v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →

Plugins

turbot/gcp

steampipe plugin install gcpsteampipe plugin install gcp

gcp_alloydb_cluster gcp_alloydb_instance gcp_apikeys_key gcp_app_engine_application gcp_artifact_registry_repository gcp_audit_policy gcp_bigquery_dataset gcp_bigquery_job gcp_bigquery_table gcp_bigtable_instance gcp_billing_account gcp_billing_budget gcp_cloud_asset gcp_cloud_identity_group gcp_cloud_identity_group_membership gcp_cloud_run_service gcp_cloudfunctions_function gcp_composer_environment gcp_compute_address gcp_compute_autoscaler gcp_compute_backend_bucket gcp_compute_backend_service gcp_compute_disk gcp_compute_disk_metric_read_ops gcp_compute_disk_metric_read_ops_daily gcp_compute_disk_metric_read_ops_hourly gcp_compute_disk_metric_write_ops gcp_compute_disk_metric_write_ops_daily gcp_compute_disk_metric_write_ops_hourly gcp_compute_firewall gcp_compute_forwarding_rule gcp_compute_global_address gcp_compute_global_forwarding_rule gcp_compute_ha_vpn_gateway gcp_compute_image gcp_compute_instance gcp_compute_instance_group gcp_compute_instance_metric_cpu_utilization gcp_compute_instance_metric_cpu_utilization_daily gcp_compute_instance_metric_cpu_utilization_hourly gcp_compute_instance_template gcp_compute_machine_image gcp_compute_machine_type gcp_compute_network gcp_compute_node_group gcp_compute_node_template gcp_compute_project_metadata gcp_compute_region gcp_compute_resource_policy gcp_compute_route gcp_compute_router gcp_compute_snapshot gcp_compute_ssl_policy gcp_compute_subnetwork gcp_compute_target_https_proxy gcp_compute_target_pool gcp_compute_target_ssl_proxy gcp_compute_target_vpn_gateway gcp_compute_url_map gcp_compute_vpn_tunnel gcp_compute_zone gcp_dataplex_asset gcp_dataplex_lake gcp_dataplex_task gcp_dataplex_zone gcp_dataproc_cluster gcp_dataproc_metastore_service gcp_dns_managed_zone gcp_dns_policy gcp_dns_record_set gcp_iam_policy gcp_iam_role gcp_kms_key gcp_kms_key_ring gcp_kms_key_version gcp_kubernetes_cluster gcp_kubernetes_node_pool gcp_logging_bucket gcp_logging_exclusion gcp_logging_log_entry gcp_logging_metric gcp_logging_sink gcp_monitoring_alert_policy gcp_monitoring_group gcp_monitoring_notification_channel gcp_organization gcp_project gcp_project_organization_policy gcp_project_service gcp_pubsub_snapshot gcp_pubsub_subscription gcp_pubsub_topic gcp_redis_instance gcp_secret_manager_secret gcp_service_account gcp_service_account_key gcp_sql_backup gcp_sql_database gcp_sql_database_instance gcp_sql_database_instance_metric_connections gcp_sql_database_instance_metric_connections_daily gcp_sql_database_instance_metric_connections_hourly gcp_sql_database_instance_metric_cpu_utilization gcp_sql_database_instance_metric_cpu_utilization_daily gcp_sql_database_instance_metric_cpu_utilization_hourly gcp_storage_bucket gcp_storage_object gcp_tag_binding gcp_vertex_ai_endpoint gcp_vertex_ai_model gcp_vertex_ai_notebook_runtime_template gcp_vertex_ai_notebook_runtime_template,md gcp_vpc_access_connector

Table: gcp_cloud_run_service - Query GCP Cloud Run Services using SQL

Google Cloud Run is a managed compute platform that enables you to run stateless containers that are invocable via HTTP requests. Cloud Run is serverless: it abstracts away all infrastructure management, so you can focus on what matters most — building great applications. It automatically scales up or down from zero to N depending on traffic.

Table Usage Guide

The gcp_cloud_run_service table provides insights into Cloud Run services within Google Cloud Platform (GCP). As a developer or DevOps engineer, explore service-specific details through this table, including configurations, revisions, and routes. Utilize it to uncover information about services, such as the application's traffic flow, deployment history, and the current state of the service.

Examples

Basic info

Explore the basic details of your Google Cloud Run services, including their names, descriptions, and client versions. This information can help you understand the configuration and status of your services, which is useful for managing and optimizing your cloud resources.

select
  name,
  description,
  client,
  client_version,
  create_time,
  creator,
  generation,
  launch_stage
from
  gcp_cloud_run_service;

select
  name,
  description,
  client,
  client_version,
  create_time,
  creator,
  generation,
  launch_stage
from
  gcp_cloud_run_service;

Count of services by launch stage

Determine the distribution of services based on their launch stages. This can help in understanding how many services are in different stages of their lifecycle, providing insights for resource allocation and strategic planning.

select
  launch_stage,
  count(*)
from
  gcp_cloud_run_service
group by
  launch_stage;

select
  launch_stage,
  count(*)
from
  gcp_cloud_run_service
group by
  launch_stage;

List cloud-run services that are reconciling

Analyze the settings to understand which cloud-run services are currently in the process of reconciling. This can be useful for tracking and managing services that may be undergoing changes or updates.

select
  name,
  description,
  client,
  client_version,
  create_time,
  creator,
  generation,
  launch_stage,
  reconciling
from
  gcp_cloud_run_service
where
  reconciling;

select
  name,
  description,
  client,
  client_version,
  create_time,
  creator,
  generation,
  launch_stage,
  reconciling
from
  gcp_cloud_run_service
where
  reconciling = 1;

List services created in the last 30 days

Discover the services that were established in the past 30 days to gain insights into recent activities and understand the context of their creation. This could be useful in tracking the growth of services over time or identifying any unexpected or unauthorized service creation.

select
  name,
  description,
  create_time,
  creator,
  launch_stage
from
  gcp_cloud_run_service
where
  create_time >= now() - interval '30' day;

select
  name,
  description,
  create_time,
  creator,
  launch_stage
from
  gcp_cloud_run_service
where
  create_time >= datetime('now', '-30 day');

List services of ingress type INGRESS_TRAFFIC_ALL

Analyze the settings to understand which cloud run services are configured to allow all types of ingress traffic. This can be useful for assessing potential security risks associated with unrestricted ingress access.

select
  name,
  description,
  client,
  client_version,
  create_time,
  ingress
from
  gcp_cloud_run_service
where
  ingress = 'INGRESS_TRAFFIC_ALL';

select
  name,
  description,
  client,
  client_version,
  create_time,
  ingress
from
  gcp_cloud_run_service
where
  ingress = 'INGRESS_TRAFFIC_ALL';

Get condition details of services

This example allows you to gain insights into the status and condition details of various services in the Google Cloud Run environment. It can be used to understand the health of services, the reasons for their current state, and when they last transitioned, which can assist in troubleshooting and maintaining service stability.

select
  name,
  c ->> 'ExecutionReason' as execution_reason,
  c ->> 'LastTransitionTime' as last_transition_time,
  c ->> 'Message' as message,
  c ->> 'Reason' as reason,
  c ->> 'RevisionReason' as revision_reason,
  c ->> 'State' as state,
  c ->> 'Type' as type
from
  gcp_cloud_run_service,
  jsonb_array_elements(conditions) as c;

select
  name,
  json_extract(c.value, '$.ExecutionReason') as execution_reason,
  json_extract(c.value, '$.LastTransitionTime') as last_transition_time,
  json_extract(c.value, '$.Message') as message,
  json_extract(c.value, '$.Reason') as reason,
  json_extract(c.value, '$.RevisionReason') as revision_reason,
  json_extract(c.value, '$.State') as state,
  json_extract(c.value, '$.Type') as type
from
  gcp_cloud_run_service,
  json_each(conditions) as c;

Get associated members or principals, with a role of services

Attaching an Identity and Access Management (IAM) policy to a Google Cloud Run service involves setting permissions for that particular service. Google Cloud Run services use IAM for access control, and by configuring IAM policies, you can define who has what type of access to your Cloud Run services.

select
  name,
  i -> 'Condition' as condition,
  i -> 'Members' as members,
  i ->> 'Role' as role
from
  gcp_cloud_run_service,
  jsonb_array_elements(iam_policy -> 'Bindings') as i;

select
  name,
  json_extract(i.value, '$.Condition') as condition,
  json_extract(i.value, '$.Members') as members,
  json_extract(i.value, '$.Role') as role
from
  gcp_cloud_run_service,
  json_each(json_extract(iam_policy, '$.Bindings')) as i;

Get template details of services

Explore the various attributes of your cloud-based services, such as encryption keys, container details, and scaling parameters. This query is useful to gain an understanding of your service configurations and identify areas for potential adjustments or enhancements.

select
  name,
  template ->> 'Annotations' as template_annotations,
  template ->> 'Containers' as containers,
  template ->> 'EncryptionKey' as encryption_key,
  template ->> 'ExecutionEnvironment' as execution_environment,
  template ->> 'Revision' as revision,
  template ->> 'Scaling' as scaling,
  template ->> 'ServiceAccount' as service_account,
  template ->> 'SessionAffinity' as session_affinity,
  template ->> 'Timeout' as timeout,
  template ->> 'Volumes' as volumes,
  template ->> 'VpcAccess' as vpc_access
from
  gcp_cloud_run_service;

select
  name,
  json_extract(template, '$.Annotations') as template_annotations,
  json_extract(template, '$.Containers') as containers,
  json_extract(template, '$.EncryptionKey') as encryption_key,
  json_extract(template, '$.ExecutionEnvironment') as execution_environment,
  json_extract(template, '$.Revision') as revision,
  json_extract(template, '$.Scaling') as scaling,
  json_extract(template, '$.ServiceAccount') as service_account,
  json_extract(template, '$.SessionAffinity') as session_affinity,
  json_extract(template, '$.Timeout') as timeout,
  json_extract(template, '$.Volumes') as volumes,
  json_extract(template, '$.VpcAccess') as vpc_access
from
  gcp_cloud_run_service;

Get target traffic details of services

Gain insights into the distribution of traffic across different revisions and tags of your services. This is useful for understanding how your traffic is being balanced and identifying potential areas for optimization.

select
  name,
  t ->> 'Percent' as percent,
  t ->> 'Revision' as revision,
  t ->> 'Tag' as tag,
  t ->> 'Type' as type
from
  gcp_cloud_run_service,
  jsonb_array_elements(traffic) as t;

select
  name,
  json_extract(t.value, '$.Percent') as percent,
  json_extract(t.value, '$.Revision') as revision,
  json_extract(t.value, '$.Tag') as tag,
  json_extract(t.value, '$.Type') as type
from
  gcp_cloud_run_service,
  json_each(traffic) as t;

Control examples

All Controls > Cloud Run > Cloud Run service should restrict public access

Schema for gcp_cloud_run_service

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
annotations	jsonb		Unstructured key value map that may be set by external tools to store and arbitrary metadata.
binary_authorization	jsonb		Settings for the Binary Authorization feature.
client	text		Arbitrary identifier for the API client.
client_version	text		Arbitrary version identifier for the API client.
conditions	jsonb		The Conditions of all other associated sub-resources.
create_time	timestamp with time zone		The creation timestamp of the resource.
creator	text		Email address of the authenticated creator.
custom_audiences	jsonb		One or more custom audiences that you want this service to support.
delete_time	timestamp with time zone		The deletion time.
description	text		User-provided description of the Service.
etag	text		A system-generated fingerprint for this version of the resource.
expire_time	timestamp with time zone		For a deleted resource, the time after which it will be permamently deleted.
generation	bigint		A number that monotonically increases every time the user modifies the desired state.
iam_policy	jsonb		An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
ingress	text		Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active.
labels	jsonb		Unstructured key value map that can be used to organize and categorize objects.
last_modifier	text		Email address of the last authenticated modifier.
latest_created_revision	text		Name of the last created revision. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
latest_ready_revision	text		Name of the latest revision that is serving traffic. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
launch_stage	text		The launch stage as defined by Google Cloud Platform Launch Stages (https://cloud.google.com/terms/launch-stages). Cloud Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, GA is assumed.
location	text	=	The GCP multi-region, region, or zone in which the resource is located.
name	text	=	The fully qualified name of this Service.
observed_generation	text		The generation of this Service currently serving traffic.
project	text	=, !=, ~~, ~~, !~~, !~~	The GCP Project in which the resource is located.
reconciling	boolean		Returns true if the Service is currently being acted upon by the system to bring it into the desired state.
satisfies_pzs	boolean		Reserved for future use.
self_link	text		The server-defined URL for the resource.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tags	jsonb		A map of tags for the resource.
template	jsonb		The template used to create revisions for this Service.
terminal_condition	jsonb		The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state.
title	text		Title of the resource.
traffic	jsonb		Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest `Ready` Revision.
traffic_statuses	jsonb		Detailed status information for corresponding traffic targets.
traffic_tags_cleanup_threshold	bigint		Override the traffic tag threshold limit. Garbage collection will start cleaning up non-serving tagged traffic targets based on creation item. The default value is 2000.
uid	text		Server assigned unique identifier for the trigger.
update_time	timestamp with time zone		The last-modified time.
uri	text		The main URI in which this Service is serving traffic.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp

You can pass the configuration to the command with the --config argument:

steampipe_export_gcp --config '<your_config>' gcp_cloud_run_service