Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.
You can currently query the following attributes and connections on an GCP Storage Bucket
query {
querygcpStorageBucket {
id
projectId
region
name
kind
selfLink
projectNumber
metageneration
location
storageClass
etag
defaultEventBasedHold
timeCreated
updated
labels {
id
key
value
}
iamConfiguration {
bucketPolicyOnly {
enabled
lockedTime
}
uniformBucketLevelAccess {
enabled
lockedTime
}
publicAccessPrevention
}
locationType
satisfiesPZS
rpo
baseUrl
pollIntervalMs
userProject
iamPolicy {
id
}
project {
name
}
}
}
Get data for a single GCP Storage Bucket that you know the ID for:
query {
getgcpStorageBucket(id: "12345") {
id
}
}
Get data for all of the GCP Storage Bucket in a certain GCP project:
query {
querygcpStorageBucket(filter: { projectId: { eq: "12345" } }) {
id
}
}
Get data for all of the GCP Storage Buckets that are NOT in a certain GCP project:
query {
querygcpStorageBucket(filter: { not: { projectId: { eq: "12345" } } }) {
id
}
}
Get data for all of the GCP Storage Buckets that have Policies:
query {
querygcpStorageBucket(filter: { has: iamConfiguration }) {
id
}
}
Use multiple filter selectors, (i.e. has, and, not, or) to get data for all of the GCP Storage Buckets that have IAM Policies AND defaultEventBasedHold OR that do not have Labels. Note that you can use has, and, not, or completely independently of each other:
query {
querygcpStorageBucket(
filter: {
has: iamPolicy
and: { has: defaultEventBasedHold }
or: { not: { has: labels } }
}
) {
id
}
}
You may also filter using a regex when filtering on a string field like, name if you want to look for a value that contains the word, public (case insensitive):
query {
querygcpStorageBucket(filter: { name: { regexp: "/.*public.*/i" } }) {
id
name
}
}
You can order the results you get back either asc or desc depending on your preference:
query {
querygcpStorageBucket(order: { desc: region }) {
region
}
}
Only select and return the first two GCP Storage Buckets that are found:
query {
querygcpStorageBucket(first: 2, order: { desc: region }) {
region
}
}
Only select and return the first two GCP Storage Buckets that are found, but offset by one so Storage Bucket two & three are returned:
query {
querygcpStorageBucket(first: 2, order: { desc: region }, offset: 1) {
region
}
}
Count the number of GCP Storage Buckets across all scanned GCP projects:
query {
aggregategcpStorageBucket {
count
}
}
Count the number of GCP Storage Buckets in a single project. Note that you can apply all of the same filters that are listed above to aggregate queries:
query {
aggregategcpStorageBucket(filter: { projectId: { eq: "12345" } }) {
count
}
}
Find all the GCP Storage Buckets in project 12345 in the us-east-1 region:
query {
querygcpStorageBucket(
filter: { projectId: { eq: "12345" }, region: { eq: "us-east-1" } }
) {
id
}
}
Find all of the GCP Storage Buckets that have a label of Environment:Production for a single GCP project:
query {
querygcpLabel(
filter: { key: { eq: "Environment" }, value: { eq: "Production" } }
) {
storageBucket(filter: { projectId: { eq: "12345" } }) {
id
}
}
}
With CloudGraph you can run multiple queries at the same time so you can combine the above two queries if you like:
query {
querygcpStorageBucket(
filter: { projectId: { eq: "12345" }, region: { eq: "us-east-1" } }
) {
id
}
querygcpLabel(
filter: { key: { eq: "Environment" }, value: { eq: "Production" } }
) {
storageBucket(filter: { projectId: { eq: "12345" } }) {
id
}
}
}
Putting it all together; get all data for all GCP Storage Buckets across all regions for all scanned GCP projects in a single query. For the purposes of this example we will only get direct children of the Storage Buckets:
query {
querygcpStorageBucket {
id
projectId
region
name
kind
selfLink
projectNumber
metageneration
location
storageClass
etag
defaultEventBasedHold
timeCreated
updated
labels {
id
key
value
}
iamConfiguration {
bucketPolicyOnly {
enabled
lockedTime
}
uniformBucketLevelAccess {
enabled
lockedTime
}
publicAccessPrevention
}
locationType
satisfiesPZS
rpo
baseUrl
pollIntervalMs
userProject
iamPolicy {
id
projectId
folderId
storageBucketId
cryptoKeyId
region
version
bindings {
id
role
members
condition {
expression
title
description
location
}
}
auditConfigs {
id
service
exemptedMembers
auditLogConfigs {
id
logType
exemptedMembers
}
}
etag
project {
name
}
folder {
name
}
storageBucket {
name
}
kmsCryptoKeys {
name
}
}
project {
id
name
parent
projectId
state
displayName
createTime
updateTime
deleteTime
etag
labels {
id
key
value
}
alertPolicies {
name
}
apiKeys {
name
}
cloudFunctions {
name
}
computeProject {
name
}
dnsManagedZones {
name
}
dnsPolicies {
name
}
bigQueryDataset {
name
}
bigQueryConnection {
name
}
bigQueryReservation {
name
}
bigQueryReservationCapacityCommitment {
name
}
bigQueryDataTransfer {
name
}
bigQueryDataTransferRun {
name
}
vpcConnectors {
name
}
kmsKeyRing {
name
}
cloudRouters {
name
}
iamPolicies {
id
}
logBuckets {
name
}
logMetrics {
name
}
logViews {
name
}
logSinks {
name
}
storageBuckets {
name
}
firewalls {
name
}
folder {
name
}
organization {
name
}
secrets {
name
}
sslPolicies {
name
}
networks {
name
}
subnets {
name
}
targetSslProxies {
name
}
targetHttpsProxies {
name
}
vmInstances {
name
}
assets {
name
}
sqlInstances {
name
}
serviceAccounts {
name
}
kmsCryptoKeys {
name
}
dataprocClusters {
name
}
dataprocAutoscalingPolicies {
name
}
dataprocJobs {
name
}
dataprocWorkflowTemplates {
name
}
}
}
}
