Table: gcp_artifact_registry_repository - Query Artifact Registry Repositories using SQL

Artifact Registry is a scalable and managed repository provided by Google Cloud Platform (GCP) that allows teams to store, manage, and secure software packages. It supports various formats including Docker, Maven, and npm. Artifact Registry offers fine-grained access control, detailed audit logging, and can be integrated with Google Cloud’s other services.

Table Usage Guide

The gcp_artifact_registry_repository table provides insights into the repositories within GCP's Artifact Registry. As a DevOps engineer, you can explore repository-specific details through this table, including their name, location, format, and creation time. Utilize it to manage and secure your software packages, ensuring they are stored in the correct format and location.

Examples

Basic info

Explore the basic details of your Google Cloud Platform's Artifact Registry repositories such as their names, cleanup policies, creation times, formats, key names, and modes. This information can help you manage and monitor your repositories more effectively.

select
  name,
  cleanup_policy_dry_run,
  create_time,
  format,
  kms_key_name,
  mode
from
  gcp_artifact_registry_repository;

select
  name,
  cleanup_policy_dry_run,
  create_time,
  format,
  kms_key_name,
  mode
from
  gcp_artifact_registry_repository;

List unencrypted repositories

Analyze the settings to understand which artifact repositories in your Google Cloud Platform do not have encryption enabled. This helps in identifying potential security risks and taking necessary actions to secure your repositories.

select
  name,
  cleanup_policy_dry_run,
  create_time,
  kms_key_name
from
  gcp_artifact_registry_repository
where
  kms_key_name = '';

select
  name,
  cleanup_policy_dry_run,
  create_time,
  kms_key_name
from
  gcp_artifact_registry_repository
where
  kms_key_name is null;

List docker format package repositories

Explore the GCP Artifact Registry to identify repositories that store Docker format packages. This can help you understand your usage patterns and manage your resources effectively.

select
  name,
  create_time,
  description,
  size_bytes,
  format
from
  gcp_artifact_registry_repository
where
  format = 'DOCKER';

select
  name,
  create_time,
  description,
  size_bytes,
  format
from
  gcp_artifact_registry_repository
where
  format = 'DOCKER';

List standard repositories

Explore which artifact repositories in GCP have been set to the 'standard' mode. This can help in assessing the configuration for optimal resource utilization and management.

select
  name,
  format,
  mode,
  create_time
from
  gcp_artifact_registry_repository
where
  mode = 'STANDARD_REPOSITORY';

select
  name,
  format,
  mode,
  create_time
from
  gcp_artifact_registry_repository
where
  mode = 'STANDARD_REPOSITORY';

List repositories that satisfies physical zone separation

Uncover the details of repositories that meet the physical zone separation requirements. This can be useful in assessing compliance with specific data residency and redundancy policies.

select
  name,
  mode,
  format,
  satisfies_pzs,
  description,
  create_time
from
  gcp_artifact_registry_repository
where
  satisfies_pzs;

select
  name,
  mode,
  format,
  satisfies_pzs,
  description,
  create_time
from
  gcp_artifact_registry_repository
where
  satisfies_pzs = 1;

Get docker configuration of repositories

Explore the configuration settings of Docker repositories to understand the immutability of tags and the handling of force send fields and null fields. This can be useful to review and manage your Docker repositories effectively.

select
  name,
  docker_config -> 'ImmutableTags' as immutable_tags,
  docker_config ->> 'ForceSendFields' as force_send_fields,
  docker_config ->> 'NullFields' as null_fields
from
  gcp_artifact_registry_repository;

select
  name,
  json_extract(docker_config, '$.ImmutableTags') as immutable_tags,
  json_extract(docker_config, '$.ForceSendFields') as force_send_fields,
  json_extract(docker_config, '$.NullFields') as null_fields
from
  gcp_artifact_registry_repository;

Get remote repository config details of repositories

Uncover the details of remote repositories' configurations to better understand the types of repositories being used, such as Apt, Docker, Maven, Npm, Python, and Yum. This can be useful for managing and optimizing the usage of different repository types in your Google Cloud Platform Artifact Registry.

select
  name,
  remote_repository_config ->> 'AptRepository' as apt_repository,
  remote_repository_config ->> 'DockerRepository' as docker_repository,
  remote_repository_config ->> 'MavenRepository' as maven_repository,
  remote_repository_config ->> 'NpmRepository' as npm_repository,
  remote_repository_config ->> 'PythonRepository' as python_repository,
  remote_repository_config ->> 'YumRepository' as yum_repository
from
  gcp_artifact_registry_repository;

select
  name,
  json_extract(remote_repository_config, '$.AptRepository') as apt_repository,
  json_extract(remote_repository_config, '$.DockerRepository') as docker_repository,
  json_extract(remote_repository_config, '$.MavenRepository') as maven_repository,
  json_extract(remote_repository_config, '$.NpmRepository') as npm_repository,
  json_extract(remote_repository_config, '$.PythonRepository') as python_repository,
  json_extract(remote_repository_config, '$.YumRepository') as yum_repository
from
  gcp_artifact_registry_repository;

Schema for gcp_artifact_registry_repository

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
cleanup_policies	jsonb		Cleanup policies for this repository.
cleanup_policy_dry_run	boolean		If true, the cleanup pipeline is prevented from deleting versions in this repository.
create_time	timestamp with time zone		The time when the repository was created.
description	text		The user-provided description of the repository.
docker_config	jsonb		Docker repository config contains repository level configuration for the repositories of docker type.
format	text		The format of packages that are stored in the repository.
kms_key_name	text		The Cloud KMS resource name of the customer managed encryption key that's used to encrypt the contents of the Repository.
labels	jsonb		A set of labels associated with this repository.
location	text	=	The GCP multi-region, region, or zone in which the resource is located.
maven_config	jsonb		Maven repository config contains repository level configuration for the repositories of maven type.
mode	text		The mode of the repository.
name	text	=	The name of the repository.
project	text		The GCP Project in which the resource is located.
remote_repository_config	jsonb		Configuration specific for a Remote Repository.
satisfies_pzs	boolean		If set, the repository satisfies physical zone separation.
sbom_config	jsonb		Config and state for sbom generation for resources within this Repository.
self_link	text		An URL that can be used to access the resource again.
size_bytes	bigint		The size, in bytes, of all artifact storage in this repository.
tags	jsonb		A map of tags for the resource.
title	text		Title of the resource.
update_time	timestamp with time zone		The time when the repository was last updated.
virtual_repository_config	jsonb		Configuration specific for a Virtual Repository.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp

You can pass the configuration to the command with the --config argument:

steampipe_export_gcp --config '<your_config>' gcp_artifact_registry_repository