Describe the bug
A clear and concise description of what the bug is.
5.1.3 Minimize wildcard use in Roles and ClusterRoles ............................................................................................................... 1 / 1 [= ]
| | |
| | | ERROR: column "kubernetes_cluster_role.tags" must appear in the GROUP BY clause or be used in an aggregate function (SQLSTATE 42803)
Steampipe version (steampipe -v
)
Example: v0.3.0
Plugin version (steampipe plugin list
)
Example: v0.5.0
To reproduce
Steps to reproduce the behavior (please include relevant code and/or commands).
Execute steampipe check control.cis_v170_5_1_3
Expected behavior
A clear and concise description of what you expected to happen.
Additional context
Add any other context about the problem here.
The solution is to add tags
and _ctx
to the group by
clause
select
coalesce(uid, concat(path, ':', start_line)) as resource,
case
when rule ->> 'apiGroups' like '%*%'
or rule ->> 'resources' like '%*%'
or rule ->> 'verbs' like '%*%' then 'alarm'
else 'ok'
end as status,
case
when rule ->> 'apiGroups' like '%*%' then name || ' api groups use wildcards.'
when rule ->> 'resources' like '%*%' then name || ' resources use wildcards.'
when rule ->> 'verbs' like '%*%' then name || ' actions use wildcards.'
else name || ' uses no wildcard.'
end as reason,
name as role_name
${local.tag_dimensions_sql}
${local.common_dimensions_non_namespace_sql}
from
kubernetes_cluster_role,
jsonb_array_elements(rules) rule
where
name not like '%system%'
group by
uid,
status,
reason,
role_name,
path,
start_line,
end_line,
source_type,
context_name,
tags,
_ctx;