turbot/gcp

GitHub
steampipe plugin install gcpsteampipe plugin install gcp
gcp_apikeys_keygcp_audit_policygcp_bigquery_datasetgcp_bigquery_jobgcp_bigquery_tablegcp_bigtable_instancegcp_cloudfunctions_functiongcp_compute_addressgcp_compute_autoscalergcp_compute_backend_bucketgcp_compute_backend_servicegcp_compute_diskgcp_compute_disk_metric_read_opsgcp_compute_disk_metric_read_ops_dailygcp_compute_disk_metric_read_ops_hourlygcp_compute_disk_metric_write_opsgcp_compute_disk_metric_write_ops_dailygcp_compute_disk_metric_write_ops_hourlygcp_compute_firewallgcp_compute_forwarding_rulegcp_compute_global_addressgcp_compute_global_forwarding_rulegcp_compute_ha_vpn_gatewaygcp_compute_imagegcp_compute_instancegcp_compute_instance_groupgcp_compute_instance_metric_cpu_utilizationgcp_compute_instance_metric_cpu_utilization_dailygcp_compute_instance_metric_cpu_utilization_hourlygcp_compute_instance_templategcp_compute_machine_typegcp_compute_networkgcp_compute_node_groupgcp_compute_node_templategcp_compute_project_metadatagcp_compute_regiongcp_compute_resource_policygcp_compute_routegcp_compute_routergcp_compute_snapshotgcp_compute_ssl_policygcp_compute_subnetworkgcp_compute_target_https_proxygcp_compute_target_poolgcp_compute_target_ssl_proxygcp_compute_target_vpn_gatewaygcp_compute_url_mapgcp_compute_vpn_tunnelgcp_compute_zonegcp_dataproc_clustergcp_dns_managed_zonegcp_dns_policygcp_dns_record_setgcp_iam_policygcp_iam_rolegcp_kms_keygcp_kms_key_ringgcp_kms_key_versiongcp_kubernetes_clustergcp_kubernetes_node_poolgcp_logging_bucketgcp_logging_exclusiongcp_logging_metricgcp_logging_sinkgcp_monitoring_alert_policygcp_monitoring_groupgcp_monitoring_notification_channelgcp_organizationgcp_projectgcp_project_organization_policygcp_project_servicegcp_pubsub_snapshotgcp_pubsub_subscriptiongcp_pubsub_topicgcp_service_accountgcp_service_account_keygcp_sql_backupgcp_sql_databasegcp_sql_database_instancegcp_sql_database_instance_metric_connectionsgcp_sql_database_instance_metric_connections_dailygcp_sql_database_instance_metric_connections_hourlygcp_sql_database_instance_metric_cpu_utilizationgcp_sql_database_instance_metric_cpu_utilization_dailygcp_sql_database_instance_metric_cpu_utilization_hourlygcp_storage_bucket

Table: gcp_service_account_key

Service Account Keys are public/private RSA key pairs which are used to authenticate to Google Cloud APIs.

Examples

List of service accounts using user managed keys

select
service_account_name as service_account,
title,
key_type
from
gcp_service_account_key
where
key_type = 'USER_MANAGED';

Validity time for the service account keys

select
title,
service_account_name as service_account,
valid_after_time,
valid_before_time
from
gcp_service_account_key;

Get public key data for a service account key

select
name,
key_type,
key_origin,
public_key_data_raw,
public_key_data_pem
from
gcp_service_account_key
where
service_account_name = 'test@myproject.iam.gserviceaccount.com';

Query examples

.inspect gcp_service_account_key

GCP Service Account Key

NameTypeDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
key_algorithmtextSpecifies the algorithm (and possibly key size) for the key.
key_origintextSpecifies the origin of the key.
key_typetextThe type of the service account key.
locationtextThe GCP multi-region, region, or zone in which the resource is located.
nametextThe friendly name that identifies the service account key.
projecttextThe GCP Project in which the resource is located.
public_key_data_pemtextSpecifies the public key data in PEM format.
public_key_data_rawtextSpecifies the public key data in raw format.
service_account_nametextService account in which the key is located.
titletextTitle of the resource.
valid_after_timetimestamp with time zoneSpecifies the timestamp, after which the key can be used.
valid_before_timetimestamp with time zoneSpecifies the timestamp, after which the key gets invalid.