Table: gcp_compute_disks

This table shows data for GCP Compute Disks.

https://cloud.google.com/compute/docs/reference/rest/v1/disks#Disk (opens in a new tab)

The primary key for this table is self_link.

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
project_idutf8
architectureutf8
async_primary_diskjson
async_secondary_disksjson
creation_timestamputf8
descriptionutf8
disk_encryption_keyjson
guest_os_featuresjson
idint64
kindutf8
label_fingerprintutf8
labelsjson
last_attach_timestamputf8
last_detach_timestamputf8
license_codeslist<item: int64, nullable>
licenseslist<item: utf8, nullable>
location_hintutf8
nameutf8
optionsutf8
paramsjson
physical_block_size_bytesint64
provisioned_iopsint64
provisioned_throughputint64
regionutf8
replica_zoneslist<item: utf8, nullable>
resource_policieslist<item: utf8, nullable>
resource_statusjson
satisfies_pzsbool
self_link (PK)utf8
size_gbint64
source_consistency_group_policyutf8
source_consistency_group_policy_idutf8
source_diskutf8
source_disk_idutf8
source_imageutf8
source_image_encryption_keyjson
source_image_idutf8
source_snapshotutf8
source_snapshot_encryption_keyjson
source_snapshot_idutf8
source_storage_objectutf8
statusutf8
typeutf8
userslist<item: utf8, nullable>
zoneutf8

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

Ensure VM disks for critical VMs are encrypted with Customer-Supplied Encryption Keys (CSEK) (Automated)

SELECT
  name AS resource_id,
  'Ensure VM disks for critical VMs are encrypted with Customer-Supplied Encryption Keys (CSEK) (Automated)'
    AS title,
  project_id AS project_id,
  CASE
  WHEN (disk_encryption_key->>'sha256') IS NULL
  OR disk_encryption_key->>'sha256' = ''
  OR (source_image_encryption_key->>'kms_key_name') IS NULL
  OR source_image_encryption_key->>'kms_key_name' = ''
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  gcp_compute_disks;