steampipe plugin install gcp

Table: gcp_compute_project_metadata - Query Google Cloud Compute Engine Project Metadata using SQL

Google Cloud Compute Engine Project Metadata is a set of data about a Google Cloud Compute Engine project. It includes common instance metadata that applies to all instances in the project, and enable-oslogin metadata that controls the OS Login feature for all instances in the project. This metadata can be used to configure or manage the behavior of the instances in the project.

Table Usage Guide

The gcp_compute_project_metadata table provides insights into the metadata of projects within Google Cloud Compute Engine. As a Cloud Engineer, you can explore project-specific details through this table, including common instance metadata and enable-oslogin metadata. Utilize it to manage and configure the behavior of all instances in your projects, and to control the OS Login feature for all instances.

Examples

Basic info

Analyze the settings to understand the default service accounts and their creation timestamps within your Google Cloud Platform project. This can help you manage your resources and monitor any changes made over time.

select
name,
id,
default_service_account,
creation_timestamp
from
gcp_compute_project_metadata;
select
name,
id,
default_service_account,
creation_timestamp
from
gcp_compute_project_metadata;

Check if OS Login is enabled for Linux instances in the project

Determine the areas in which OS Login is not activated for Linux instances within a project. This insight can help enhance security by ensuring that all instances are properly configured for OS Login.

select
name,
id
from
gcp_compute_project_metadata,
jsonb_array_elements(common_instance_metadata -> 'items') as q
where
common_instance_metadata -> 'items' @> '[{"key": "enable-oslogin"}]'
and q ->> 'key' ilike 'enable-oslogin'
and q ->> 'value' not ilike 'TRUE';
select
m.name,
m.id
from
gcp_compute_project_metadata as m,
json_each(common_instance_metadata, '$.items') as q
where
json_extract(common_instance_metadata, '$.items') like '%"key": "enable-oslogin"%'
and json_extract(q.value, '$.key') like 'enable-oslogin'
and json_extract(q.value, '$.value') not like 'TRUE';

Schema for gcp_compute_project_metadata

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
common_instance_metadatajsonbMetadata key/value pairs available to all instances contained in this project.
creation_timestamptimestamp with time zoneCreation timestamp in RFC3339 text format.
default_network_tiertextThis signifies the default network tier used for configuring resources of the project and can only take the following values: PREMIUM, STANDARD.
default_service_accounttextDefault service account used by VMs running in this project.
descriptiontextAn optional textual description of the resource.
enabled_featuresjsonbRestricted features enabled for use on this project.
idtextThe unique identifier for the resource.
kindtextThe type of the resource.
locationtextThe GCP multi-region, region, or zone in which the resource is located.
nametextThe ID of the project.
projecttext=, !=, ~~, ~~*, !~~, !~~*The GCP Project in which the resource is located.
quotasjsonbQuotas assigned to this project.
self_linktextServer-defined URL for the resource.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.
usage_export_locationjsonbThe naming prefix for daily usage reports and the Google Cloud Storage bucket where they are stored.
xpn_project_statustextThe role this project has in a shared VPC configuration.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp

You can pass the configuration to the command with the --config argument:

steampipe_export_gcp --config '<your_config>' gcp_compute_project_metadata