turbot/gcp

steampipe plugin install gcpsteampipe plugin install gcp
On This Page
Get Involved

Table: gcp_iam_policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. ... Members can be user accounts, service accounts, Google groups, and domains (such as G Suite).

Examples

List of project members with their roles

select
entity,
p ->> 'role' as role
from
gcp_iam_policy,
jsonb_array_elements(bindings) as p,
jsonb_array_elements_text(p -> 'members') as entity;

List of members with owner roles

select
entity,
p ->> 'role' as role
from
gcp_iam_policy,
jsonb_array_elements(bindings) as p,
jsonb_array_elements_text(p -> 'members') as entity
where
split_part(p ->> 'role', '/', 2) = 'owner';

.inspect gcp_iam_policy

GCP IAM Policy

NameTypeDescription
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
bindingsjsonbA list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
etagtextEtag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
locationtextThe GCP multi-region, region, or zone in which the resource is located.
projecttextThe GCP Project in which the resource is located.
titletextTitle of the resource.
versionbigintVersion specifies the format of the policy. Valid values are `0`, `1`, and `3`.