judell/javier.sp

## javier.sp
dashboard "javier" {

  with "tls_data" {
    sql = <<EOQ
      select
        'domain.com:443' as address,
        max(distinct version) as max_version
      from
        net_tls_connection
      where
        address = 'domain.com:443'
        and handshake_completed
    EOQ
  }

  with "tls_data_fn" {
    sql = <<EOQ
      create or replace function public.tls_version() returns table (
        address text,
        max_version text
      ) as $$
      select
        'domain.com:443' as address,
         max(distinct version) as max_version
      from
        net_tls_connection
      where
        address = 'domain.com:443'
        and handshake_completed
      group by
        address
      $$ language sql
    EOQ
  }

  benchmark "tls_version" {
    title         = "sample benchmark"
    children = [
      control.tls_version,
      control.tls_version_2,
      control.tls_version_3
    ]
  }

    card {
    width = 3
    args = [ with.tls_data.rows[0].address ]
    sql = <<EOQ
      select $1 as address
    EOQ
  }

  card {
    width = 2
    args = [ with.tls_data.rows[0].max_version ]
    sql = <<EOQ
      select $1 as max_tls_version
    EOQ
  }

  card {
    width = 3
    sql = <<EOQ
      select address from tls_version() limit 1
    EOQ
  }

  card {
    width = 2
    sql = <<EOQ
      select max_version from tls_version() limit 1
    EOQ
  }


  table "tls_version" {
    title = "table version of control.tls_version"
    args = [ with.tls_data.rows[0].address, with.tls_data.rows[0].max_version]
    sql = <<EOT
      select
        $1 as resource,
        case
          when $2 >= 'TLS v1.2' then 'ok'
          else 'alarm'
        end as status,
        case
          when $2 >= 'TLS v1.2' then $1 || ' TLS version is compliant: '
          else $1 || ' TLS version is NOT compliant: '
        end as reason
      EOT
  }

  table "tls_version_2" {
    title = "table version of control.tls_version_2"
    sql = <<EOT
      select
        'domain.com:443' as resource,
        'ok' as status,
        'domain.com:443 TLS version is compliant' as reason
      EOT
  }

  table "tls_version_3" {
    title = "table version of control.tls_version_3"
    sql = <<EOT
      with data as (
        select * from tls_version() limit 1
      )
      select
        address as resource,
        case
          when max_version >= 'TLS v1.2' then 'ok'
          else 'alarm'
        end as status,
        case
          when max_version >= 'TLS v1.2' then address || ' TLS version is compliant: '
          else address || ' TLS version is NOT compliant: '
        end as reason
      from data
    EOT
  }


}


control "tls_version" {
  title = "control.tls_version"
  args = [ with.tls_data.rows[0].address, with.tls_data.rows[0].max_version]
  sql = <<EOT
  select
    $1 as resource,
    case
      when $2 >= 'TLS v1.2' then 'ok'
      else 'alarm'
    end as status,
    case
      when $2 >= 'TLS v1.2' then $1 || ' TLS version is compliant: '
      else $1 || ' TLS version is NOT compliant: '
    end as reason
  EOT
}


control "tls_version_2" {
  title = "control.tls_version_2"
  sql = <<EOT
    select
      'domain.com:443' as resource,
      'ok' as status,
      'domain.com:443 TLS version is compliant' as reason
    EOT
}

control "tls_version_3" {
  title = "control.tls_version_3"
  sql = <<EOT
    with data as (
      select * from tls_version() limit 1
    )
    select
      address as resource,
      case
        when max_version >= 'TLS v1.2' then 'ok'
        else 'alarm'
      end as status,
      case
        when max_version >= 'TLS v1.2' then address || ' TLS version is compliant: '
        else address || ' TLS version is NOT compliant: '
      end as reason
    from data
  EOT
}
	dashboard "javier" {

	with "tls_data" {
	sql = <<EOQ
	select
	'domain.com:443' as address,
	max(distinct version) as max_version
	from
	net_tls_connection
	where
	address = 'domain.com:443'
	and handshake_completed
	EOQ
	}

	with "tls_data_fn" {
	sql = <<EOQ
	create or replace function public.tls_version() returns table (
	address text,
	max_version text
	) as $$
	select
	'domain.com:443' as address,
	max(distinct version) as max_version
	from
	net_tls_connection
	where
	address = 'domain.com:443'
	and handshake_completed
	group by
	address
	$$ language sql
	EOQ
	}

	benchmark "tls_version" {
	title = "sample benchmark"
	children = [
	control.tls_version,
	control.tls_version_2,
	control.tls_version_3
	]
	}

	card {
	width = 3
	args = [ with.tls_data.rows[0].address ]
	sql = <<EOQ
	select $1 as address
	EOQ
	}

	card {
	width = 2
	args = [ with.tls_data.rows[0].max_version ]
	sql = <<EOQ
	select $1 as max_tls_version
	EOQ
	}

	card {
	width = 3
	sql = <<EOQ
	select address from tls_version() limit 1
	EOQ
	}

	card {
	width = 2
	sql = <<EOQ
	select max_version from tls_version() limit 1
	EOQ
	}


	table "tls_version" {
	title = "table version of control.tls_version"
	args = [ with.tls_data.rows[0].address, with.tls_data.rows[0].max_version]
	sql = <<EOT
	select
	$1 as resource,
	case
	when $2 >= 'TLS v1.2' then 'ok'
	else 'alarm'
	end as status,
	case
	when $2 >= 'TLS v1.2' then $1 \|\| ' TLS version is compliant: '
	else $1 \|\| ' TLS version is NOT compliant: '
	end as reason
	EOT
	}

	table "tls_version_2" {
	title = "table version of control.tls_version_2"
	sql = <<EOT
	select
	'domain.com:443' as resource,
	'ok' as status,
	'domain.com:443 TLS version is compliant' as reason
	EOT
	}

	table "tls_version_3" {
	title = "table version of control.tls_version_3"
	sql = <<EOT
	with data as (
	select * from tls_version() limit 1
	)
	select
	address as resource,
	case
	when max_version >= 'TLS v1.2' then 'ok'
	else 'alarm'
	end as status,
	case
	when max_version >= 'TLS v1.2' then address \|\| ' TLS version is compliant: '
	else address \|\| ' TLS version is NOT compliant: '
	end as reason
	from data
	EOT
	}


	}


	control "tls_version" {
	title = "control.tls_version"
	args = [ with.tls_data.rows[0].address, with.tls_data.rows[0].max_version]
	sql = <<EOT
	select
	$1 as resource,
	case
	when $2 >= 'TLS v1.2' then 'ok'
	else 'alarm'
	end as status,
	case
	when $2 >= 'TLS v1.2' then $1 \|\| ' TLS version is compliant: '
	else $1 \|\| ' TLS version is NOT compliant: '
	end as reason
	EOT
	}


	control "tls_version_2" {
	title = "control.tls_version_2"
	sql = <<EOT
	select
	'domain.com:443' as resource,
	'ok' as status,
	'domain.com:443 TLS version is compliant' as reason
	EOT
	}

	control "tls_version_3" {
	title = "control.tls_version_3"
	sql = <<EOT
	with data as (
	select * from tls_version() limit 1
	)
	select
	address as resource,
	case
	when max_version >= 'TLS v1.2' then 'ok'
	else 'alarm'
	end as status,
	case
	when max_version >= 'TLS v1.2' then address \|\| ' TLS version is compliant: '
	else address \|\| ' TLS version is NOT compliant: '
	end as reason
	from data
	EOT
	}