Table: gcp_project_organization_policy - Query GCP Project Organization Policies using SQL
A Project Organization Policy in Google Cloud Platform (GCP) is a service that gives you the ability to manage and enforce consistent policy across your GCP resources. This service can be used to set fine-grained, resource-level policies anywhere in your resource hierarchy. It provides a simple and consistent way to manage and enforce organization-wide policies for your GCP resources.
Table Usage Guide
The gcp_project_organization_policy table provides insights into Project Organization Policies within Google Cloud Platform (GCP). As a cloud engineer, explore policy-specific details through this table, including policy types, enforcement levels, and associated metadata. Utilize it to uncover information about policies, such as those with custom configurations, the hierarchical level of enforcement, and the verification of policy constraints.
Examples
Basic info
Explore which Google Cloud Platform (GCP) projects have recently been updated, including their unique identifiers and version numbers. This is useful for maintaining an overview of project changes and ensuring they are up-to-date.
select id, version, update_timefrom gcp_project_organization_policy;select id, version, update_timefrom gcp_project_organization_policy;Get organization policy constraints for each policy
Explore which organization policy constraints are applied to each policy within your Google Cloud Platform project. This can help in assessing the current policy configuration and ensure they align with your organization's security and compliance requirements.
select id, version, list_policy ->> 'allValues' as policy_valuefrom gcp_project_organization_policy;select id, version, json_extract(list_policy, '$.allValues') as policy_valuefrom gcp_project_organization_policy;Schema for gcp_project_organization_policy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| boolean_policy | jsonb | For boolean Constraints, whether to enforce the Constraint or not. | |
| etag | text | An opaque tag indicating the current version of the Policy, used for concurrency control. | |
| id | text | = | The name of the Constraint the Policy is configuring. |
| list_policy | jsonb | List of values either allowed or disallowed. | |
| location | text | The GCP multi-region, region, or zone in which the resource is located. | |
| project | text | =, !=, ~~, ~~*, !~~, !~~* | The GCP Project in which the resource is located. |
| restore_default | jsonb | Restores the default behavior of the constraint; independent of Constraint type. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| title | text | Title of the resource. | |
| update_time | timestamp with time zone | The time stamp the Policy was previously updated. | |
| version | bigint | Version of the Policy. Default version is 0. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcpYou can pass the configuration to the command with the --config argument:
steampipe_export_gcp --config '<your_config>' gcp_project_organization_policy