Closed tomrwaller closed 2 weeks ago
Thanks @tomrwaller for raising this issue. We will look into it and get it sorted out!
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 90 days with no activity.
Describe the bug
When running a Steampipe CLI compliance check (tested using Microsoft 365 and Azure compliance mods), if a control fails as error status, the tenant ID or subscription ID is omitted from the output. If the output is dumped to a CSV for example, controls that execute with the status alarm, ok and info all record the ID. If the status is error, it does not store the ID, making it difficult to report on the output, especially when using an aggregator with lots of tenants or subscriptions.
Powerpipe version (
powerpipe -v
)0.21.7 (and all other versions as far as I can tell)
To reproduce
Run Steampipe CLI and compliance check on Azure or M365, with a service principal that does not have the full permission set. Output to CSV. Review the CSV, filter by status=error and the column for subscription_id or tenant_id will be empty. Remove the filter and verify that alarm, info and ok all store the ID.
Expected behavior
Controls that fail, also record the tenant or subscription ID, as they do for alarm, info and ok.
Attached a screenshot of a CSV example.