steampipe plugin install gcp

Table: gcp_cloud_run_service - Query GCP Cloud Run Services using SQL

Google Cloud Run is a managed compute platform that enables you to run stateless containers that are invocable via HTTP requests. Cloud Run is serverless: it abstracts away all infrastructure management, so you can focus on what matters most — building great applications. It automatically scales up or down from zero to N depending on traffic.

Table Usage Guide

The gcp_cloud_run_service table provides insights into Cloud Run services within Google Cloud Platform (GCP). As a developer or DevOps engineer, explore service-specific details through this table, including configurations, revisions, and routes. Utilize it to uncover information about services, such as the application's traffic flow, deployment history, and the current state of the service.

Examples

Basic info

Explore the basic details of your Google Cloud Run services, including their names, descriptions, and client versions. This information can help you understand the configuration and status of your services, which is useful for managing and optimizing your cloud resources.

select
name,
description,
client,
client_version,
create_time,
creator,
generation,
launch_stage
from
gcp_cloud_run_service;
select
name,
description,
client,
client_version,
create_time,
creator,
generation,
launch_stage
from
gcp_cloud_run_service;

Count of services by launch stage

Determine the distribution of services based on their launch stages. This can help in understanding how many services are in different stages of their lifecycle, providing insights for resource allocation and strategic planning.

select
launch_stage,
count(*)
from
gcp_cloud_run_service
group by
launch_stage;
select
launch_stage,
count(*)
from
gcp_cloud_run_service
group by
launch_stage;

List cloud-run services that are reconciling

Analyze the settings to understand which cloud-run services are currently in the process of reconciling. This can be useful for tracking and managing services that may be undergoing changes or updates.

select
name,
description,
client,
client_version,
create_time,
creator,
generation,
launch_stage,
reconciling
from
gcp_cloud_run_service
where
reconciling;
select
name,
description,
client,
client_version,
create_time,
creator,
generation,
launch_stage,
reconciling
from
gcp_cloud_run_service
where
reconciling = 1;

List services created in the last 30 days

Discover the services that were established in the past 30 days to gain insights into recent activities and understand the context of their creation. This could be useful in tracking the growth of services over time or identifying any unexpected or unauthorized service creation.

select
name,
description,
create_time,
creator,
launch_stage
from
gcp_cloud_run_service
where
create_time >= now() - interval '30' day;
select
name,
description,
create_time,
creator,
launch_stage
from
gcp_cloud_run_service
where
create_time >= datetime('now', '-30 day');

List services of ingress type INGRESS_TRAFFIC_ALL

Analyze the settings to understand which cloud run services are configured to allow all types of ingress traffic. This can be useful for assessing potential security risks associated with unrestricted ingress access.

select
name,
description,
client,
client_version,
create_time,
ingress
from
gcp_cloud_run_service
where
ingress = 'INGRESS_TRAFFIC_ALL';
select
name,
description,
client,
client_version,
create_time,
ingress
from
gcp_cloud_run_service
where
ingress = 'INGRESS_TRAFFIC_ALL';

Get condition details of services

This example allows you to gain insights into the status and condition details of various services in the Google Cloud Run environment. It can be used to understand the health of services, the reasons for their current state, and when they last transitioned, which can assist in troubleshooting and maintaining service stability.

select
name,
c ->> 'ExecutionReason' as execution_reason,
c ->> 'LastTransitionTime' as last_transition_time,
c ->> 'Message' as message,
c ->> 'Reason' as reason,
c ->> 'RevisionReason' as revision_reason,
c ->> 'State' as state,
c ->> 'Type' as type
from
gcp_cloud_run_service,
jsonb_array_elements(conditions) as c;
select
name,
json_extract(c.value, '$.ExecutionReason') as execution_reason,
json_extract(c.value, '$.LastTransitionTime') as last_transition_time,
json_extract(c.value, '$.Message') as message,
json_extract(c.value, '$.Reason') as reason,
json_extract(c.value, '$.RevisionReason') as revision_reason,
json_extract(c.value, '$.State') as state,
json_extract(c.value, '$.Type') as type
from
gcp_cloud_run_service,
json_each(conditions) as c;

Get associated members or principals, with a role of services

Attaching an Identity and Access Management (IAM) policy to a Google Cloud Run service involves setting permissions for that particular service. Google Cloud Run services use IAM for access control, and by configuring IAM policies, you can define who has what type of access to your Cloud Run services.

select
name,
i -> 'Condition' as condition,
i -> 'Members' as members,
i ->> 'Role' as role
from
gcp_cloud_run_service,
jsonb_array_elements(iam_policy -> 'Bindings') as i;
select
name,
json_extract(i.value, '$.Condition') as condition,
json_extract(i.value, '$.Members') as members,
json_extract(i.value, '$.Role') as role
from
gcp_cloud_run_service,
json_each(json_extract(iam_policy, '$.Bindings')) as i;

Get template details of services

Explore the various attributes of your cloud-based services, such as encryption keys, container details, and scaling parameters. This query is useful to gain an understanding of your service configurations and identify areas for potential adjustments or enhancements.

select
name,
template ->> 'Annotations' as template_annotations,
template ->> 'Containers' as containers,
template ->> 'EncryptionKey' as encryption_key,
template ->> 'ExecutionEnvironment' as execution_environment,
template ->> 'Revision' as revision,
template ->> 'Scaling' as scaling,
template ->> 'ServiceAccount' as service_account,
template ->> 'SessionAffinity' as session_affinity,
template ->> 'Timeout' as timeout,
template ->> 'Volumes' as volumes,
template ->> 'VpcAccess' as vpc_access
from
gcp_cloud_run_service;
select
name,
json_extract(template, '$.Annotations') as template_annotations,
json_extract(template, '$.Containers') as containers,
json_extract(template, '$.EncryptionKey') as encryption_key,
json_extract(template, '$.ExecutionEnvironment') as execution_environment,
json_extract(template, '$.Revision') as revision,
json_extract(template, '$.Scaling') as scaling,
json_extract(template, '$.ServiceAccount') as service_account,
json_extract(template, '$.SessionAffinity') as session_affinity,
json_extract(template, '$.Timeout') as timeout,
json_extract(template, '$.Volumes') as volumes,
json_extract(template, '$.VpcAccess') as vpc_access
from
gcp_cloud_run_service;

Get target traffic details of services

Gain insights into the distribution of traffic across different revisions and tags of your services. This is useful for understanding how your traffic is being balanced and identifying potential areas for optimization.

select
name,
t ->> 'Percent' as percent,
t ->> 'Revision' as revision,
t ->> 'Tag' as tag,
t ->> 'Type' as type
from
gcp_cloud_run_service,
jsonb_array_elements(traffic) as t;
select
name,
json_extract(t.value, '$.Percent') as percent,
json_extract(t.value, '$.Revision') as revision,
json_extract(t.value, '$.Tag') as tag,
json_extract(t.value, '$.Type') as type
from
gcp_cloud_run_service,
json_each(traffic) as t;

Schema for gcp_cloud_run_service

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
annotationsjsonbUnstructured key value map that may be set by external tools to store and arbitrary metadata.
binary_authorizationjsonbSettings for the Binary Authorization feature.
clienttextArbitrary identifier for the API client.
client_versiontextArbitrary version identifier for the API client.
conditionsjsonbThe Conditions of all other associated sub-resources.
create_timetimestamp with time zoneThe creation timestamp of the resource.
creatortextEmail address of the authenticated creator.
custom_audiencesjsonbOne or more custom audiences that you want this service to support.
delete_timetimestamp with time zoneThe deletion time.
descriptiontextUser-provided description of the Service.
etagtextA system-generated fingerprint for this version of the resource.
expire_timetimestamp with time zoneFor a deleted resource, the time after which it will be permamently deleted.
generationbigintA number that monotonically increases every time the user modifies the desired state.
iam_policyjsonbAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
ingresstextProvides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active.
labelsjsonbUnstructured key value map that can be used to organize and categorize objects.
last_modifiertextEmail address of the last authenticated modifier.
latest_created_revisiontextName of the last created revision. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
latest_ready_revisiontextName of the latest revision that is serving traffic. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
launch_stagetextThe launch stage as defined by Google Cloud Platform Launch Stages (https://cloud.google.com/terms/launch-stages). Cloud Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, GA is assumed.
locationtext=The GCP multi-region, region, or zone in which the resource is located.
nametext=The fully qualified name of this Service.
observed_generationtextThe generation of this Service currently serving traffic.
projecttext=, !=, ~~, ~~*, !~~, !~~*The GCP Project in which the resource is located.
reconcilingbooleanReturns true if the Service is currently being acted upon by the system to bring it into the desired state.
satisfies_pzsbooleanReserved for future use.
self_linktextThe server-defined URL for the resource.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
templatejsonbThe template used to create revisions for this Service.
terminal_conditionjsonbThe Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state.
titletextTitle of the resource.
trafficjsonbSpecifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest `Ready` Revision.
traffic_statusesjsonbDetailed status information for corresponding traffic targets.
traffic_tags_cleanup_thresholdbigintOverride the traffic tag threshold limit. Garbage collection will start cleaning up non-serving tagged traffic targets based on creation item. The default value is 2000.
uidtextServer assigned unique identifier for the trigger.
update_timetimestamp with time zoneThe last-modified time.
uritextThe main URI in which this Service is serving traffic.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp

You can pass the configuration to the command with the --config argument:

steampipe_export_gcp --config '<your_config>' gcp_cloud_run_service