steampipe plugin install gcpsteampipe plugin install gcp

Table: gcp_storage_bucket

Storage buckets are the basic containers that hold data. Everything that you store in cloud Storage must be contained in a bucket.


List of buckets where versioning is not enabled

not versioning_enabled;

List of members and their associated iam roles for the bucket

p -> 'members' as member,
p ->> 'role' as role
jsonb_array_elements(iam_policy -> 'bindings') as p;

Lifecycle rule of each storage bucket

p -> 'action' ->> 'storageClass' as storage_class,
p -> 'action' ->> 'type' as action_type,
p -> 'condition' ->> 'age' as age_in_days
jsonb_array_elements(lifecycle_rules) as p;

List of storage buckets whose retention period is less than 7 days

retention_policy ->> 'retentionPeriod' as retention_period
retention_policy ->> 'retentionPeriod' < 604800 :: text;

.inspect gcp_storage_bucket

GCP Storage Bucket

acljsonbAn access-control list
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
billing_requester_paysbooleanWhen set to true, Requester Pays is enabled for this bucket.
corsjsonbThe bucket's Cross-Origin Resource Sharing (CORS) configuration.
default_event_based_holdbooleanThe default value for event-based hold on newly created objects in this bucket. Event-based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any).
default_kms_key_nametextA Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified.
default_object_acljsonbLists of object access control entries
etagtextHTTP 1.1 Entity tag for the bucket.
iam_configuration_bucket_policy_only_enabledbooleanThe bucket's uniform bucket-level access configuration. The feature was formerly known as Bucket Policy Only. For backward compatibility, this field will be populated with identical information as the uniformBucketLevelAccess field.
iam_configuration_public_access_preventiontextThe bucket's Public Access Prevention configuration. Currently, 'unspecified' and 'enforced' are supported.
iam_configuration_uniform_bucket_level_access_enabledbooleanThe bucket's uniform bucket-level access configuration.
iam_policyjsonbAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`.
idtextThe ID of the bucket. For buckets, the id and name properties are the same.
kindtextThe kind of item this is. For buckets, this is always storage#bucket.
labelsjsonbLabels that apply to this bucket.
lifecycle_rulesjsonbThe bucket's lifecycle configuration. See lifecycle management for more information.
locationtextThe GCP multi-region, region, or zone in which the resource is located.
location_typetextThe type of the bucket location.
log_buckettextThe destination bucket where the current bucket's logs should be placed.
log_object_prefixtextA prefix for log object names.
metagenerationbigintThe metadata generation of this bucket.
nametextThe name of the bucket.
owner_entitytextThe entity, in the form project-owner-projectId. This is always the project team's owner group.
owner_entity_idtextThe ID for the entity.
projecttextThe GCP Project in which the resource is located.
project_numberdouble precisionThe project number of the project the bucket belongs to.
retention_policyjsonbThe bucket's retention policy. The retention policy enforces a minimum retention time for all objects contained in the bucket, based on their creation time. Any attempt to overwrite or delete objects younger than the retention period will result in a PERMISSION_DENIED error.
self_linktextThe URI of this bucket.
storage_classtextThe bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD.
tagsjsonbA map of tags for the resource.
time_createdtimestamp without time zoneThe creation time of the bucket in RFC 3339 format.
titletextTitle of the resource.
updatedtimestamp without time zoneThe modification time of the bucket.
versioning_enabledbooleanWhile set to true, versioning is fully enabled for this bucket.
website_main_page_suffixtextIf the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.
website_not_found_pagetextIf the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.