resource,
         a.platform_account_id AS platform_account_id,
         a.platform_resource_id AS platform_resource_id,
-        'azure_compute_virtual_machine_scale_set' AS og_table_name,
+        'azure_compute_virtual_machine_scale_set' AS platform_table_name,
         CASE
           WHEN virtual_machine_security_profile -> 'encryptionAtHost' = 'true' THEN 'ok'
           ELSE 'alarm'
diff --git a/compliance/controls/baseline/aws/IAM/aws_approved_ecs_execute_command_access.yaml b/compliance/controls/baseline/aws/IAM/aws_approved_ecs_execute_command_access.yaml
@@ -18,7 +18,7 @@ Query:
       name AS resource,
       platform_account_id,
       platform_resource_id,
-      'aws_iam_user' AS og_table_name,
+      'aws_iam_user' AS platform_table_name,
       CASE
         WHEN (inline_policies_std::text LIKE '%ecs:ExecuteCommand%')
           AND ('{{.awsEcsExecuteCommandIamArns}}' NOT LIKE '%' || arn || '%')
@@ -58,7 +58,7 @@ Query:
       name AS resource,
       platform_account_id,
       platform_resource_id,
-      'aws_iam_role' AS og_table_name,
+      'aws_iam_role' AS platform_table_name,
       CASE
         WHEN (inline_policies_std::text LIKE '%ecs:ExecuteCommand%')
           AND ('{{.awsEcsExecuteCommandIamArns}}' NOT LIKE '%' || arn || '%')
@@ -98,7 +98,7 @@ Query:
       name AS resource,
       platform_account_id,
       platform_resource_id,
-      'aws_iam_group' AS og_table_name,
+      'aws_iam_group' AS platform_table_name,
       CASE
         WHEN (inline_policies_std::text LIKE '%ecs:ExecuteCommand%')
           AND ('{{.awsEcsExecuteCommandIamArns}}' NOT LIKE '%' || arn || '%')
diff --git a/compliance/controls/baseline/shared/cost/kaytu_connection_mom_cost_growth.yaml b/compliance/controls/baseline/shared/cost/kaytu_connection_mom_cost_growth.yaml
@@ -58,7 +58,7 @@ Query:
       CASE 
         WHEN aw.account_id IS NOT NULL THEN 'aws_account'
         WHEN az.subscription_id IS NOT NULL THEN 'azure_subscription'
-      END AS og_table_name,
+      END AS platform_table_name,
       CASE 
         WHEN (l.last30_cost_value - l.last60to30_cost_value) / l.last30_cost_value > {{.kaytuConnectionMoMCostGrowthAllowedGrowth}} 
         THEN 'alarm'
diff --git a/compliance/controls/baseline/shared/cost/kaytu_mom_cost_growth_15.yaml b/compliance/controls/baseline/shared/cost/kaytu_mom_cost_growth_15.yaml
@@ -57,7 +57,7 @@ Query:
       CASE
         WHEN aw.account_id IS NOT NULL THEN 'aws_account'
         WHEN az.subscription_id IS NOT NULL THEN 'azure_subscription'
-      END AS og_table_name, 
+      END AS platform_table_name, 
       CASE 
         WHEN (l.last30_cost_value - l.last60to30_cost_value) / l.last30_cost_value > {{.kaytuMoMCostGrowthAllowedGrowth}} 
         THEN 'alarm'
