turbot/gcp

steampipe plugin install gcpsteampipe plugin install gcp
gcp_audit_policygcp_bigquery_datasetgcp_bigquery_jobgcp_bigquery_tablegcp_bigtable_instancegcp_cloudfunctions_functiongcp_compute_addressgcp_compute_backend_bucketgcp_compute_backend_servicegcp_compute_diskgcp_compute_disk_metric_read_opsgcp_compute_disk_metric_read_ops_dailygcp_compute_disk_metric_read_ops_hourlygcp_compute_disk_metric_write_opsgcp_compute_disk_metric_write_ops_dailygcp_compute_disk_metric_write_ops_hourlygcp_compute_firewallgcp_compute_forwarding_rulegcp_compute_global_addressgcp_compute_global_forwarding_rulegcp_compute_imagegcp_compute_instancegcp_compute_instance_metric_cpu_utilizationgcp_compute_instance_metric_cpu_utilization_dailygcp_compute_instance_metric_cpu_utilization_hourlygcp_compute_instance_templategcp_compute_machine_typegcp_compute_networkgcp_compute_node_groupgcp_compute_node_templategcp_compute_project_metadatagcp_compute_regiongcp_compute_resource_policygcp_compute_routergcp_compute_snapshotgcp_compute_ssl_policygcp_compute_subnetworkgcp_compute_target_https_proxygcp_compute_target_poolgcp_compute_target_ssl_proxygcp_compute_target_vpn_gatewaygcp_compute_url_mapgcp_compute_vpn_tunnelgcp_compute_zonegcp_dns_managed_zonegcp_dns_policygcp_dns_record_setgcp_iam_policygcp_iam_rolegcp_kms_keygcp_kms_key_ringgcp_kubernetes_clustergcp_kubernetes_node_poolgcp_logging_bucketgcp_logging_exclusiongcp_logging_metricgcp_logging_sinkgcp_monitoring_alert_policygcp_monitoring_groupgcp_monitoring_notification_channelgcp_organizationgcp_projectgcp_project_organization_policygcp_project_servicegcp_pubsub_snapshotgcp_pubsub_subscriptiongcp_pubsub_topicgcp_service_accountgcp_service_account_keygcp_sql_backupgcp_sql_databasegcp_sql_database_instancegcp_sql_database_instance_metric_connectionsgcp_sql_database_instance_metric_connections_dailygcp_sql_database_instance_metric_connections_hourlygcp_sql_database_instance_metric_cpu_utilizationgcp_sql_database_instance_metric_cpu_utilization_dailygcp_sql_database_instance_metric_cpu_utilization_hourlygcp_storage_bucket

Table: gcp_storage_bucket

Storage buckets are the basic containers that hold data. Everything that you store in cloud Storage must be contained in a bucket.

Examples

List of buckets where versioning is not enabled

select
name,
location,
versioning_enabled
from
gcp_storage_bucket
where
not versioning_enabled;

List of members and their associated iam roles for the bucket

select
name,
location,
p -> 'members' as member,
p ->> 'role' as role
from
gcp_storage_bucket,
jsonb_array_elements(iam_policy -> 'bindings') as p;

Lifecycle rule of each storage bucket

select
name,
p -> 'action' ->> 'storageClass' as storage_class,
p -> 'action' ->> 'type' as action_type,
p -> 'condition' ->> 'age' as age_in_days
from
gcp_storage_bucket,
jsonb_array_elements(lifecycle_rules) as p;

List of storage buckets whose retention period is less than 7 days

select
name,
retention_policy ->> 'retentionPeriod' as retention_period
from
gcp_storage_bucket
where
retention_policy ->> 'retentionPeriod' < 604800 :: text;

.inspect gcp_storage_bucket

GCP Storage Bucket

NameTypeDescription
acljsonbAn access-control list
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
billing_requester_paysbooleanWhen set to true, Requester Pays is enabled for this bucket.
corsjsonbThe bucket's Cross-Origin Resource Sharing (CORS) configuration.
default_event_based_holdbooleanThe default value for event-based hold on newly created objects in this bucket. Event-based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any).
default_kms_key_nametextA Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified.
default_object_acljsonbLists of object access control entries
etagtextHTTP 1.1 Entity tag for the bucket.
iam_configuration_bucket_policy_only_enabledbooleanThe bucket's uniform bucket-level access configuration. The feature was formerly known as Bucket Policy Only. For backward compatibility, this field will be populated with identical information as the uniformBucketLevelAccess field.
iam_configuration_public_access_preventiontextThe bucket's Public Access Prevention configuration. Currently, 'unspecified' and 'enforced' are supported.
iam_configuration_uniform_bucket_level_access_enabledbooleanThe bucket's uniform bucket-level access configuration.
iam_policyjsonbAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`.
idtextThe ID of the bucket. For buckets, the id and name properties are the same.
kindtextThe kind of item this is. For buckets, this is always storage#bucket.
labelsjsonbLabels that apply to this bucket.
lifecycle_rulesjsonbThe bucket's lifecycle configuration. See lifecycle management for more information.
locationtextThe GCP multi-region, region, or zone in which the resource is located.
location_typetextThe type of the bucket location.
log_buckettextThe destination bucket where the current bucket's logs should be placed.
log_object_prefixtextA prefix for log object names.
metagenerationbigintThe metadata generation of this bucket.
nametextThe name of the bucket.
owner_entitytextThe entity, in the form project-owner-projectId. This is always the project team's owner group.
owner_entity_idtextThe ID for the entity.
projecttextThe GCP Project in which the resource is located.
project_numberdouble precisionThe project number of the project the bucket belongs to.
retention_policyjsonbThe bucket's retention policy. The retention policy enforces a minimum retention time for all objects contained in the bucket, based on their creation time. Any attempt to overwrite or delete objects younger than the retention period will result in a PERMISSION_DENIED error.
self_linktextThe URI of this bucket.
storage_classtextThe bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD.
tagsjsonbA map of tags for the resource.
time_createdtimestamp without time zoneThe creation time of the bucket in RFC 3339 format.
titletextTitle of the resource.
updatedtimestamp without time zoneThe modification time of the bucket.
versioning_enabledbooleanWhile set to true, versioning is fully enabled for this bucket.
website_main_page_suffixtextIf the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.
website_not_found_pagetextIf the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.