steampipe plugin install gcp

Table: gcp_project_organization_policy - Query GCP Project Organization Policies using SQL

A Project Organization Policy in Google Cloud Platform (GCP) is a service that gives you the ability to manage and enforce consistent policy across your GCP resources. This service can be used to set fine-grained, resource-level policies anywhere in your resource hierarchy. It provides a simple and consistent way to manage and enforce organization-wide policies for your GCP resources.

Table Usage Guide

The gcp_project_organization_policy table provides insights into Project Organization Policies within Google Cloud Platform (GCP). As a cloud engineer, explore policy-specific details through this table, including policy types, enforcement levels, and associated metadata. Utilize it to uncover information about policies, such as those with custom configurations, the hierarchical level of enforcement, and the verification of policy constraints.

Examples

Basic info

Explore which Google Cloud Platform (GCP) projects have recently been updated, including their unique identifiers and version numbers. This is useful for maintaining an overview of project changes and ensuring they are up-to-date.

select
id,
version,
update_time
from
gcp_project_organization_policy;
select
id,
version,
update_time
from
gcp_project_organization_policy;

Get organization policy constraints for each policy

Explore which organization policy constraints are applied to each policy within your Google Cloud Platform project. This can help in assessing the current policy configuration and ensure they align with your organization's security and compliance requirements.

select
id,
version,
list_policy ->> 'allValues' as policy_value
from
gcp_project_organization_policy;
select
id,
version,
json_extract(list_policy, '$.allValues') as policy_value
from
gcp_project_organization_policy;

Schema for gcp_project_organization_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
boolean_policyjsonbFor boolean Constraints, whether to enforce the Constraint or not.
etagtextAn opaque tag indicating the current version of the Policy, used for concurrency control.
idtext=The name of the Constraint the Policy is configuring.
list_policyjsonbList of values either allowed or disallowed.
locationtextThe GCP multi-region, region, or zone in which the resource is located.
projecttext=, !=, ~~, ~~*, !~~, !~~*The GCP Project in which the resource is located.
restore_defaultjsonbRestores the default behavior of the constraint; independent of Constraint type.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.
update_timetimestamp with time zoneThe time stamp the Policy was previously updated.
versionbigintVersion of the Policy. Default version is 0.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp

You can pass the configuration to the command with the --config argument:

steampipe_export_gcp --config '<your_config>' gcp_project_organization_policy