{"resources":{"gcloud":{"id":"gcloud","fields":{"compute":{"name":"compute","type":"\u001bgcloud.compute","title":"Google Cloud (GCP) Compute Engine","desc":"Use this resource as the entry point for Compute Engine in the project. It hosts the compute surface (`instances`, `disks`, `snapshots`, `images`, `instanceTemplates`, `instanceGroups`, `instanceGroupManagers`, `machineTypes`, `storagePools`), the VPC networking layer (`networks`, `subnetworks`, `routers`, `routes`, `firewalls`, `firewallPolicies`, `addresses`), load balancing (`backendServices`, `backendBuckets`, `urlMaps`, the `target*Proxies`, `forwardingRules`, `healthChecks`, `targetPools`, `networkEndpointGroups`), hybrid connectivity (`vpnGateways`, `vpnTunnels`, `externalVpnGateways`, `interconnects`, `interconnectAttachments`), and security controls (`securityPolicies` for Cloud Armor, `sslPolicies`, `sslCertificates`, `packetMirrorings`). `hasDefaultNetwork` audits whether the auto-created `default` VPC network still exists.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"organization":{"name":"organization","type":"\u001bgcloud.organization","title":"Google Cloud organization","desc":"Examine the Cloud Resource Manager organization that contains the account's folders, projects, IAM policy, and Security Command Center configuration. Surfaces the organization ID, name, lifecycle state, the IAM `iamPolicy` and `auditConfig` bindings, the `orgPolicies` applied across the org tree, the access-approval settings, and the child `folders()` and `projects()`. The Security Command Center accessors (`sccSources`, `sccFindings`, `sccNotificationConfigs`, `sccMuteConfigs`, `sccBigQueryExports`, `sccOrganizationSettings`) expose SCC posture across all sources, `accessPolicies()` returns the VPC Service Controls access policies bound to the org, and `customConstraints()` lists the custom Organization Policy constraints defined on it.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"project":{"name":"project","type":"\u001bgcloud.project","title":"Google Cloud project","desc":"Examine a Google Cloud project — the resource container that owns every Compute, Storage, IAM, GKE, BigQuery, Cloud SQL, and other service-specific deployment in the account. Surfaces the project ID and number, lifecycle state, labels, parent organization or folder, the IAM policy and audit-log configuration (with the `hasPublicIamBinding`, `primitiveRoleBindings`, and `dataAccessLoggingEnabled` predicates that drive CIS controls 1.x and 2.1), enabled `services()`, recommendations, the project's `essentialContacts` and `apiKeys`, and the access-approval settings. Service-specific entry points hang off the project as accessor methods — `compute()`, `gke()`, `storage()`, `sql()`, `dns()`, `bigquery()`, `iam()`, `kms()`, `pubsub()`, `cloudFunctions()`, `cloudRun()`, `dataproc()`, `dataflow()`, `firestore()`, `spanner()`, `bigtable()`, `alloydb()`, `redis()`, `secretmanager()`, `binaryAuthorization()`, `monitoring()`, `logging()`, and many others — letting you traverse from a single project into every modeled service it uses.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"resourcemanager":{"name":"resourcemanager","type":"\u001bgcloud.resourcemanager","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sql":{"name":"sql","type":"\u001bgcloud.sql","title":"Google Cloud (GCP) Cloud SQL","desc":"Use this resource as the entry point for Cloud SQL in the project. It hosts the managed-database `instances` — each exposing its database engine and version, connection settings, automated backup configuration, SSL/TLS enforcement, authorized networks, and database flags for relational-database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"storage":{"name":"storage","type":"\u001bgcloud.storage","title":"Google Cloud (GCP) Cloud Storage","desc":"Use this resource as the entry point for Cloud Storage in the project. It hosts the project's `buckets`, each exposing its IAM policy, uniform bucket-level access setting, public-access prevention, retention and versioning policies, default encryption key, and lifecycle rules for object-storage audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"is_extension":true},"gcloud.compute":{"id":"gcp.project.computeService","name":"gcp.project.computeService","fields":{"address":{"name":"address","type":"\u001bgcp.project.computeService.address","title":"Google Cloud (GCP) Compute Engine static IP address","desc":"Examine a reserved static IP address (external or internal). Surfaces the `address` value, `addressType`, `ipVersion`, `purpose` (EXTERNAL, GCE_ENDPOINT, SHARED_LOADBALANCER_VIP, etc.), `networkTier`, `status`, and `prefixLength` for IP-range reservations. The typed `network()` and `subnetwork()` accessors link to the VPC resources the address is scoped to, and `resourceUrls` lists the compute resources currently using the address.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"addresses":{"name":"addresses","type":"\u0019\u001bgcp.project.computeService.address","title":"List of IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"attachedDisk":{"name":"attachedDisk","type":"\u001bgcp.project.computeService.attachedDisk","title":"Google Cloud (GCP) Compute attached disk","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backendBucket":{"name":"backendBucket","type":"\u001bgcp.project.computeService.backendBucket","title":"Google Cloud (GCP) Compute backend bucket","desc":"Examine a Compute Engine backend bucket: the backing Cloud Storage bucket name, whether Cloud CDN is enabled, the CDN policy configuration, compression mode (AUTOMATIC, DISABLED), custom response headers, and the edge security policy URL.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backendBuckets":{"name":"backendBuckets","type":"\u0019\u001bgcp.project.computeService.backendBucket","title":"Cloud Storage backend buckets for CDN/load balancing","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backendService":{"name":"backendService","type":"\u001bgcp.project.computeService.backendService","title":"Google Compute Engine backend service","desc":"Examine a load-balancer backend service's configuration and security posture. Surfaces the `loadBalancingScheme`, `protocol`, `backends()` (instance groups or NEGs), `healthChecks`, session-affinity settings, Cloud CDN policy (`cdnPolicy`), Identity-Aware Proxy configuration (`iap`), and the attached Cloud Armor `securityPolicy()`. Derived predicates `cloudArmorEnabled()` and `iapEnabled()` provide quick posture checks. The `network()` reference links to the VPC the service is deployed in.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backendServices":{"name":"backendServices","type":"\u0019\u001bgcp.project.computeService.backendService","title":"List of backend services","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disk":{"name":"disk","type":"\u001bgcp.project.computeService.disk","title":"Google Cloud (GCP) Compute Engine persistent disk","desc":"Examine a Compute Engine persistent disk and its security configuration. Surfaces the disk `type` (pd-standard, pd-ssd, pd-balanced, etc.), `sizeGb`, `status`, attached instance `users`, and the `zone` or `region` of the disk. Audit encryption posture via `diskEncryptionKey` and the typed `kmsKey()` accessor for customer-managed keys, and `enableConfidentialCompute` for Confidential VM disks. The `sourceImage()` and `sourceSnapshot()` accessors identify what the disk was created from, and `storagePool()` links to the provisioned storage pool when applicable.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"disks":{"name":"disks","type":"\u0019\u001bgcp.project.computeService.disk","title":"Google Compute Engine disks in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabled":{"name":"enabled","type":"\u0004","title":"Whether the service is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalVpnGateway":{"name":"externalVpnGateway","type":"\u001bgcp.project.computeService.externalVpnGateway","title":"Google Cloud (GCP) Compute external VPN gateway (peer/customer-side)","desc":"Examine the peer-side VPN gateway used in a Cloud VPN configuration: its redundancy type (SINGLE_IP_INTERNALLY_REDUNDANT, TWO_IPS_REDUNDANCY, FOUR_IPS_REDUNDANCY), the IP addresses of the peer gateway's interfaces, and resource labels.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"externalVpnGateways":{"name":"externalVpnGateways","type":"\u0019\u001bgcp.project.computeService.externalVpnGateway","title":"External (peer/customer-side) VPN gateways","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firewall":{"name":"firewall","type":"\u001bgcp.project.computeService.firewall","title":"Google Compute Engine VPC firewall rule","desc":"Examine a Compute Engine firewall rule's traffic-filtering configuration. Surfaces the rule `direction` (INGRESS / EGRESS), `priority`, `disabled` state, `sourceRanges`, `destinationRanges`, target and source tags and service accounts, `allowed` and `denied` protocol/port lists, and log configuration. Derived predicates — `openToInternet()`, `allowsSshFromInternet()`, and `allowsRdpFromInternet()` — flag the most common exposure patterns. The `network()` reference links to the VPC the rule belongs to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firewallPolicies":{"name":"firewallPolicies","type":"\u0019\u001bgcp.project.computeService.firewallPolicy","title":"Network firewall policies","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firewallPolicy":{"name":"firewallPolicy","type":"\u001bgcp.project.computeService.firewallPolicy","title":"Google Cloud (GCP) Compute network firewall policy","desc":"Examine a Compute Engine network firewall policy — a hierarchical or global/regional policy containing an ordered set of firewall rules that can be associated with multiple VPC networks. Query its `ruleTupleCount` (total rule tuples consumed toward the quota), `associations` (the networks and scopes the policy is attached to), and `regionUrl` (empty for global policies). Drill into `rules` for the ordered allow, deny, and goto-next rules.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firewalls":{"name":"firewalls","type":"\u0019\u001bgcp.project.computeService.firewall","title":"Google Compute Engine firewalls in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"forwardingRule":{"name":"forwardingRule","type":"\u001bgcp.project.computeService.forwardingRule","title":"Google Cloud (GCP) Compute Engine forwarding rule","desc":"Examine a load-balancer forwarding rule that routes incoming traffic to a backend. Surfaces the `ipAddress`, `ipProtocol`, `portRange`, `ports`, `loadBalancingScheme`, `networkTier`, and `targetUrl` describing where traffic is sent. The typed `network()` and `subnetwork()` accessors link to the VPC resources the rule is scoped to. Audit Private Service Connect posture via `pscConnectionStatus` and `allowPscGlobalAccess`, and packet mirroring eligibility via `isMirroringCollector`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"forwardingRules":{"name":"forwardingRules","type":"\u0019\u001bgcp.project.computeService.forwardingRule","title":"List of forwarding rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasDefaultNetwork":{"name":"hasDefaultNetwork","type":"\u0004","title":"Whether the project still has the auto-created `default` VPC network — true when a network named \"default\" exists","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthCheck":{"name":"healthCheck","type":"\u001bgcp.project.computeService.healthCheck","title":"Google Cloud (GCP) Compute health check","desc":"Examine a Compute Engine health check: its protocol type (HTTP, HTTPS, TCP, SSL, HTTP2, GRPC), check interval and timeout, healthy and unhealthy thresholds, protocol-specific configuration (httpHealthCheck, httpsHealthCheck, tcpHealthCheck, sslHealthCheck, http2HealthCheck, grpcHealthCheck), logging configuration, and whether the check is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"healthChecks":{"name":"healthChecks","type":"\u0019\u001bgcp.project.computeService.healthCheck","title":"Health checks","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"image":{"name":"image","type":"\u001bgcp.project.computeService.image","title":"Google Compute Engine custom or public machine image","desc":"Examine a Compute Engine image's configuration, encryption posture, and access controls. Surfaces the image `family`, `architecture`, disk and archive sizes, `status`, confidential-compute flag, Protected Zone attributes, Cloud Storage `storageLocations`, source provenance (`sourceDisk()`, `sourceImage()`, `sourceSnapshot()`), the CMEK key protecting the image, the IAM policy — including any `allUsers` / `allAuthenticatedUsers` grants that make the image `public()` — and user-defined `labels`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"images":{"name":"images","type":"\u0019\u001bgcp.project.computeService.image","title":"Google Compute Engine images in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcloud.compute.instance","title":"Google Cloud Compute Engine instance","desc":"Examine a Compute Engine VM instance and the security-relevant configuration around it. Surfaces the machine type and CPU platform, the instance status and lifecycle, attached `disks` and `networkInterfaces`, the boot image, applied `labels` and `metadata`, the `serviceAccounts` bound to the instance, the `shieldedInstanceConfig` (Secure Boot, vTPM, integrity monitoring), the `confidentialInstanceConfig`, OS Config patch posture, and the scheduling and reservation affinity settings. The CIS-aligned predicates (`hasPublicIp`, `usesDefaultServiceAccount`, `hasFullCloudPlatformScope`, `blockProjectSshKeysEnabled`, `osLoginEnabled`, `serialPortEnabled`) collapse common posture checks into a single boolean field per audit.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceGroup":{"name":"instanceGroup","type":"\u001bgcp.project.computeService.instanceGroup","title":"Google Cloud (GCP) Compute instance group","desc":"Examine a Compute Engine instance group — a collection of VM instances that can be managed together for load balancing and autoscaling. Query its `size` (current instance count), `namedPorts` (protocol/port pairs registered for load balancing), attached `network` and `subnetwork`, and zone. Instance groups are either managed (backed by an `instanceGroupManager`) or unmanaged.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceGroupManager":{"name":"instanceGroupManager","type":"\u001bgcp.project.computeService.instanceGroupManager","title":"Google Cloud (GCP) Compute instance group manager (managed instance group)","desc":"Examine a Compute Engine managed instance group (MIG) — a group manager that maintains a fleet of identical VM instances from a single instance template. Query its `targetSize`, `currentActions` (creatingInstances, deletingInstances, recreatingInstances), `autoHealingPolicies` (health checks and initial delay), `statefulPolicy` (preserved disks and metadata), and group `status`. `instanceTemplateUrl` identifies the template used to create instances.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceGroupManagers":{"name":"instanceGroupManagers","type":"\u0019\u001bgcp.project.computeService.instanceGroupManager","title":"Instance group managers (managed instance groups)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceGroups":{"name":"instanceGroups","type":"\u0019\u001bgcp.project.computeService.instanceGroup","title":"Instance groups","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceTemplate":{"name":"instanceTemplate","type":"\u001bgcp.project.computeService.instanceTemplate","title":"Google Cloud (GCP) Compute instance template","desc":"Examine a Compute Engine instance template: the instance properties it defines (machine type, boot and data disks, network interfaces, service account, metadata, and scheduling options), whether it was derived from an existing instance, and its creation timestamp.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceTemplates":{"name":"instanceTemplates","type":"\u0019\u001bgcp.project.computeService.instanceTemplate","title":"Instance templates","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.computeService.instance","title":"Google Compute Engine instances in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnect":{"name":"interconnect","type":"\u001bgcp.project.computeService.interconnect","title":"Google Cloud (GCP) Compute Interconnect connection","desc":"Examine a Dedicated or Partner Interconnect connection: its type (DEDICATED, PARTNER), link type (10G_LR, 100G_LR), requested and provisioned link counts, administrative status, operational status, connection state (ACTIVE, UNPROVISIONED), Google and peer IP addresses for ping testing, NOC contact email, physical location, remote location for Cross-Cloud Interconnect, MACsec feature availability, attached VLAN attachment URLs, circuit information, expected outages, zone separation compliance, and resource labels.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"interconnectAttachment":{"name":"interconnectAttachment","type":"\u001bgcp.project.computeService.interconnectAttachment","title":"Google Cloud (GCP) Compute Interconnect Attachment (VLAN)","desc":"Examine a Dedicated or Partner Interconnect VLAN attachment: its type (DEDICATED, PARTNER, PARTNER_PROVIDER), state (ACTIVE, UNPROVISIONED, PENDING_PARTNER, DEFUNCT, PENDING_CUSTOMER), edge availability domain, bandwidth, VLAN tag (802.1Q), encryption mode (NONE, IPSEC), IPv4 and IPv6 addresses for the Cloud Router and customer router sides, stack type (IPV4_ONLY, IPV4_IPV6), the associated Interconnect connection and Cloud Router resources, and partner metadata.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"interconnectAttachments":{"name":"interconnectAttachments","type":"\u0019\u001bgcp.project.computeService.interconnectAttachment","title":"VLAN attachments over Interconnects","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnects":{"name":"interconnects","type":"\u0019\u001bgcp.project.computeService.interconnect","title":"Dedicated/Partner Interconnect connections","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineType":{"name":"machineType","type":"\u001bgcp.project.computeService.machineType","title":"Google Cloud (GCP) Compute Engine machine type","desc":"Examine a Compute Engine machine type and its hardware specification. Surfaces the `name`, `guestCpus`, `memoryMb`, `isSharedCpu`, maximum persistent-disk count and total size, and the `zone` it belongs to. Used for auditing instance right-sizing and validating that workloads run on approved machine families.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"machineTypes":{"name":"machineTypes","type":"\u0019\u001bgcp.project.computeService.machineType","title":"Google Compute Engine machine types in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Google Cloud VPC network","desc":"Examine a Compute Engine VPC network and the structural posture around it. Surfaces the network `mode` (legacy, custom, or auto), the `legacy` predicate, the `autoCreateSubnetworks` flag, the routing mode, MTU, IPv6/ULA settings, the network-firewall enforcement order, the attached firewall policy, peering configurations, and the `subnetworks()` defined in the network.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkEndpointGroup":{"name":"networkEndpointGroup","type":"\u001bgcp.project.computeService.networkEndpointGroup","title":"Google Cloud (GCP) Compute network endpoint group","desc":"Examine a Compute Engine Network Endpoint Group (NEG): its endpoint type (GCE_VM_IP, GCE_VM_IP_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT), default port, number of endpoints, the network and subnetwork it belongs to, serverless backend configuration (Cloud Run, App Engine, or Cloud Functions), PSC target service, and zone or region placement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkEndpointGroups":{"name":"networkEndpointGroups","type":"\u0019\u001bgcp.project.computeService.networkEndpointGroup","title":"Network endpoint groups","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networks":{"name":"networks","type":"\u0019\u001bgcp.project.computeService.network","title":"Google Compute Engine VPC network in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packetMirroring":{"name":"packetMirroring","type":"\u001bgcp.project.computeService.packetMirroring","title":"Google Cloud (GCP) Compute packet mirroring policy","desc":"Examine a Compute Engine packet mirroring policy: whether mirroring is enabled, its priority, the collector internal load balancer, the mirrored resources (specific instances, subnetworks, or tags), traffic filter configuration, and the network it applies to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"packetMirrorings":{"name":"packetMirrorings","type":"\u0019\u001bgcp.project.computeService.packetMirroring","title":"Packet mirroring policies","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectBlockProjectSshKeys":{"name":"projectBlockProjectSshKeys","type":"\u0004","title":"Whether project-wide SSH keys are blocked — project commonInstanceMetadata item 'block-project-ssh-keys' is TRUE","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectOsLoginEnabled":{"name":"projectOsLoginEnabled","type":"\u0004","title":"Whether OS Login is enabled project-wide — project commonInstanceMetadata item 'enable-oslogin' is TRUE","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectSerialPortEnabled":{"name":"projectSerialPortEnabled","type":"\u0004","title":"Whether serial port access is enabled project-wide — project commonInstanceMetadata item 'serial-port-enable' is TRUE","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicAdvertisedPrefix":{"name":"publicAdvertisedPrefix","type":"\u001bgcp.project.computeService.publicAdvertisedPrefix","title":"Google Cloud (GCP) Compute public advertised prefix (BYOIP)","desc":"Examine a Bring Your Own IP (BYOIP) public advertised prefix: the IP CIDR range being advertised, its validation status (INITIAL, PTR_CONFIGURED, VALIDATED, PREFIX_CONFIGURATION_COMPLETE, PREFIX_CONFIGURATION_IN_PROGRESS, PREFIX_REMOVAL_IN_PROGRESS, READY_TO_USE), the DNS verification IP, BYOIP API version, PDP scope (REGIONAL, GLOBAL), and any public delegated sub-prefixes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"publicAdvertisedPrefixes":{"name":"publicAdvertisedPrefixes","type":"\u0019\u001bgcp.project.computeService.publicAdvertisedPrefix","title":"BYOIP public advertised prefixes","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Google Cloud (GCP) Compute Engine region","desc":"Examine a Compute Engine region and its capacity posture. Surfaces the region `name`, `status`, creation timestamp, per-resource `quotas` (CPU, disk, instances, etc.) as a name-to-float map, deprecation status, and whether the region supports Protected Zone Separation (`supportsPzs`).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"regions":{"name":"regions","type":"\u0019\u001bgcp.project.computeService.region","title":"Project regions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"route":{"name":"route","type":"\u001bgcp.project.computeService.route","title":"Google Cloud (GCP) Compute static route","desc":"Examine a Compute Engine route: its destination IP range, priority (0-65535), the network it belongs to, the next hop (gateway, instance, IP address, VPN tunnel, ILB forwarding rule, or NCC hub), the instance tags that scope the route, route type (STATIC, BGP, SUBNET, TRANSIT), route status (ACTIVE, INACTIVE, PENDING, DROPPED), and any configuration warnings reported by the API.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"router":{"name":"router","type":"\u001bgcp.project.computeService.router","title":"Google Compute Engine Cloud Router","desc":"Examine a Cloud Router's BGP configuration and NAT services. Surfaces `bgp` session settings, `bgpPeers` for dynamic route exchange, `encryptedInterconnectRouter` for HA VPN / Dedicated Interconnect encryption enforcement, and the `natServices()` defining Cloud NAT gateway configuration within the router. The `network()` reference links to the VPC the router is attached to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"routers":{"name":"routers","type":"\u0019\u001bgcp.project.computeService.router","title":"Cloud Routers in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routes":{"name":"routes","type":"\u0019\u001bgcp.project.computeService.route","title":"Static routes in VPC networks","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityPolicies":{"name":"securityPolicies","type":"\u0019\u001bgcp.project.computeService.securityPolicy","title":"Cloud Armor security policies","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityPolicy":{"name":"securityPolicy","type":"\u001bgcp.project.computeService.securityPolicy","title":"Google Cloud (GCP) Compute Cloud Armor security policy","desc":"Examine a Cloud Armor security policy that protects Google Cloud load balancers from DDoS attacks, web application threats, and unwanted traffic. Query its `type` (`CLOUD_ARMOR`, `CLOUD_ARMOR_EDGE`, or `CLOUD_ARMOR_NETWORK`), adaptive protection configuration, advanced options (request body inspection, JSON parsing), DDoS protection settings, and reCAPTCHA options. Drill into `rules` for the ordered list of allow, deny, rate-limit, and redirect rules.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"serviceAttachment":{"name":"serviceAttachment","type":"\u001bgcp.project.computeService.serviceAttachment","title":"Google Cloud (GCP) Compute Private Service Connect service attachment","desc":"Examine a Private Service Connect service attachment: its connection preference (ACCEPT_AUTOMATIC, ACCEPT_MANUAL), the connected consumer endpoints, consumer accept and reject lists, whether proxy protocol is enabled, DNS domain names for service discovery, NAT subnets, the producer forwarding rule, and the target service URL.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"serviceAttachments":{"name":"serviceAttachments","type":"\u0019\u001bgcp.project.computeService.serviceAttachment","title":"Private Service Connect service attachments","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceaccount":{"name":"serviceaccount","type":"\u001bgcloud.compute.serviceaccount","title":"Google Cloud (GCP) Compute service account","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"snapshot":{"name":"snapshot","type":"\u001bgcp.project.computeService.snapshot","title":"Google Cloud (GCP) Compute Engine persistent disk snapshot","desc":"Examine a Compute Engine disk snapshot and its security posture. Surfaces the snapshot `name`, `status`, `snapshotType`, `diskSizeGb`, storage consumption (`storageBytes`, `storageLocations`), and `labels`. Audit access exposure via `iamPolicy()` and the `public()` predicate that returns true when the snapshot is shared with `allUsers` or `allAuthenticatedUsers`. The typed `kmsKey()` accessor links to the customer-managed encryption key when CMEK is used, and `sourceDisk` identifies the disk the snapshot was taken from.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"snapshots":{"name":"snapshots","type":"\u0019\u001bgcp.project.computeService.snapshot","title":"Google Compute Engine snapshots in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslCertificate":{"name":"sslCertificate","type":"\u001bgcp.project.computeService.sslCertificate","title":"Google Cloud (GCP) Compute SSL certificate","desc":"Examine a Compute Engine SSL certificate attached to HTTPS or SSL proxy load balancers. Query its `type` (`SELF_MANAGED` for user-uploaded certificates or `MANAGED` for Google-managed certificates), subject alternative names, managed certificate configuration and provisioning status, expiration time, and the region it belongs to (empty for global certificates).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sslCertificates":{"name":"sslCertificates","type":"\u0019\u001bgcp.project.computeService.sslCertificate","title":"SSL/TLS certificates","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicies":{"name":"sslPolicies","type":"\u0019\u001bgcp.project.computeService.sslPolicy","title":"SSL/TLS policies for load balancers","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicy":{"name":"sslPolicy","type":"\u001bgcp.project.computeService.sslPolicy","title":"Google Cloud (GCP) Compute SSL policy","desc":"Examine a Compute Engine SSL policy that governs the TLS protocol version and cipher suites negotiated by HTTPS and SSL proxy load balancers. Query its `profile` (`COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`), `minTlsVersion`, enabled features, and custom features (when profile is `CUSTOM`). The `weakTls` field evaluates to `true` when the policy permits cipher suites or protocol versions considered cryptographically weak. `warnings` surfaces any API-reported configuration issues.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"storagePool":{"name":"storagePool","type":"\u001bgcp.project.computeService.storagePool","title":"Google Cloud (GCP) Compute storage pool","desc":"Examine a Compute Engine storage pool — a pre-provisioned block storage capacity container that disks are created from. Query its `state`, capacity provisioning type (`ADVANCED` or `STANDARD`), performance provisioning type, provisioned capacity in GiB, IOPS, and throughput. `storagePoolType` identifies the underlying disk technology, and `zone` names the zone where the pool resides.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"storagePools":{"name":"storagePools","type":"\u0019\u001bgcp.project.computeService.storagePool","title":"Storage pools","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u001bgcp.project.computeService.subnetwork","title":"Google Cloud VPC subnetwork","desc":"Examine a regional VPC subnetwork inside a Compute Engine network. Surfaces the subnetwork's IPv4 and IPv6 CIDR ranges, the `purpose` and `role` (private, regional-managed-proxy, internal-load-balancer, global-managed-proxy, etc.), the `enableFlowLogs` flag and matching `logConfig`, the `privateIpGoogleAccess` and `privateIpv6GoogleAccess` settings that control reachability of Google APIs from instances without external IPs, and typed references to the `network()` and the `region()` the subnet is bound to.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"subnetworks":{"name":"subnetworks","type":"\u0019\u001bgcp.project.computeService.subnetwork","title":"Logical partition of a VPC network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetHttpProxies":{"name":"targetHttpProxies","type":"\u0019\u001bgcp.project.computeService.targetHttpProxy","title":"Target HTTP proxies","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetHttpProxy":{"name":"targetHttpProxy","type":"\u001bgcp.project.computeService.targetHttpProxy","title":"Google Cloud (GCP) Compute target HTTP proxy","desc":"Examine a Compute Engine target HTTP proxy: the URL map it routes traffic through, whether proxy bind is enabled for Cloud Armor, and whether the proxy is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetHttpsProxies":{"name":"targetHttpsProxies","type":"\u0019\u001bgcp.project.computeService.targetHttpsProxy","title":"Target HTTPS proxies","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetHttpsProxy":{"name":"targetHttpsProxy","type":"\u001bgcp.project.computeService.targetHttpsProxy","title":"Google Cloud (GCP) Compute target HTTPS proxy","desc":"Examine a Compute Engine target HTTPS proxy: the URL map it routes traffic through, the SSL certificates it presents, the SSL policy governing TLS version and cipher requirements, the QUIC override setting (NONE, ENABLE, DISABLE), whether proxy bind is enabled for Cloud Armor, and whether the proxy is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetPool":{"name":"targetPool","type":"\u001bgcp.project.computeService.targetPool","title":"Google Cloud (GCP) Compute target pool (legacy network load balancing)","desc":"Examine a legacy network load balancing target pool: its session affinity mode (NONE, CLIENT_IP, CLIENT_IP_PROTO, CLIENT_IP_PORT_PROTO), failover ratio, backup pool URL, associated health check URLs, the instance URLs of members in the pool, and the security policy applied.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetPools":{"name":"targetPools","type":"\u0019\u001bgcp.project.computeService.targetPool","title":"Legacy target pools for network load balancing","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetSslProxies":{"name":"targetSslProxies","type":"\u0019\u001bgcp.project.computeService.targetSslProxy","title":"Target SSL proxies","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetSslProxy":{"name":"targetSslProxy","type":"\u001bgcp.project.computeService.targetSslProxy","title":"Google Cloud (GCP) Compute target SSL proxy","desc":"Examine a Compute Engine target SSL proxy: the backend service it forwards traffic to, the proxy header mode (NONE, PROXY_V1), the SSL certificates it presents, the SSL policy governing TLS version and cipher requirements, and the certificate map URL.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetTcpProxies":{"name":"targetTcpProxies","type":"\u0019\u001bgcp.project.computeService.targetTcpProxy","title":"Target TCP proxies","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetTcpProxy":{"name":"targetTcpProxy","type":"\u001bgcp.project.computeService.targetTcpProxy","title":"Google Cloud (GCP) Compute target TCP proxy","desc":"Examine a Compute Engine target TCP proxy: the backend service it forwards traffic to, the proxy header mode (NONE, PROXY_V1), whether proxy bind is enabled, and whether the proxy is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"urlMap":{"name":"urlMap","type":"\u001bgcp.project.computeService.urlMap","title":"Google Cloud (GCP) Compute URL map","desc":"Examine a Compute Engine URL map: its default backend service, host rules that match incoming hostnames, path matchers that route requests to backend services or buckets, URL map tests, and whether the map is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"urlMaps":{"name":"urlMaps","type":"\u0019\u001bgcp.project.computeService.urlMap","title":"URL maps (load balancer routing rules)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnGateway":{"name":"vpnGateway","type":"\u001bgcp.project.computeService.vpnGateway","title":"Google Cloud (GCP) Compute HA VPN gateway","desc":"Examine a High Availability (HA) VPN gateway that provides redundant Site-to-Site VPN connectivity. Query its attached `network`, IP family (`gatewayIpVersion`), stack type (`IPV4_ONLY`, `IPV4_IPV6`, or `IPV6_ONLY`), `vpnInterfaces` (each with an IP address and optional interconnect attachment), and resource manager tags. HA VPN gateways always provide two interfaces for 99.99% availability.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vpnGateways":{"name":"vpnGateways","type":"\u0019\u001bgcp.project.computeService.vpnGateway","title":"HA VPN gateways","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnTunnel":{"name":"vpnTunnel","type":"\u001bgcp.project.computeService.vpnTunnel","title":"Google Cloud (GCP) Compute VPN tunnel","desc":"Examine a Cloud VPN tunnel carrying encrypted traffic between a GCP network and a peer gateway. Query its `status`, `ikeVersion`, `localTrafficSelector` and `remoteTrafficSelector` CIDRs, and the `sharedSecretHash`. Resolve the peer via `peerExternalVpnGateway` or `peerGcpVpnGateway`, the owning HA VPN gateway via `vpnGateway`, and the dynamic routing Cloud Router via `router`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vpnTunnels":{"name":"vpnTunnels","type":"\u0019\u001bgcp.project.computeService.vpnTunnel","title":"VPN tunnels","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","title":"Google Cloud (GCP) Compute zone","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"zones":{"name":"zones","type":"\u0019\u001bgcp.project.computeService.zone","title":"Project zones","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Engine","desc":"Use this resource as the entry point for Compute Engine in the project. It hosts the compute surface (`instances`, `disks`, `snapshots`, `images`, `instanceTemplates`, `instanceGroups`, `instanceGroupManagers`, `machineTypes`, `storagePools`), the VPC networking layer (`networks`, `subnetworks`, `routers`, `routes`, `firewalls`, `firewallPolicies`, `addresses`), load balancing (`backendServices`, `backendBuckets`, `urlMaps`, the `target*Proxies`, `forwardingRules`, `healthChecks`, `targetPools`, `networkEndpointGroups`), hybrid connectivity (`vpnGateways`, `vpnTunnels`, `externalVpnGateways`, `interconnects`, `interconnectAttachments`), and security controls (`securityPolicies` for Cloud Armor, `sslPolicies`, `sslCertificates`, `packetMirrorings`). `hasDefaultNetwork` audits whether the auto-created `default` VPC network still exists.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcloud.compute.instance":{"id":"gcp.project.computeService.instance","name":"gcp.project.computeService.instance","fields":{"advancedMachineFeatures":{"name":"advancedMachineFeatures","type":"\n","is_mandatory":true,"title":"Advanced machine features controlling BIOS-level behavior","desc":"Surfaces options usually configured in a BIOS: `enableNestedVirtualization`, `enableUefiNetworking`, `threadsPerCore` (set to 1 to disable SMT), `visibleCoreCount` (number of physical cores exposed), and `performanceMonitoringUnit` (one of ARCHITECTURAL, ENHANCED, STANDARD, or PERFORMANCE_MONITORING_UNIT_UNSPECIFIED).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"blockProjectSshKeysEnabled":{"name":"blockProjectSshKeysEnabled","type":"\u0004","title":"Whether instance metadata 'block-project-ssh-keys' is true","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"canIpForward":{"name":"canIpForward","type":"\u0004","is_mandatory":true,"title":"Whether the instance is allowed to send and receive packets with non-matching destination or source IPs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"confidentialCompute":{"name":"confidentialCompute","type":"\u001bgcp.project.computeService.instance.confidentialCompute","is_mandatory":true,"title":"Confidential Compute configuration for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"confidentialInstanceConfig":{"name":"confidentialInstanceConfig","type":"\n","is_mandatory":true,"title":"Raw confidential instance config dict","desc":"Deprecated in favor of `confidentialCompute`, which exposes the same fields as a typed sub-resource plus the confidential VM type.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"cpuPlatform":{"name":"cpuPlatform","type":"\u0007","is_mandatory":true,"title":"CPU platform used by this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deletionProtection":{"name":"deletionProtection","type":"\u0004","is_mandatory":true,"title":"Whether the instance is protected against deletion","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional description for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disks":{"name":"disks","type":"\u0019\u001bgcp.project.computeService.attachedDisk","is_mandatory":true,"title":"Disks associated with the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableDisplay":{"name":"enableDisplay","type":"\u0004","is_mandatory":true,"title":"Whether the instance has display enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableIntegrityMonitoring":{"name":"enableIntegrityMonitoring","type":"\u0004","is_mandatory":true,"title":"Whether Shielded VM integrity monitoring is enabled","desc":"Deprecated in favor of `shieldedInstanceConfig.enableIntegrityMonitoring`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"enableSecureBoot":{"name":"enableSecureBoot","type":"\u0004","is_mandatory":true,"title":"Whether Shielded VM secure boot is enabled","desc":"Deprecated in favor of `shieldedInstanceConfig.enableSecureBoot`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"enableVtpm":{"name":"enableVtpm","type":"\u0004","is_mandatory":true,"title":"Whether Shielded VM vTPM is enabled","desc":"Deprecated in favor of `shieldedInstanceConfig.enableVtpm`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Instance fingerprint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"guestAccelerators":{"name":"guestAccelerators","type":"\u0019\n","is_mandatory":true,"title":"Attached list of accelerator cards","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasFullCloudPlatformScope":{"name":"hasFullCloudPlatformScope","type":"\u0004","title":"Whether any attached service account has the broad cloud-platform OAuth scope","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasPublicIp":{"name":"hasPublicIp","type":"\u0004","title":"Whether the instance has at least one external IP attached via a network interface accessConfig","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hostname":{"name":"hostname","type":"\u0007","is_mandatory":true,"title":"Hostname of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceEncryptionKey":{"name":"instanceEncryptionKey","type":"\n","is_mandatory":true,"title":"Customer-supplied or KMS-backed encryption key for instance suspend state and Local SSDs","desc":"Examines the key material that protects suspended data and Local SSD storage attached to the instance: `kmsKeyName` for customer-managed KMS keys, `kmsKeyServiceAccount` for the service account used against the KMS key, `rawKey` / `rsaEncryptedKey` for customer-supplied encryption keys (CSEK), and `sha256` of the supplied key. Null when the instance has no instance-level encryption key configured (Google-managed encryption).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"inventory":{"name":"inventory","type":"\u001bgcp.project.computeService.instance.osInventory","title":"VM Manager OS inventory of installed packages and operating system details","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyRevocationActionType":{"name":"keyRevocationActionType","type":"\u0007","is_mandatory":true,"title":"KeyRevocationActionType of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastStartTimestamp":{"name":"lastStartTimestamp","type":"\t","is_mandatory":true,"title":"Last start timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastStopTimestamp":{"name":"lastStopTimestamp","type":"\t","is_mandatory":true,"title":"Last stop timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastSuspendedTimestamp":{"name":"lastSuspendedTimestamp","type":"\t","is_mandatory":true,"title":"Last suspended timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineType":{"name":"machineType","type":"\u001bgcp.project.computeService.machineType","title":"Machine type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadata":{"name":"metadata","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Custom key-value pairs assigned to the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minCpuPlatform":{"name":"minCpuPlatform","type":"\u0007","is_mandatory":true,"title":"Minimum CPU platform for the VM instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-friendly name for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkInterfaces":{"name":"networkInterfaces","type":"\u0019\n","is_mandatory":true,"title":"Network configurations for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkStackTypes":{"name":"networkStackTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Distinct network interface stack types across all interfaces (IPV4_ONLY, IPV4_IPV6)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osInventory":{"name":"osInventory","type":"\u001bgcp.project.computeService.instance.osInventory","title":"VM Manager OS inventory for a Compute Engine instance","desc":"Examine the operating system and software state that the VM Manager OS Config agent reports for a single instance: `osInfo` carries the detected OS name, version, and architecture, while `items` lists every installed package and every available package update. Use it to audit patch level and installed software without logging in to the VM.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"osLoginEnabled":{"name":"osLoginEnabled","type":"\u0004","title":"Whether OS Login is enabled on this instance — checks instance metadata 'enable-oslogin', then falls back to project commonInstanceMetadata when unset","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"physicalHostResourceStatus":{"name":"physicalHostResourceStatus","type":"\u0007","is_mandatory":true,"title":"Resource status for physical host","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateIpv6GoogleAccess":{"name":"privateIpv6GoogleAccess","type":"\u0007","is_mandatory":true,"title":"Private IPv6 google access type for the VM","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reservationAffinity":{"name":"reservationAffinity","type":"\n","is_mandatory":true,"title":"Reservations from which this instance can consume","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePolicies":{"name":"resourcePolicies","type":"\u0019\u0007","is_mandatory":true,"title":"Resource policies applied to this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies Google's Protected Zone Integration requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies Google's Protected Zone Separation requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scheduling":{"name":"scheduling","type":"\n","is_mandatory":true,"title":"Scheduling options including preemptibility, automatic restart, and maintenance behavior","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serialPortEnabled":{"name":"serialPortEnabled","type":"\u0004","title":"Whether instance metadata 'serial-port-enable' is set to true (interactive serial console)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccounts":{"name":"serviceAccounts","type":"\u0019\u001bgcp.project.computeService.serviceaccount","is_mandatory":true,"title":"Service accounts authorized for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shieldedInstanceConfig":{"name":"shieldedInstanceConfig","type":"\u001bgcp.project.computeService.instance.shieldedInstanceConfig","is_mandatory":true,"title":"Shielded Instance configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shieldedInstanceIntegrityPolicy":{"name":"shieldedInstanceIntegrityPolicy","type":"\n","is_mandatory":true,"title":"Shielded VM integrity monitoring auto-learn policy (updateAutoLearnPolicy)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceMachineImage":{"name":"sourceMachineImage","type":"\u0007","is_mandatory":true,"title":"Source machine image","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceMachineImageEncryptionKey":{"name":"sourceMachineImageEncryptionKey","type":"\n","is_mandatory":true,"title":"Encryption key used to decrypt the source machine image when the instance was created from one","desc":"Same shape as `instanceEncryptionKey`: `kmsKeyName`, `kmsKeyServiceAccount`, `rawKey`, `rsaEncryptedKey`, `sha256`. Useful for tracking encryption lineage from the source machine image into the instance.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"startRestricted":{"name":"startRestricted","type":"\u0004","is_mandatory":true,"title":"Whether VM has been restricted from starting because Compute Engine has detected suspicious activity","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Instance status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"statusMessage":{"name":"statusMessage","type":"\u0007","is_mandatory":true,"title":"Human-readable explanation of the status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Tags associated with this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalEgressBandwidthTier":{"name":"totalEgressBandwidthTier","type":"\u0007","is_mandatory":true,"title":"Network performance configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"usesDefaultServiceAccount":{"name":"usesDefaultServiceAccount","type":"\u0004","title":"Whether the instance runs as the default Compute Engine service account (\u003cprojectNumber\u003e-compute@developer.gserviceaccount.com)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilityReport":{"name":"vulnerabilityReport","type":"\u001bgcp.project.computeService.instance.vulnerabilityReport","title":"VM Manager vulnerability report for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workloadIdentityConfig":{"name":"workloadIdentityConfig","type":"\n","is_mandatory":true,"title":"Workload identity configuration for the instance","min_provider_version":"13.5.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","is_mandatory":true,"title":"Instance zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Compute Engine instance","desc":"Examine a Compute Engine VM instance and the security-relevant configuration around it. Surfaces the machine type and CPU platform, the instance status and lifecycle, attached `disks` and `networkInterfaces`, the boot image, applied `labels` and `metadata`, the `serviceAccounts` bound to the instance, the `shieldedInstanceConfig` (Secure Boot, vTPM, integrity monitoring), the `confidentialInstanceConfig`, OS Config patch posture, and the scheduling and reservation affinity settings. The CIS-aligned predicates (`hasPublicIp`, `usesDefaultServiceAccount`, `hasFullCloudPlatformScope`, `blockProjectSshKeysEnabled`, `osLoginEnabled`, `serialPortEnabled`) collapse common posture checks into a single boolean field per audit.","min_provider_version":"9.0.0","defaults":"name id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcloud.compute.serviceaccount":{"id":"gcp.project.computeService.serviceaccount","name":"gcp.project.computeService.serviceaccount","fields":{"email":{"name":"email","type":"\u0007","is_mandatory":true,"title":"Service account email address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scopes":{"name":"scopes","type":"\u0019\u0007","is_mandatory":true,"title":"Service account scopes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute service account","private":true,"min_provider_version":"9.0.0","defaults":"email","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcloud.organization":{"id":"gcp.organization","name":"gcp.organization","fields":{"accessApprovalSettings":{"name":"accessApprovalSettings","type":"\u001bgcp.accessApprovalSettings","title":"Access approval settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"accessPolicies":{"name":"accessPolicies","type":"\u0019\u001bgcp.accesscontextmanager.accessPolicy","title":"VPC Service Controls access policies","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"auditConfig":{"name":"auditConfig","type":"\u0019\u001bgcp.resourcemanager.auditConfig","title":"Audit logging configuration","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudIdentityGroups":{"name":"cloudIdentityGroups","type":"\u0019\u001bgcp.cloudIdentity.group","title":"Cloud Identity groups in the associated Google Workspace / Cloud Identity account","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customConstraints":{"name":"customConstraints","type":"\u0019\u001bgcp.orgPolicy.customConstraint","title":"Custom Organization Policy constraints defined on the organization","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customRoles":{"name":"customRoles","type":"\u0019\u001bgcp.organization.role","title":"Custom IAM roles defined at the organization level","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customerId":{"name":"customerId","type":"\u0007","is_mandatory":true,"title":"Google Workspace / Cloud Identity customer ID associated with the organization","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deleteTime":{"name":"deleteTime","type":"\t","is_mandatory":true,"title":"Timestamp when deletion was requested","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"folders":{"name":"folders","type":"\u001bgcp.folders","title":"List of folders","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"Organization IAM policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Organization ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logging":{"name":"logging","type":"\u001bgcp.organization.loggingService","title":"Cloud Logging configuration scoped to the organization","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingService":{"name":"loggingService","type":"\u001bgcp.organization.loggingService","title":"Google Cloud (GCP) organization-scope Cloud Logging","desc":"Use this resource as the entry point for organization-level Cloud Logging configuration. It hosts the organization's logging `sinks` — the export rules that forward log entries from every project under the organization to a central destination (Cloud Storage, BigQuery, Pub/Sub, or another log bucket). Org-level sinks are the primary control for forcing tamper-resistant log aggregation across the entire org, which is a baseline requirement for incident response and most compliance frameworks.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"name":{"name":"name","type":"\u0007","title":"Organization name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkSecurityProfile":{"name":"networkSecurityProfile","type":"\u001bgcp.organization.networkSecurityProfile","title":"Network Security profile for an organization","desc":"Examine a Network Security profile that defines a reusable set of threat-detection and traffic-handling behavior referenced by firewall policy rules: `threatPreventionProfile` configures intrusion prevention severity overrides, `urlFilteringProfile` configures URL filtering, and the intercept and mirroring profiles configure packet handling. The `type` field records which behavior the profile carries. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkSecurityProfileGroup":{"name":"networkSecurityProfileGroup","type":"\u001bgcp.organization.networkSecurityProfileGroup","title":"Network Security profile group for an organization","desc":"Examine a Network Security profile group, which bundles individual security profiles so that a single firewall policy rule can apply threat prevention, URL filtering, mirroring, and intercept behavior together. Each field references the full resource name of the security profile that supplies that behavior. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkSecurityProfileGroups":{"name":"networkSecurityProfileGroups","type":"\u0019\u001bgcp.organization.networkSecurityProfileGroup","title":"Network Security profile groups defined for the organization","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkSecurityProfiles":{"name":"networkSecurityProfiles","type":"\u0019\u001bgcp.organization.networkSecurityProfile","title":"Network Security profiles defined for the organization","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"orgPolicies":{"name":"orgPolicies","type":"\u0019\u001bgcp.orgPolicy","title":"Organization policies","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projects":{"name":"projects","type":"\u001bgcp.projects","title":"List of projects","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"role":{"name":"role","type":"\u001bgcp.organization.role","title":"Google Cloud (GCP) IAM custom role defined at the organization level","desc":"Examine a custom IAM role defined on the organization rather than on an individual project — its title, description, launch stage (`ALPHA`, `BETA`, `GA`, `DEPRECATED`, `DISABLED`), the full list of permissions it grants, and whether it has been soft-deleted. Organization-level custom roles are reusable across every project in the org, so an overly broad permission set has a wider blast radius than the equivalent project-scoped role.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sccBigQueryExports":{"name":"sccBigQueryExports","type":"\u0019\u001bgcp.scc.bigQueryExport","title":"Security Command Center BigQuery export configs","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccFindings":{"name":"sccFindings","type":"\u0019\u001bgcp.scc.finding","title":"Security Command Center findings across all sources (active findings only)","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccMuteConfigs":{"name":"sccMuteConfigs","type":"\u0019\u001bgcp.scc.muteConfig","title":"Security Command Center mute configs","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccNotificationConfigs":{"name":"sccNotificationConfigs","type":"\u0019\u001bgcp.scc.notificationConfig","title":"Security Command Center notification configs","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccOrganizationSettings":{"name":"sccOrganizationSettings","type":"\u001bgcp.scc.organizationSettings","title":"Security Command Center organization settings","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccSources":{"name":"sccSources","type":"\u0019\u001bgcp.scc.source","title":"Security Command Center sources","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","title":"Organization state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last modified timestamp","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud organization","desc":"Examine the Cloud Resource Manager organization that contains the account's folders, projects, IAM policy, and Security Command Center configuration. Surfaces the organization ID, name, lifecycle state, the IAM `iamPolicy` and `auditConfig` bindings, the `orgPolicies` applied across the org tree, the access-approval settings, and the child `folders()` and `projects()`. The Security Command Center accessors (`sccSources`, `sccFindings`, `sccNotificationConfigs`, `sccMuteConfigs`, `sccBigQueryExports`, `sccOrganizationSettings`) expose SCC posture across all sources, `accessPolicies()` returns the VPC Service Controls access policies bound to the org, and `customConstraints()` lists the custom Organization Policy constraints defined on it.","min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcloud.project":{"id":"gcp.project","name":"gcp.project","fields":{"accessApprovalSettings":{"name":"accessApprovalSettings","type":"\u001bgcp.accessApprovalSettings","title":"Access approval settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"alloydb":{"name":"alloydb","type":"\u001bgcp.project.alloydbService","title":"GCP AlloyDB resources","min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"alloydbService":{"name":"alloydbService","type":"\u001bgcp.project.alloydbService","title":"Google Cloud (GCP) AlloyDB for PostgreSQL","desc":"Use this resource as the entry point for AlloyDB in the project. It hosts the project's `clusters` — each exposing its primary and read-pool instances, automated backup policy, encryption configuration, and network settings for PostgreSQL-compatible database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"apiGateway":{"name":"apiGateway","type":"\u001bgcp.project.apiGatewayService","title":"GCP API Gateway resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"apiGatewayService":{"name":"apiGatewayService","type":"\u001bgcp.project.apiGatewayService","title":"Google Cloud (GCP) API Gateway","desc":"Use this resource as the entry point for API Gateway in the project. It hosts the managed APIs (with their API configs) and the deployed `gateways` — exposing managed-service names, deployment state, and the hostnames clients use to reach backend services.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"apiKey":{"name":"apiKey","type":"\u001bgcp.project.apiKey","title":"Google Cloud (GCP) project API key","desc":"Examine an API key scoped to the project — its display name, annotations, creation and deletion timestamps, the encrypted key string, and the restrictions that limit which applications, IP addresses, or API targets may use it. The `restrictions` sub-resource exposes the `unrestricted` flag used by CIS benchmarks to detect keys that have no app, IP, or referrer restrictions configured.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"apiKeys":{"name":"apiKeys","type":"\u0019\u001bgcp.project.apiKey","title":"API keys","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"appEngine":{"name":"appEngine","type":"\u001bgcp.project.appEngineService","title":"GCP App Engine resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"appEngineService":{"name":"appEngineService","type":"\u001bgcp.project.appEngineService","title":"Google Cloud (GCP) App Engine","desc":"Use this resource as the entry point for App Engine in the project. It hosts the `application` (with its location, serving status, and identity settings) and the deployed `services` and their versions.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"artifactRegistry":{"name":"artifactRegistry","type":"\u001bgcp.project.artifactRegistryService","title":"GCP Artifact Registry resources","min_provider_version":"11.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"artifactRegistryService":{"name":"artifactRegistryService","type":"\u001bgcp.project.artifactRegistryService","title":"Google Cloud (GCP) Artifact Registry","desc":"Use this resource as the entry point for Artifact Registry in the project. It hosts the project's `repositories` — each exposing its format, mode, encryption configuration, cleanup policies, and IAM policy for container-image and package-storage audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"auditConfig":{"name":"auditConfig","type":"\u0019\u001bgcp.resourcemanager.auditConfig","title":"Audit logging configuration","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupdr":{"name":"backupdr","type":"\u001bgcp.project.backupdrService","title":"GCP Backup and DR resources","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupdrService":{"name":"backupdrService","type":"\u001bgcp.project.backupdrService","title":"Google Cloud (GCP) Backup and DR Service","desc":"Use this resource as the entry point for the Backup and DR Service in the project. It hosts the `managementServers`, the `backupVaults` that store immutable backups, and the `backupPlans` that schedule them — exposing retention and enforcement settings for data-protection audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"batch":{"name":"batch","type":"\u001bgcp.project.batchService","title":"GCP Batch resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"batchService":{"name":"batchService","type":"\u001bgcp.project.batchService","title":"Google Cloud (GCP) Batch","desc":"Use this resource as the entry point for Batch in the project. It hosts the project's `jobs` — each exposing its task groups, compute and network configuration, and execution state for managed batch-compute audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"bigquery":{"name":"bigquery","type":"\u001bgcp.project.bigqueryService","title":"GCP BigQuery resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"bigqueryService":{"name":"bigqueryService","type":"\u001bgcp.project.bigqueryService","title":"Google Cloud BigQuery service","desc":"Use this resource as the entry point for BigQuery in the project. It hosts the project's `datasets()` (with their tables, models, routines, access entries, and CMEK encryption), `connections()` to external data sources, and slot `reservations()` for capacity management audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"bigtable":{"name":"bigtable","type":"\u001bgcp.project.bigtableService","title":"GCP Bigtable resources","min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"bigtableService":{"name":"bigtableService","type":"\u001bgcp.project.bigtableService","title":"Google Cloud (GCP) Bigtable","desc":"Use this resource as the entry point for Bigtable in the project. It hosts the project's `instances` — each exposing its clusters, app profiles, storage type, and encryption configuration for wide-column database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"binaryAuthorization":{"name":"binaryAuthorization","type":"\u001bgcp.project.binaryAuthorizationControl","title":"Binary Authorization resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"binaryAuthorizationControl":{"name":"binaryAuthorizationControl","type":"\u001bgcp.project.binaryAuthorizationControl","title":"Google Cloud (GCP) Binary Authorization","desc":"Use this resource as the entry point for Binary Authorization in the project. It hosts the project's deployment `policy` — covering default and per-cluster admission rules, allowlist patterns, and global policy evaluation mode — and the list of trusted `attestors` whose signatures validate container images before deployment.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"certificateAuthority":{"name":"certificateAuthority","type":"\u001bgcp.project.certificateAuthorityService","title":"GCP Certificate Authority Service resources","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificateAuthorityService":{"name":"certificateAuthorityService","type":"\u001bgcp.project.certificateAuthorityService","title":"Google Cloud (GCP) Certificate Authority Service","desc":"Use this resource as the entry point for the Private CA Service in the project. It hosts the `caPools` and, through them, the certificate authorities and issued certificates — exposing tier, issuance policy, and publishing options. This models private CA infrastructure, distinct from the load-balancer-facing certs in `certificateManager`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"certificateManager":{"name":"certificateManager","type":"\u001bgcp.project.certificateManagerService","title":"GCP Certificate Manager resources","min_provider_version":"13.13.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificateManagerService":{"name":"certificateManagerService","type":"\u001bgcp.project.certificateManagerService","title":"Google Cloud (GCP) Certificate Manager","desc":"Use this resource as the entry point for the Certificate Manager service in the project. It hosts the load-balancer-facing TLS certificate surface: `certificates` (Google-managed and self-managed leaf certs), `certificateMaps` and their `certificateMapEntries` (the host→cert routing attached to GCLB target proxies), `dnsAuthorizations` (the DNS challenge records used to issue managed certs), `certificateIssuanceConfigs` (private-CA-backed issuance settings), and `trustConfigs` (mTLS trust anchors). Certificate Manager is distinct from `certificateAuthority` — that resource models the Private CA Service, while this one models the front-door certs Google's load balancers serve.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudBuild":{"name":"cloudBuild","type":"\u001bgcp.project.cloudBuildService","title":"GCP Cloud Build resources","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudBuildService":{"name":"cloudBuildService","type":"\u001bgcp.project.cloudBuildService","title":"Google Cloud (GCP) Cloud Build","desc":"Use this resource as the entry point for Cloud Build in the project. It hosts the build `triggers` (with their source repositories and build configuration) and the private `workerPools` that builds run on.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudDeploy":{"name":"cloudDeploy","type":"\u001bgcp.project.cloudDeployService","title":"GCP Cloud Deploy resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudDeployService":{"name":"cloudDeployService","type":"\u001bgcp.project.cloudDeployService","title":"Google Cloud (GCP) Cloud Deploy","desc":"Use this resource as the entry point for Cloud Deploy in the project. It hosts the `deliveryPipelines` (the promotion sequences for releases) and the `targets` they deploy to — exposing execution configuration and per-target settings for continuous-delivery audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudDomains":{"name":"cloudDomains","type":"\u001bgcp.project.cloudDomainsService","title":"GCP Cloud Domains resources","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudDomainsService":{"name":"cloudDomainsService","type":"\u001bgcp.project.cloudDomainsService","title":"Google Cloud Domains","desc":"Use this resource as the entry point for Cloud Domains in the project. It hosts the `registrations` — the domain names registered through Cloud Domains — and `enabled` reports whether the Cloud Domains API is turned on for the project.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudFunction":{"name":"cloudFunction","type":"\u001bgcp.project.cloudFunction","title":"Google Cloud (GCP) Cloud Function (1st gen)","desc":"Examine a first-generation Cloud Function deployed to a project. Covers the trigger configuration (HTTP or event), runtime, service account, networking (VPC connector, ingress and egress settings), memory and timeout limits, environment variables, secret bindings, KMS encryption key, and build settings including the Artifact Registry repository and custom worker pool.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudFunctionV2":{"name":"cloudFunctionV2","type":"\u001bgcp.project.cloudFunctionV2","title":"Google Cloud (GCP) Cloud Function (v2 / 2nd gen)","desc":"Examine a second-generation Cloud Function backed by Cloud Run. Covers function state and environment generation (GEN_1, GEN_2), the deployed HTTPS URL, KMS encryption key, build configuration (runtime, entry point, Artifact Registry repository, worker pool), service configuration (scaling limits, VPC connector, ingress settings, service account, secret bindings), and the Eventarc event trigger.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudFunctions":{"name":"cloudFunctions","type":"\u0019\u001bgcp.project.cloudFunction","title":"GCP Cloud Functions (v1)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudFunctionsV2":{"name":"cloudFunctionsV2","type":"\u0019\u001bgcp.project.cloudFunctionV2","title":"GCP Cloud Functions (v2 / 2nd gen)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudRun":{"name":"cloudRun","type":"\u001bgcp.project.cloudRunService","title":"GCP Cloud Run resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudRunService":{"name":"cloudRunService","type":"\u001bgcp.project.cloudRunService","title":"Google Cloud (GCP) Cloud Run","desc":"Use this resource as the entry point for Cloud Run in the project. It hosts the deployed `services` and `jobs` — each exposing its container image, revision configuration, ingress and IAM settings, and execution environment — along with the `operations` history and the `regions` where Cloud Run resources can run.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudScheduler":{"name":"cloudScheduler","type":"\u001bgcp.project.cloudSchedulerService","title":"GCP Cloud Scheduler resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudSchedulerService":{"name":"cloudSchedulerService","type":"\u001bgcp.project.cloudSchedulerService","title":"Google Cloud (GCP) Cloud Scheduler","desc":"Use this resource as the entry point for Cloud Scheduler in the project. It hosts the project's `jobs` — each exposing its cron schedule, target (HTTP, Pub/Sub, or App Engine), retry configuration, and last-run state.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudTasks":{"name":"cloudTasks","type":"\u001bgcp.project.cloudTasksService","title":"GCP Cloud Tasks resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudTasksService":{"name":"cloudTasksService","type":"\u001bgcp.project.cloudTasksService","title":"Google Cloud (GCP) Cloud Tasks","desc":"Use this resource as the entry point for Cloud Tasks in the project. It hosts the project's `queues` — each exposing its rate limits, retry configuration, and processing state for task-queue audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"commonInstanceMetadata":{"name":"commonInstanceMetadata","type":"\u001a\u0007\u0007","title":"Common instance metadata for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"composer":{"name":"composer","type":"\u001bgcp.project.composerService","title":"GCP Cloud Composer resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"composerService":{"name":"composerService","type":"\u001bgcp.project.composerService","title":"Google Cloud (GCP) Cloud Composer","desc":"Use this resource as the entry point for Cloud Composer in the project. It hosts the managed Apache Airflow `environments` — each exposing its lifecycle state, image version, labels, and environment configuration covering node config, software config, encryption, and web server access control.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"compute":{"name":"compute","type":"\u001bgcp.project.computeService","title":"GCP Compute resources for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"computeService":{"name":"computeService","type":"\u001bgcp.project.computeService","title":"Google Cloud (GCP) Compute Engine","desc":"Use this resource as the entry point for Compute Engine in the project. It hosts the compute surface (`instances`, `disks`, `snapshots`, `images`, `instanceTemplates`, `instanceGroups`, `instanceGroupManagers`, `machineTypes`, `storagePools`), the VPC networking layer (`networks`, `subnetworks`, `routers`, `routes`, `firewalls`, `firewallPolicies`, `addresses`), load balancing (`backendServices`, `backendBuckets`, `urlMaps`, the `target*Proxies`, `forwardingRules`, `healthChecks`, `targetPools`, `networkEndpointGroups`), hybrid connectivity (`vpnGateways`, `vpnTunnels`, `externalVpnGateways`, `interconnects`, `interconnectAttachments`), and security controls (`securityPolicies` for Cloud Armor, `sslPolicies`, `sslCertificates`, `packetMirrorings`). `hasDefaultNetwork` audits whether the auto-created `default` VPC network still exists.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"containerAnalysis":{"name":"containerAnalysis","type":"\u001bgcp.project.containerAnalysisService","title":"GCP Container Analysis resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"containerAnalysisService":{"name":"containerAnalysisService","type":"\u001bgcp.project.containerAnalysisService","title":"Google Cloud (GCP) Container Analysis","desc":"Use this resource as the entry point for Container Analysis in the project. It hosts the vulnerability `occurrences` — the scan findings attached to container images for software-supply-chain audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"createTime":{"name":"createTime","type":"\t","title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataAccessLoggingEnabled":{"name":"dataAccessLoggingEnabled","type":"\u0004","title":"Whether DATA_READ and DATA_WRITE audit logging is enabled for allServices with no exempted members (CIS 2.1)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataflow":{"name":"dataflow","type":"\u001bgcp.project.dataflowService","title":"GCP Dataflow resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataflowService":{"name":"dataflowService","type":"\u001bgcp.project.dataflowService","title":"Google Cloud (GCP) Dataflow","desc":"Use this resource as the entry point for Dataflow in the project. It hosts the project's `jobs` — each exposing its pipeline type, current state, environment configuration, and worker settings for stream and batch processing audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dataplex":{"name":"dataplex","type":"\u001bgcp.project.dataplexService","title":"GCP Dataplex resources","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataplexService":{"name":"dataplexService","type":"\u001bgcp.project.dataplexService","title":"Google Cloud Dataplex","desc":"Use this resource as the entry point for Dataplex in the project. It hosts the data-management hierarchy: `lakes` group data across storage systems into zones, and from each lake you can drill into its zones and the Cloud Storage buckets and BigQuery datasets they govern. `enabled` reports whether the Dataplex API is turned on for the project.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dataproc":{"name":"dataproc","type":"\u001bgcp.project.dataprocService","title":"GCP Dataproc resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataprocService":{"name":"dataprocService","type":"\u001bgcp.project.dataprocService","title":"Google Cloud (GCP) Dataproc","desc":"Use this resource as the entry point for Dataproc in the project. It hosts the managed Spark and Hadoop surface: `clusters`, submitted `jobs`, and the `autoscalingPolicies` that govern cluster scaling. `regions` lists where Dataproc resources can be created and `enabled` reports whether the service is turned on.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"datastream":{"name":"datastream","type":"\u001bgcp.project.datastreamService","title":"GCP Datastream resources","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datastreamService":{"name":"datastreamService","type":"\u001bgcp.project.datastreamService","title":"Google Cloud (GCP) Datastream","desc":"Use this resource as the entry point for Datastream in the project. It hosts the change-data-capture surface: `streams`, the source and destination `connectionProfiles` they use, and the `privateConnections` that provide private network connectivity.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"deleteTime":{"name":"deleteTime","type":"\t","title":"Timestamp when deletion was requested","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dlp":{"name":"dlp","type":"\u001bgcp.project.dlpService","title":"GCP Cloud DLP resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dlpService":{"name":"dlpService","type":"\u001bgcp.project.dlpService","title":"Google Cloud (GCP) Sensitive Data Protection (Cloud DLP)","desc":"Use this resource as the entry point for Sensitive Data Protection in the project. It hosts the configuration surface (`inspectTemplates`, `deidentifyTemplates`, `storedInfoTypes`, `jobTriggers`, `discoveryConfigs`, `connections`), the `dlpJobs` that run inspection and risk-analysis scans, and the data sensitivity profiles produced by discovery — `projectDataProfiles`, `tableDataProfiles`, `columnDataProfiles`, and `fileStoreDataProfiles`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dns":{"name":"dns","type":"\u001bgcp.project.dnsService","title":"GCP Cloud DNS","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsService":{"name":"dnsService","type":"\u001bgcp.project.dnsService","title":"Google Cloud (GCP) Cloud DNS","desc":"Use this resource as the entry point for Cloud DNS in the project. It hosts the `managedZones` (public and private DNS zones, including their DNSSEC state and record sets) and the `policies` that govern inbound and outbound DNS resolution for the project's VPC networks.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"essentialContacts":{"name":"essentialContacts","type":"\u0019\u001bgcp.essentialContact","title":"GCP contacts for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventarc":{"name":"eventarc","type":"\u001bgcp.project.eventarcService","title":"GCP Eventarc resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventarcService":{"name":"eventarcService","type":"\u001bgcp.project.eventarcService","title":"Google Cloud (GCP) Eventarc","desc":"Use this resource as the entry point for Eventarc in the project. It hosts the `triggers` that route events to destinations and the `channels` that deliver events from third-party and custom sources.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"filestore":{"name":"filestore","type":"\u001bgcp.project.filestoreService","title":"GCP Cloud Filestore resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filestoreService":{"name":"filestoreService","type":"\u001bgcp.project.filestoreService","title":"Google Cloud (GCP) Filestore","desc":"Use this resource as the entry point for Filestore in the project. It hosts the project's `instances` — each exposing its service tier, file shares, network configuration, and capacity for managed NFS audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firestore":{"name":"firestore","type":"\u001bgcp.project.firestoreService","title":"GCP Firestore resources","min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firestoreService":{"name":"firestoreService","type":"\u001bgcp.project.firestoreService","title":"Google Cloud (GCP) Firestore","desc":"Use this resource as the entry point for Firestore in the project. It hosts the project's `databases` — each exposing its database type (Native or Datastore mode), location, concurrency mode, point-in-time recovery setting, and delete-protection state.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"gke":{"name":"gke","type":"\u001bgcp.project.gkeService","title":"GCP GKE resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gkeBackup":{"name":"gkeBackup","type":"\u001bgcp.project.gkeBackupService","title":"GCP GKE Backup resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gkeBackupService":{"name":"gkeBackupService","type":"\u001bgcp.project.gkeBackupService","title":"Google Cloud (GCP) Backup for GKE","desc":"Use this resource as the entry point for Backup for GKE in the project. It hosts the `backupPlans` that schedule cluster backups and the `restorePlans` that govern how those backups are restored.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"gkeService":{"name":"gkeService","type":"\u001bgcp.project.gkeService","title":"Google Kubernetes Engine (GKE)","desc":"Use this resource as the entry point for GKE in the project. It hosts the project's `clusters` — each exposing its node pools, network and control-plane configuration, workload identity, binary authorization, release channel, and security posture for Kubernetes audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"hasPublicIamBinding":{"name":"hasPublicIamBinding","type":"\u0004","title":"Whether the project's IAM policy grants any role to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthcare":{"name":"healthcare","type":"\u001bgcp.project.healthcareService","title":"GCP Cloud Healthcare resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthcareService":{"name":"healthcareService","type":"\u001bgcp.project.healthcareService","title":"Google Cloud (GCP) Cloud Healthcare API","desc":"Use this resource as the entry point for the Cloud Healthcare API in the project. It hosts the `datasets` and, through them, the DICOM, FHIR, and HL7v2 stores — exposing encryption configuration, time zone, and notification settings for healthcare-data audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"iam":{"name":"iam","type":"\u001bgcp.project.iamService","title":"GCP IAM resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamService":{"name":"iamService","type":"\u001bgcp.project.iamService","title":"Google Cloud (GCP) Identity and Access Management (IAM)","desc":"Use this resource to enumerate the project's IAM building blocks: the `serviceAccounts` and their service-account keys, custom `roles` defined in the project, and the Workload Identity Federation pools (and their external providers) reachable through `workloadIdentityPools`. This is the entry point for IAM audits — service-account-key sprawl, key rotation, custom role permission scope, and external federation trust anchors all hang off of here.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"iap":{"name":"iap","type":"\u001bgcp.project.iapService","title":"GCP Identity-Aware Proxy resources","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iapService":{"name":"iapService","type":"\u001bgcp.project.iapService","title":"Google Cloud (GCP) Identity-Aware Proxy (IAP)","desc":"Use this resource as the entry point for Identity-Aware Proxy in the project. It hosts the OAuth `brands` (and their OAuth clients) and the `tunnelDestGroups` that scope TCP forwarding for access-control audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique, user-assigned ID of the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ids":{"name":"ids","type":"\u001bgcp.project.idsService","title":"GCP Cloud IDS resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"idsService":{"name":"idsService","type":"\u001bgcp.project.idsService","title":"Google Cloud (GCP) Cloud IDS","desc":"Use this resource as the entry point for Cloud IDS in the project. It hosts the IDS `endpoints` — each exposing its severity threshold, inspected network, traffic-logging setting, and operational state for intrusion-detection audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"kms":{"name":"kms","type":"\u001bgcp.project.kmsService","title":"KMS-related resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsService":{"name":"kmsService","type":"\u001bgcp.project.kmsService","title":"Google Cloud (GCP) Cloud Key Management Service (KMS)","desc":"Use this resource as the entry point for Cloud KMS in the project. It hosts the `keyrings` and, through them, the crypto keys and key versions used for encryption — exposing rotation schedule, protection level, and IAM policy. `locations` lists the regions where key material can be created, and `retiredResources` surfaces deleted KMS resources.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"labels":{"name":"labels","type":"\u001a\u0007\u0007","title":"Labels associated with this project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lien":{"name":"lien","type":"\u001bgcp.project.lien","title":"Google Cloud (GCP) Resource Manager lien","desc":"Examine the encumbrances that block destructive operations on a project. A lien names the operations it blocks through `restrictions` (e.g. `resourcemanager.projects.delete`), the system that created it via `origin`, and a human-readable `reason`. Liens are deletion-protection controls — a project with a `resourcemanager.projects.delete` lien cannot be deleted until the lien is removed. Liens are selected by their system-generated `name` (e.g. `liens/1234abcd`).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"liens":{"name":"liens","type":"\u0019\u001bgcp.project.lien","title":"Resource Manager liens that block deletion or other operations on the project","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logging":{"name":"logging","type":"\u001bgcp.project.loggingservice","title":"Logging resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingservice":{"name":"loggingservice","type":"\u001bgcp.project.loggingservice","title":"Google Cloud (GCP) Cloud Logging","desc":"Use this resource as the entry point for Cloud Logging in the project. It hosts `buckets` (log storage with retention and CMEK settings), `metrics` (log-based metrics for alerting on security events), `sinks` (export configurations to Cloud Storage, BigQuery, or Pub/Sub), and `exclusions` (filters that drop matching log entries before ingestion). Together these are the primary surface for CIS logging benchmark controls.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"memcache":{"name":"memcache","type":"\u001bgcp.project.memcacheService","title":"GCP Memorystore for Memcached resources","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memcacheService":{"name":"memcacheService","type":"\u001bgcp.project.memcacheService","title":"Google Cloud (GCP) Memorystore for Memcached","desc":"Use this resource as the entry point for Memorystore for Memcached in the project. It hosts the project's `instances` — each exposing its node configuration, authorized network, memcached parameters, and maintenance settings for cache-tier audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"memorystore":{"name":"memorystore","type":"\u001bgcp.project.memorystoreService","title":"GCP Memorystore (unified Valkey/Redis) resources","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memorystoreService":{"name":"memorystoreService","type":"\u001bgcp.project.memorystoreService","title":"Google Cloud (GCP) Memorystore","desc":"Use this resource as the entry point for the unified Memorystore service (Valkey and Redis) in the project. It hosts the project's `instances` and the `backupCollections` that retain their backups — exposing node configuration, persistence, and encryption settings for cache-tier audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"modelArmor":{"name":"modelArmor","type":"\u001bgcp.project.modelArmorService","title":"GCP Model Armor resources","min_provider_version":"13.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modelArmorService":{"name":"modelArmorService","type":"\u001bgcp.project.modelArmorService","title":"Google Cloud (GCP) Model Armor","desc":"Use this resource as the entry point for Model Armor in the project. It hosts the safety-filter `templates` and the project `floorSetting` — the minimum AI safety configuration enforced across prompts and responses.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"monitoring":{"name":"monitoring","type":"\u001bgcp.project.monitoringService","title":"Monitoring resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"monitoringService":{"name":"monitoringService","type":"\u001bgcp.project.monitoringService","title":"Google Cloud (GCP) Cloud Monitoring","desc":"Use this resource as the entry point for Cloud Monitoring in the project. It hosts the observability surface: `alertPolicies`, `uptimeCheckConfigs`, `notificationChannels`, resource `groups`, `dashboards`, and the monitored `services` used for SLO tracking.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"name":{"name":"name","type":"\u0007","title":"Unique resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkSecurity":{"name":"networkSecurity","type":"\u001bgcp.project.networkSecurityService","title":"GCP Network Security resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkSecurityService":{"name":"networkSecurityService","type":"\u001bgcp.project.networkSecurityService","title":"Network Security service for a project","desc":"Use this resource to reach Google Cloud Network Security resources for a project: service-mesh `authorizationPolicies`, the `serverTlsPolicies` and `clientTlsPolicies` that govern TLS behavior, the `tlsInspectionPolicies` used to decrypt and inspect traffic, the `addressGroups` referenced by firewall policy rules, and the `urlLists` used for URL-based filtering.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"notebooks":{"name":"notebooks","type":"\u001bgcp.project.notebooksService","title":"GCP legacy Notebooks resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"notebooksService":{"name":"notebooksService","type":"\u001bgcp.project.notebooksService","title":"Google Cloud (GCP) Notebooks","desc":"Use this resource as the entry point for the legacy Notebooks service in the project. It hosts the user-managed notebook `instances` — each exposing its machine configuration, network settings, and public-IP exposure. New deployments should use `workbench` instead.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"number":{"name":"number","type":"\u0007","title":"Project number","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"orgPolicies":{"name":"orgPolicies","type":"\u0019\u001bgcp.orgPolicy","title":"Organization policies","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"orgPolicyConstraints":{"name":"orgPolicyConstraints","type":"\u0019\u001bgcp.orgPolicy.constraint","title":"Available organization policy constraints","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osConfig":{"name":"osConfig","type":"\u001bgcp.project.osConfigService","title":"GCP VM Manager (OS Config) resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osConfigService":{"name":"osConfigService","type":"\u001bgcp.project.osConfigService","title":"VM Manager (OS Config) service for a project","desc":"Use this resource to reach Google Cloud VM Manager resources for a project: `patchDeployments` lists scheduled OS patch rollouts and `osPolicyAssignments` lists the OS policy assignments applied to instances across every zone. Per-instance patch and vulnerability state is exposed on `gcp.project.computeService.instance` through its `inventory` and `vulnerabilityReport` fields.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"parentId":{"name":"parentId","type":"\u0007","title":"Parent ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"primitiveRoleBindings":{"name":"primitiveRoleBindings","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM bindings using primitive roles (roles/owner, roles/editor, roles/viewer); CIS recommends using predefined or custom roles instead","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsub":{"name":"pubsub","type":"\u001bgcp.project.pubsubService","title":"GCP pub/sub-related resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsubService":{"name":"pubsubService","type":"\u001bgcp.project.pubsubService","title":"Google Cloud (GCP) Pub/Sub","desc":"Use this resource as the entry point for Pub/Sub in the project. It hosts the messaging surface: `topics` and their `subscriptions`, point-in-time `snapshots`, and the `schemas` that validate message payloads — each exposing IAM policy, encryption, and retention settings.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"recommendations":{"name":"recommendations","type":"\u0019\u001bgcp.recommendation","title":"List of recommendations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"redis":{"name":"redis","type":"\u001bgcp.project.redisService","title":"GCP Redis resources","min_provider_version":"11.0.79","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"redisService":{"name":"redisService","type":"\u001bgcp.project.redisService","title":"Google Cloud (GCP) Memorystore for Redis","desc":"Use this resource as the entry point for Memorystore for Redis in the project. It hosts the managed-Redis `instances` and the newer `clusters` (sharded Memorystore for Redis Cluster deployments) — each exposing auth mode, transit encryption, authorized network, and maintenance settings for cache-tier audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sccFindings":{"name":"sccFindings","type":"\u0019\u001bgcp.scc.finding","title":"Security Command Center findings for this project (active findings only)","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secretmanager":{"name":"secretmanager","type":"\u001bgcp.project.secretmanagerService","title":"GCP Secret Manager resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secretmanagerService":{"name":"secretmanagerService","type":"\u001bgcp.project.secretmanagerService","title":"Google Cloud (GCP) Secret Manager","desc":"Use this resource as the entry point for Secret Manager in the project. It hosts the project's `secrets` — each exposing its replication policy, rotation schedule, expiration, version state, and IAM policy for secret-management audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"services":{"name":"services","type":"\u0019\u001bgcp.service","title":"List of available and enabled services for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceRepositories":{"name":"sourceRepositories","type":"\u001bgcp.project.sourceRepositoriesService","title":"GCP Cloud Source Repositories resources","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceRepositoriesService":{"name":"sourceRepositoriesService","type":"\u001bgcp.project.sourceRepositoriesService","title":"Google Cloud (GCP) Cloud Source Repositories","desc":"Use this resource as the entry point for Cloud Source Repositories in the project. It hosts the project's `repos` — each exposing its size, mirror configuration, and IAM policy for source-control audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"spanner":{"name":"spanner","type":"\u001bgcp.project.spannerService","title":"GCP Spanner resources","min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"spannerService":{"name":"spannerService","type":"\u001bgcp.project.spannerService","title":"Google Cloud (GCP) Spanner","desc":"Use this resource as the entry point for Spanner in the project. It hosts the project's `instances` (with their databases and backups) and the available `instanceConfigs` that determine regional and multi-region placement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sql":{"name":"sql","type":"\u001bgcp.project.sqlService","title":"GCP Cloud SQL resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sqlService":{"name":"sqlService","type":"\u001bgcp.project.sqlService","title":"Google Cloud (GCP) Cloud SQL","desc":"Use this resource as the entry point for Cloud SQL in the project. It hosts the managed-database `instances` — each exposing its database engine and version, connection settings, automated backup configuration, SSL/TLS enforcement, authorized networks, and database flags for relational-database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"state":{"name":"state","type":"\u0007","title":"Project lifecycle state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storage":{"name":"storage","type":"\u001bgcp.project.storageService","title":"GCP Storage resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageService":{"name":"storageService","type":"\u001bgcp.project.storageService","title":"Google Cloud (GCP) Cloud Storage","desc":"Use this resource as the entry point for Cloud Storage in the project. It hosts the project's `buckets`, each exposing its IAM policy, uniform bucket-level access setting, public-access prevention, retention and versioning policies, default encryption key, and lifecycle rules for object-storage audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"tagBinding":{"name":"tagBinding","type":"\u001bgcp.project.tagBinding","title":"Google Cloud (GCP) Resource Manager tag binding","desc":"Examine the connection between a tag value and the project. A tag binding applies a `tagValue` to the bound resource and all of its descendants, and tags drive conditional IAM and organization-policy enforcement. The `tagValueNamespacedName` gives the human-readable key/value path and `resource` identifies the bound resource. Tag bindings are selected by their `name`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"tagBindings":{"name":"tagBindings","type":"\u0019\u001bgcp.project.tagBinding","title":"Resource Manager tag bindings attached to the project","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vertexai":{"name":"vertexai","type":"\u001bgcp.project.vertexaiService","title":"GCP Vertex AI resources","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vertexaiService":{"name":"vertexaiService","type":"\u001bgcp.project.vertexaiService","title":"Google Cloud (GCP) Vertex AI","desc":"Use this resource as the entry point for Vertex AI in the project. It hosts the machine-learning surface: `models`, `endpoints`, `datasets`, `customJobs`, `pipelineJobs`, `featureOnlineStores`, `tensorboards`, `metadataStores`, and the vector-search `indexes` and `indexEndpoints`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"workbench":{"name":"workbench","type":"\u001bgcp.project.workbenchService","title":"GCP Vertex AI Workbench resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workbenchService":{"name":"workbenchService","type":"\u001bgcp.project.workbenchService","title":"Google Cloud (GCP) Vertex AI Workbench","desc":"Use this resource as the entry point for Vertex AI Workbench in the project. It hosts the managed notebook `instances` — each exposing its machine configuration, network and access settings, health state, and public-IP exposure for data-science environment audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"workflows":{"name":"workflows","type":"\u001bgcp.project.workflowsService","title":"GCP Workflows resources","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workflowsService":{"name":"workflowsService","type":"\u001bgcp.project.workflowsService","title":"Google Cloud Workflows","desc":"Use this resource as the entry point for Workflows in the project. It hosts the `workflows` — serverless orchestrations that chain together services and APIs — and `enabled` reports whether the Workflows API is turned on for the project.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"workstations":{"name":"workstations","type":"\u001bgcp.project.workstationsService","title":"GCP Cloud Workstations resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workstationsService":{"name":"workstationsService","type":"\u001bgcp.project.workstationsService","title":"Google Cloud (GCP) Cloud Workstations","desc":"Use this resource as the entry point for Cloud Workstations in the project. It hosts the workstation `clusters` — each exposing its network configuration, private-cluster settings, and degraded state for managed-development-environment audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud project","desc":"Examine a Google Cloud project — the resource container that owns every Compute, Storage, IAM, GKE, BigQuery, Cloud SQL, and other service-specific deployment in the account. Surfaces the project ID and number, lifecycle state, labels, parent organization or folder, the IAM policy and audit-log configuration (with the `hasPublicIamBinding`, `primitiveRoleBindings`, and `dataAccessLoggingEnabled` predicates that drive CIS controls 1.x and 2.1), enabled `services()`, recommendations, the project's `essentialContacts` and `apiKeys`, and the access-approval settings. Service-specific entry points hang off the project as accessor methods — `compute()`, `gke()`, `storage()`, `sql()`, `dns()`, `bigquery()`, `iam()`, `kms()`, `pubsub()`, `cloudFunctions()`, `cloudRun()`, `dataproc()`, `dataflow()`, `firestore()`, `spanner()`, `bigtable()`, `alloydb()`, `redis()`, `secretmanager()`, `binaryAuthorization()`, `monitoring()`, `logging()`, and many others — letting you traverse from a single project into every modeled service it uses.","min_provider_version":"9.0.0","defaults":"name number","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcloud.resourcemanager":{"id":"gcloud.resourcemanager","fields":{"binding":{"name":"binding","type":"\u001bgcloud.resourcemanager.binding","title":"Google Cloud (GCP) Resource Manager binding","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"is_extension":true},"gcloud.resourcemanager.binding":{"id":"gcp.resourcemanager.binding","name":"gcp.resourcemanager.binding","fields":{"conditionDescription":{"name":"conditionDescription","type":"\u0007","is_mandatory":true,"title":"Description of the IAM condition that scopes this binding","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"conditionExpression":{"name":"conditionExpression","type":"\u0007","is_mandatory":true,"title":"CEL expression of the IAM condition that scopes this binding (empty when the binding is unconditional)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"conditionTitle":{"name":"conditionTitle","type":"\u0007","is_mandatory":true,"title":"Title of the IAM condition that scopes this binding (empty when the binding is unconditional)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"grantsImpersonation":{"name":"grantsImpersonation","type":"\u0004","title":"Whether the bound role grants service-account impersonation","desc":"True when the role is one of roles/iam.serviceAccountTokenCreator, roles/iam.serviceAccountUser, roles/iam.workloadIdentityUser, or roles/iam.serviceAccountKeyAdmin — the roles that surface impersonation and privilege-escalation paths.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasExternalMembers":{"name":"hasExternalMembers","type":"\u0004","title":"Whether any member is allUsers or allAuthenticatedUsers, exposing the binding to the public","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isPrimitiveRole":{"name":"isPrimitiveRole","type":"\u0004","title":"Whether the bound role is a primitive role (roles/owner, roles/editor, or roles/viewer)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"members":{"name":"members","type":"\u0019\u0007","is_mandatory":true,"title":"Principals requesting access for a Google Cloud resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"role":{"name":"role","type":"\u0007","is_mandatory":true,"title":"Role assigned to the list of members or principals","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Resource Manager binding","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcloud.sql":{"id":"gcp.project.sqlService","name":"gcp.project.sqlService","fields":{"backupRun":{"name":"backupRun","type":"\u001bgcp.project.sqlService.backupRun","title":"Google Cloud SQL backup run","desc":"Examine a Cloud SQL backup run's status, timing, and storage configuration. Surfaces the `backupKind` (SNAPSHOT or PHYSICAL), `status` (ENQUEUED, RUNNING, FAILED, SUCCESSFUL, SKIPPED, DELETED), `startTime`, `endTime`, `enqueuedTime`, `location`, `databaseVersion` at backup time, disk-encryption configuration, and any `error` details for failed runs. The `type` field distinguishes AUTOMATED, ON_DEMAND, and FINAL backups.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instance":{"name":"instance","type":"\u001bgcloud.sql.instance","title":"Google Cloud SQL managed database instance","desc":"Examine a Cloud SQL instance's configuration, connectivity, and security posture. Surfaces the `databaseVersion`, `state`, `region`, `zone()`, instance `settings` (backup configuration, IP configuration, database flags, password policy, maintenance window), assigned `ipAddresses`, CMEK disk-encryption key (`kmsKey()`), replica configuration, and PSC / private networking attributes. Derived predicates include `publicIpEnabled()`, `backupConfigurationEnabled()`, `pointInTimeRecoveryEnabled()`, `hasBuiltInUsers()`, and `localRootEnabled()`. Child collections expose `databases()`, `users()`, `sslCerts()`, and `backupRuns()`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.sqlService.instance","title":"List of Cloud SQL instances in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud SQL","desc":"Use this resource as the entry point for Cloud SQL in the project. It hosts the managed-database `instances` — each exposing its database engine and version, connection settings, automated backup configuration, SSL/TLS enforcement, authorized networks, and database flags for relational-database audits.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcloud.sql.instance":{"id":"gcp.project.sqlService.instance","name":"gcp.project.sqlService.instance","fields":{"availableMaintenanceVersions":{"name":"availableMaintenanceVersions","type":"\u0019\u0007","is_mandatory":true,"title":"All maintenance versions applicable on the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backendType":{"name":"backendType","type":"\u0007","is_mandatory":true,"title":"Backend type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupConfigurationEnabled":{"name":"backupConfigurationEnabled","type":"\u0004","title":"Whether automated backups are enabled — flat hoist of settings.backupConfiguration.enabled","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupRuns":{"name":"backupRuns","type":"\u0019\u001bgcp.project.sqlService.backupRun","title":"List of backup runs for the current SQL instance","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionName":{"name":"connectionName","type":"\u0007","is_mandatory":true,"title":"Connection name of the instance used in connection strings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"currentDiskSize":{"name":"currentDiskSize","type":"\u0005","is_mandatory":true,"title":"Current disk usage of the instance in bytes","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"database":{"name":"database","type":"\u001bgcp.project.sqlService.instance.database","title":"Google Cloud (GCP) SQL instance database","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"databaseInstalledVersion":{"name":"databaseInstalledVersion","type":"\u0007","is_mandatory":true,"title":"Current database version running on the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseVersion":{"name":"databaseVersion","type":"\u0007","is_mandatory":true,"title":"Database engine type and version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databases":{"name":"databases","type":"\u0019\u001bgcp.project.sqlService.instance.database","title":"List of the databases in the current SQL instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskEncryptionConfiguration":{"name":"diskEncryptionConfiguration","type":"\n","is_mandatory":true,"title":"Disk encryption configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskEncryptionStatus":{"name":"diskEncryptionStatus","type":"\n","is_mandatory":true,"title":"Disk encryption status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsName":{"name":"dnsName","type":"\u0007","is_mandatory":true,"title":"The DNS name of the instance","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsNames":{"name":"dnsNames","type":"\u0019\n","is_mandatory":true,"title":"DNS names for this instance (`{name, connectionType, dnsScope, recordManager}`)","desc":"Each entry exposes the DNS name, its connection type (PUBLIC, PRIVATE_SERVICES_ACCESS, PRIVATE_SERVICE_CONNECT), DNS scope (INSTANCE, CLUSTER), and record manager (CUSTOMER, CLOUD_SQL_AUTOMATION).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic locking","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"failoverReplica":{"name":"failoverReplica","type":"\n","is_mandatory":true,"title":"Name and status of the failover replica","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gceZone":{"name":"gceZone","type":"\u0007","is_mandatory":true,"title":"Raw GCE zone name","desc":"Deprecated in favor of `zone`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"hasBuiltInUsers":{"name":"hasBuiltInUsers","type":"\u0004","title":"Whether the instance has any built-in (non-IAM) database users","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceType":{"name":"instanceType","type":"\u0007","is_mandatory":true,"title":"Instance type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipAddresses":{"name":"ipAddresses","type":"\u0019\u001bgcp.project.sqlService.instance.ipMapping","is_mandatory":true,"title":"Assigned IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipMapping":{"name":"ipMapping","type":"\u001bgcp.project.sqlService.instance.ipMapping","title":"Google Cloud (GCP) SQL instance IP mapping","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used for disk encryption (null when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"localRootEnabled":{"name":"localRootEnabled","type":"\u0004","title":"Whether a built-in 'root' user exists (the most common SQL hardening finding)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceVersion":{"name":"maintenanceVersion","type":"\u0007","is_mandatory":true,"title":"Current software version on the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"masterInstanceName":{"name":"masterInstanceName","type":"\u0007","is_mandatory":true,"title":"Name of the instance that acts as primary in the replica","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxDiskSize":{"name":"maxDiskSize","type":"\u0005","is_mandatory":true,"title":"Maximum disk size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pointInTimeRecoveryEnabled":{"name":"pointInTimeRecoveryEnabled","type":"\u0004","title":"Whether point-in-time recovery is enabled — flat hoist of settings.backupConfiguration.pointInTimeRecoveryEnabled","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"primaryDnsName":{"name":"primaryDnsName","type":"\u0007","is_mandatory":true,"title":"Primary DNS name for the replication group","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscServiceAttachmentLink":{"name":"pscServiceAttachmentLink","type":"\u0007","is_mandatory":true,"title":"PSC service attachment link","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicIpEnabled":{"name":"publicIpEnabled","type":"\u0004","title":"Whether the instance is reachable on a public IP — flat hoist of settings.ipConfiguration.ipv4Enabled","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u0007","is_mandatory":true,"title":"Cloud SQL region the instance is deployed in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaConfiguration":{"name":"replicaConfiguration","type":"\n","is_mandatory":true,"title":"Replica configuration (failoverTarget, cascadableReplica, mysqlReplicaConfiguration)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaNames":{"name":"replicaNames","type":"\u0019\u0007","is_mandatory":true,"title":"Names of read-replica instances of this primary","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicationCluster":{"name":"replicationCluster","type":"\n","is_mandatory":true,"title":"Primary/DR replica pairing for the instance (`{drReplica, failoverDrReplicaName, psaWriteEndpoint}`)","desc":"Cross-region DR replication is an Enterprise Plus feature for MySQL and PostgreSQL. `drReplica` is true on the DR replica side; `failoverDrReplicaName` is set on the primary to designate the DR replica.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies Google's Protected Zone Integration requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies Google's Protected Zone Separation requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scheduledMaintenance":{"name":"scheduledMaintenance","type":"\n","is_mandatory":true,"title":"Upcoming scheduled maintenance window (`{startTime, canDefer, canReschedule, scheduleDeadlineTime}`)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secondaryZone":{"name":"secondaryZone","type":"\u001bgcp.project.computeService.zone","title":"Compute Engine zone of the failover instance","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCaCertExpiration":{"name":"serverCaCertExpiration","type":"\t","is_mandatory":true,"title":"Expiration time of the instance's server CA certificate used for TLS","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmailAddress":{"name":"serviceAccountEmailAddress","type":"\u0007","is_mandatory":true,"title":"Service account email address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"settings":{"name":"settings","type":"\u001bgcp.project.sqlService.instance.settings","is_mandatory":true,"title":"Detailed Cloud SQL instance configuration (tier, flags, backups, network, IAM)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sqlNetworkArchitecture":{"name":"sqlNetworkArchitecture","type":"\u0007","is_mandatory":true,"title":"The SQL network architecture for the instance (NEW_NETWORK_ARCHITECTURE or OLD_NETWORK_ARCHITECTURE)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslCert":{"name":"sslCert","type":"\u001bgcp.project.sqlService.instance.sslCert","title":"Google Cloud SQL instance SSL/TLS client certificate","desc":"Examine a Cloud SQL client certificate used for SSL/TLS mutual authentication. Surfaces the `commonName`, `sha1Fingerprint`, `certSerialNumber`, the PEM-encoded `cert` body, `createTime`, and `expirationTime`. Use `expirationTime` to audit certificates approaching their expiry.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sslCerts":{"name":"sslCerts","type":"\u0019\u001bgcp.project.sqlService.instance.sslCert","title":"List of SSL/TLS certificates for the current SQL instance","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Instance state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"suspensionReason":{"name":"suspensionReason","type":"\u0019\u0007","is_mandatory":true,"title":"If the instance state is SUSPENDED, the reason for the suspension","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"switchTransactionLogsToCloudStorageEnabled":{"name":"switchTransactionLogsToCloudStorageEnabled","type":"\u0004","is_mandatory":true,"title":"Whether transaction logs can switch to Cloud Storage","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"upgradableDatabaseVersions":{"name":"upgradableDatabaseVersions","type":"\u0019\n","is_mandatory":true,"title":"Database versions available for upgrade (`{name, majorVersion, displayName}`)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"user":{"name":"user","type":"\u001bgcp.project.sqlService.instance.user","title":"Google Cloud SQL database user","desc":"Examine a Cloud SQL database user's authentication type and access configuration. Surfaces the `name`, `host` (MySQL-specific connection restriction), `type` (BUILT_IN, CLOUD_IAM_USER, CLOUD_IAM_SERVICE_ACCOUNT, CLOUD_IAM_GROUP, CLOUD_IAM_GROUP_USER, CLOUD_IAM_GROUP_SERVICE_ACCOUNT), `iamEmail` for Cloud IAM principals, `databaseRoles` (PostgreSQL and SQL Server), `dualPasswordType`, and `passwordPolicy`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"users":{"name":"users","type":"\u0019\u001bgcp.project.sqlService.instance.user","title":"List of users in the current SQL instance","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"writeEndpoint":{"name":"writeEndpoint","type":"\u0007","is_mandatory":true,"title":"Write endpoint DNS name","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","title":"Compute Engine zone that the instance is currently serviced from","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud SQL managed database instance","desc":"Examine a Cloud SQL instance's configuration, connectivity, and security posture. Surfaces the `databaseVersion`, `state`, `region`, `zone()`, instance `settings` (backup configuration, IP configuration, database flags, password policy, maintenance window), assigned `ipAddresses`, CMEK disk-encryption key (`kmsKey()`), replica configuration, and PSC / private networking attributes. Derived predicates include `publicIpEnabled()`, `backupConfigurationEnabled()`, `pointInTimeRecoveryEnabled()`, `hasBuiltInUsers()`, and `localRootEnabled()`. Child collections expose `databases()`, `users()`, `sslCerts()`, and `backupRuns()`.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcloud.storage":{"id":"gcp.project.storageService","name":"gcp.project.storageService","fields":{"bucket":{"name":"bucket","type":"\u001bgcloud.storage.bucket","title":"Google Cloud Storage bucket","desc":"Examine a Cloud Storage bucket's configuration, access controls, and data-protection settings. Surfaces the `storageClass`, `location` and `locationType`, `labels`, IAM policy (including `public()` which flags any `allUsers` / `allAuthenticatedUsers` grant), `iamConfiguration` (uniform bucket-level access, public access prevention), `retentionPolicy` and `retentionPolicyLocked`, object `versioningEnabled`, default CMEK encryption key (`defaultKmsKey()`), lifecycle management rules (`lifecycle`), and soft-delete policy. The `loggingEnabled` predicate indicates whether access logs are being exported to another bucket. Cloud DLP integration surfaces the bucket's `dlpDataProfile()` when enabled.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"buckets":{"name":"buckets","type":"\u0019\u001bgcp.project.storageService.bucket","title":"List all buckets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Storage","desc":"Use this resource as the entry point for Cloud Storage in the project. It hosts the project's `buckets`, each exposing its IAM policy, uniform bucket-level access setting, public-access prevention, retention and versioning policies, default encryption key, and lifecycle rules for object-storage audits.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcloud.storage.bucket":{"id":"gcp.project.storageService.bucket","name":"gcp.project.storageService.bucket","fields":{"acl":{"name":"acl","type":"\u0019\n","title":"Bucket-level access control list (legacy, only populated when uniform bucket-level access is disabled)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"autoclass":{"name":"autoclass","type":"\n","is_mandatory":true,"title":"Automatic storage class management (enabled, toggleTime, terminalStorageClass)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"billing":{"name":"billing","type":"\n","is_mandatory":true,"title":"Billing configuration","desc":"Shape: `{requesterPays}`. When `requesterPays` is true, the caller (not the bucket owner) is billed for requests and egress.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cors":{"name":"cors","type":"\u0019\n","is_mandatory":true,"title":"Cross-Origin Resource Sharing (CORS) rules","desc":"Each rule is shaped `{origin, method, responseHeader, maxAgeSeconds}`. `origin` and `method` lists permit `\"*\"` to mean any origin or method. Used to audit static-site buckets for overly permissive CORS.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customPlacementConfig":{"name":"customPlacementConfig","type":"\n","is_mandatory":true,"title":"Custom placement configuration for dual-region buckets","desc":"Shape: `{dataLocations}`. `dataLocations` is the list of regional locations where data is replicated for this bucket's dual-region placement.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultEventBasedHold":{"name":"defaultEventBasedHold","type":"\u0004","is_mandatory":true,"title":"Whether a default event-based hold is enabled for newly created objects","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultKmsKey":{"name":"defaultKmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Default Cloud KMS encryption key for new objects in this bucket","min_provider_version":"13.2.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultObjectAcl":{"name":"defaultObjectAcl","type":"\u0019\n","title":"Default access control list applied to newly-created objects (legacy, only populated when uniform bucket-level access is disabled)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dlpDataProfile":{"name":"dlpDataProfile","type":"\u001bgcp.project.dlpService.fileStoreDataProfile","title":"Cloud DLP file-store data profile for this bucket","desc":"Reports sensitivity score, risk level, and detected infoTypes. Null when discovery has not profiled this bucket or DLP is not enabled in the project.","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryption":{"name":"encryption","type":"\n","is_mandatory":true,"title":"Encryption configuration","desc":"Includes the default CMEK key (`defaultKmsKeyName`) and the per-type enforcement configs that gate which encryption types may be used for newly-written objects: `customerManagedEncryptionEnforcementConfig`, `customerSuppliedEncryptionEnforcementConfig`, and `googleManagedEncryptionEnforcementConfig`. Each enforcement entry has `effectiveTime` and `restrictionMode` (`NotRestricted` or `FullyRestricted`).","min_provider_version":"11.0.57","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hierarchicalNamespace":{"name":"hierarchicalNamespace","type":"\n","is_mandatory":true,"title":"Hierarchical namespace configuration","desc":"Shape: `{enabled}`. When enabled, the bucket uses folder-based filesystem semantics instead of flat object naming. Policies often want to flag hierarchical-namespace buckets because object and folder operations differ from a standard flat bucket.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamConfiguration":{"name":"iamConfiguration","type":"\n","is_mandatory":true,"title":"IAM configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Bucket ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipFilter":{"name":"ipFilter","type":"\n","is_mandatory":true,"title":"IP filter configuration","desc":"Restricts which networks may access the bucket and its objects. Shape: `{mode, allowAllServiceAgentAccess, allowCrossOrgVpcs, publicNetworkSource, vpcNetworkSources}`. `mode` is `Enabled` or `Disabled` and the filter is only enforced when `Enabled`. `publicNetworkSource` lists allowed public CIDR ranges; `vpcNetworkSources` lists allowed VPC networks with their CIDR ranges.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lifecycle":{"name":"lifecycle","type":"\u0019\u001bgcp.project.storageService.bucket.lifecycleRule","is_mandatory":true,"title":"Lifecycle configuration","min_provider_version":"11.0.79","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lifecycleRule":{"name":"lifecycleRule","type":"\u001bgcp.project.storageService.bucket.lifecycleRule","title":"Google Cloud bucket's lifecycle configuration","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"lifecycleRuleAction":{"name":"lifecycleRuleAction","type":"\u001bgcp.project.storageService.bucket.lifecycleRuleAction","title":"Lifecycle management rule action and conditions","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"lifecycleRuleCondition":{"name":"lifecycleRuleCondition","type":"\u001bgcp.project.storageService.bucket.lifecycleRuleCondition","title":"The condition(s) under which the action will be taken","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Bucket location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locationType":{"name":"locationType","type":"\u0007","is_mandatory":true,"title":"Bucket location type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logging":{"name":"logging","type":"\n","is_mandatory":true,"title":"Access-log destination configuration","desc":"Shape: `{logBucket, logObjectPrefix}`. `logBucket` is the destination bucket that receives this bucket's access logs; `logObjectPrefix` is an optional prefix applied to log object names. Use this to find where logs go; the `loggingEnabled` predicate is the simple is-it-on check.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingEnabled":{"name":"loggingEnabled","type":"\u0004","is_mandatory":true,"title":"Whether bucket access logs are configured (logging.logBucket is set)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metageneration":{"name":"metageneration","type":"\u0005","is_mandatory":true,"title":"Metadata generation of the bucket","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Bucket name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"objectRetentionMode":{"name":"objectRetentionMode","type":"\u0007","is_mandatory":true,"title":"Object retention mode (Enabled or empty)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"owner":{"name":"owner","type":"\n","is_mandatory":true,"title":"Bucket owner","desc":"Shape: `{entity, entityId}`. `entity` is typically `project-owner-\u003cprojectId\u003e`; `entityId` is the entity's stable ID.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectNumber":{"name":"projectNumber","type":"\u0007","is_mandatory":true,"title":"Project number","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether the bucket is publicly accessible via any mechanism","desc":"Reflects IAM policy, bucket ACL, or default object ACL. Returns false when iamConfiguration.publicAccessPrevention is \"enforced\".","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicAccessPrevention":{"name":"publicAccessPrevention","type":"\u0007","is_mandatory":true,"title":"Public access prevention setting (inherited, enforced, unspecified)","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retentionPolicy":{"name":"retentionPolicy","type":"\n","is_mandatory":true,"title":"Retention policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retentionPolicyLocked":{"name":"retentionPolicyLocked","type":"\u0004","is_mandatory":true,"title":"Whether the bucket's retention policy is locked (retentionPolicy.isLocked == true)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rpo":{"name":"rpo","type":"\u0007","is_mandatory":true,"title":"Recovery Point Objective for cross-region replication (DEFAULT, ASYNC_TURBO)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPZI":{"name":"satisfiesPZI","type":"\u0004","is_mandatory":true,"title":"Whether the bucket satisfies Google's Protected Zone Isolation requirements","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPZS":{"name":"satisfiesPZS","type":"\u0004","is_mandatory":true,"title":"Whether the bucket satisfies Google's Protected Zone Separation requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"softDeletePolicy":{"name":"softDeletePolicy","type":"\n","is_mandatory":true,"title":"Soft delete policy (retentionDurationSeconds, effectiveTime)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"softDeletePolicyEnabled":{"name":"softDeletePolicyEnabled","type":"\u0004","title":"Whether soft-delete is enabled — true when softDeletePolicy.retentionDurationSeconds \u003e 0","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"softDeleteTime":{"name":"softDeleteTime","type":"\t","is_mandatory":true,"title":"Effective soft-delete timestamp","desc":"The time at which the bucket itself was soft-deleted, separate from `softDeletePolicy` which configures object-level soft-delete retention. Null on live buckets.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageClass":{"name":"storageClass","type":"\u0007","is_mandatory":true,"title":"Default storage class","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uniformBucketLevelAccess":{"name":"uniformBucketLevelAccess","type":"\n","is_mandatory":true,"title":"Uniform bucket-level access configuration (enabled, lockedTime)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uniformBucketLevelAccessEnabled":{"name":"uniformBucketLevelAccessEnabled","type":"\u0004","title":"Whether uniform bucket-level access is enabled — flat hoist of uniformBucketLevelAccess.enabled","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versioningEnabled":{"name":"versioningEnabled","type":"\u0004","is_mandatory":true,"title":"Whether object versioning is enabled","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"website":{"name":"website","type":"\n","is_mandatory":true,"title":"Static-website hosting configuration","desc":"Shape: `{mainPageSuffix, notFoundPage}`. `mainPageSuffix` is appended to directory-like requests (typically `index.html`); `notFoundPage` is the object returned for 404 responses. Presence indicates the bucket is serving as a static website.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Storage bucket","desc":"Examine a Cloud Storage bucket's configuration, access controls, and data-protection settings. Surfaces the `storageClass`, `location` and `locationType`, `labels`, IAM policy (including `public()` which flags any `allUsers` / `allAuthenticatedUsers` grant), `iamConfiguration` (uniform bucket-level access, public access prevention), `retentionPolicy` and `retentionPolicyLocked`, object `versioningEnabled`, default CMEK encryption key (`defaultKmsKey()`), lifecycle management rules (`lifecycle`), and soft-delete policy. The `loggingEnabled` predicate indicates whether access logs are being exported to another bucket. Cloud DLP integration surfaces the bucket's `dlpDataProfile()` when enabled.","private":true,"min_provider_version":"9.0.0","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp":{"id":"gcp","fields":{"accessApprovalSettings":{"name":"accessApprovalSettings","type":"\u001bgcp.accessApprovalSettings","title":"Google Cloud (GCP) Access Approval settings","desc":"Examine the Access Approval configuration for a project, folder, or organization. Covers enrolled Google Cloud services, notification email addresses for approval requests, the active asymmetric KMS key version used to sign approvals, and whether an ancestor resource has enrolled or configured a key — enabling audits of which services require explicit human approval before Google personnel can access customer resources.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"accesscontextmanager":{"name":"accesscontextmanager","type":"\u001bgcp.accesscontextmanager","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"alloydb":{"name":"alloydb","type":"\u001bgcp.alloydb","title":"Google Cloud (GCP) AlloyDB for PostgreSQL","desc":"Use this resource as the entry point for AlloyDB in the project. It hosts the project's `clusters` — each exposing its primary and read-pool instances, automated backup policy, encryption configuration, and network settings for PostgreSQL-compatible database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"artifactregistry":{"name":"artifactregistry","type":"\u001bgcp.artifactregistry","title":"Google Cloud (GCP) Artifact Registry","desc":"Use this resource as the entry point for Artifact Registry in the project. It hosts the project's `repositories` — each exposing its format, mode, encryption configuration, cleanup policies, and IAM policy for container-image and package-storage audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupdr":{"name":"backupdr","type":"\u001bgcp.backupdr","title":"Google Cloud (GCP) Backup and DR Service","desc":"Use this resource as the entry point for the Backup and DR Service in the project. It hosts the `managementServers`, the `backupVaults` that store immutable backups, and the `backupPlans` that schedule them — exposing retention and enforcement settings for data-protection audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"bigquery":{"name":"bigquery","type":"\u001bgcp.bigquery","title":"Google Cloud BigQuery service","desc":"Use this resource as the entry point for BigQuery in the project. It hosts the project's `datasets()` (with their tables, models, routines, access entries, and CMEK encryption), `connections()` to external data sources, and slot `reservations()` for capacity management audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"bigtable":{"name":"bigtable","type":"\u001bgcp.bigtable","title":"Google Cloud (GCP) Bigtable","desc":"Use this resource as the entry point for Bigtable in the project. It hosts the project's `instances` — each exposing its clusters, app profiles, storage type, and encryption configuration for wide-column database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudIdentity":{"name":"cloudIdentity","type":"\u001bgcp.cloudIdentity","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"compute":{"name":"compute","type":"\u001bgcp.compute","title":"Google Cloud (GCP) Compute Engine","desc":"Use this resource as the entry point for Compute Engine in the project. It hosts the compute surface (`instances`, `disks`, `snapshots`, `images`, `instanceTemplates`, `instanceGroups`, `instanceGroupManagers`, `machineTypes`, `storagePools`), the VPC networking layer (`networks`, `subnetworks`, `routers`, `routes`, `firewalls`, `firewallPolicies`, `addresses`), load balancing (`backendServices`, `backendBuckets`, `urlMaps`, the `target*Proxies`, `forwardingRules`, `healthChecks`, `targetPools`, `networkEndpointGroups`), hybrid connectivity (`vpnGateways`, `vpnTunnels`, `externalVpnGateways`, `interconnects`, `interconnectAttachments`), and security controls (`securityPolicies` for Cloud Armor, `sslPolicies`, `sslCertificates`, `packetMirrorings`). `hasDefaultNetwork` audits whether the auto-created `default` VPC network still exists.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"datastream":{"name":"datastream","type":"\u001bgcp.datastream","title":"Google Cloud (GCP) Datastream","desc":"Use this resource as the entry point for Datastream in the project. It hosts the change-data-capture surface: `streams`, the source and destination `connectionProfiles` they use, and the `privateConnections` that provide private network connectivity.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dns":{"name":"dns","type":"\u001bgcp.dns","title":"Google Cloud (GCP) Cloud DNS","desc":"Use this resource as the entry point for Cloud DNS in the project. It hosts the `managedZones` (public and private DNS zones, including their DNSSEC state and record sets) and the `policies` that govern inbound and outbound DNS resolution for the project's VPC networks.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"essentialContact":{"name":"essentialContact","type":"\u001bgcp.essentialContact","title":"Google Cloud (GCP) Essential Contacts entry","desc":"Examine a contact registered to receive security, legal, billing, technical, or product-update notifications for a GCP organization, folder, or project. Exposes the contact's email address, preferred language, the notification categories they are subscribed to, and their validation state — allowing audits to confirm that critical security contacts are present and validated.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firestore":{"name":"firestore","type":"\u001bgcp.firestore","title":"Google Cloud (GCP) Firestore","desc":"Use this resource as the entry point for Firestore in the project. It hosts the project's `databases` — each exposing its database type (Native or Datastore mode), location, concurrency mode, point-in-time recovery setting, and delete-protection state.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"folder":{"name":"folder","type":"\u001bgcp.folder","title":"Google Cloud (GCP) folder","desc":"Examine a Cloud Resource Manager folder — a node in the org hierarchy between the organization and its projects. Surfaces the folder `id`, `name`, `parentId`, lifecycle `state`, creation and update timestamps, and the timestamp when deletion was requested. Use `folders()` to enumerate immediate child folders and `projects()` to list the projects directly under this folder.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"folders":{"name":"folders","type":"\u001bgcp.folders","title":"Google Cloud (GCP) folders","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"memcache":{"name":"memcache","type":"\u001bgcp.memcache","title":"Google Cloud (GCP) Memorystore for Memcached","desc":"Use this resource as the entry point for Memorystore for Memcached in the project. It hosts the project's `instances` — each exposing its node configuration, authorized network, memcached parameters, and maintenance settings for cache-tier audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"memorystore":{"name":"memorystore","type":"\u001bgcp.memorystore","title":"Google Cloud (GCP) Memorystore","desc":"Use this resource as the entry point for the unified Memorystore service (Valkey and Redis) in the project. It hosts the project's `instances` and the `backupCollections` that retain their backups — exposing node configuration, persistence, and encryption settings for cache-tier audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"modelarmor":{"name":"modelarmor","type":"\u001bgcp.modelarmor","title":"Google Cloud (GCP) Model Armor","desc":"Use this resource as the entry point for Model Armor in the project. It hosts the safety-filter `templates` and the project `floorSetting` — the minimum AI safety configuration enforced across prompts and responses.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"orgPolicy":{"name":"orgPolicy","type":"\u001bgcp.orgPolicy","title":"Google Cloud (GCP) Organization Policy","desc":"Examine an Organization Policy applied to a project, folder, or organization. Query the `constraintName` (e.g., `constraints/compute.disableSerialPortAccess`), the effective `spec` (rules and inheritance behavior), the dry-run `dryRunSpec` for testing policy changes before enforcement, and the `etag` for optimistic concurrency control.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"organization":{"name":"organization","type":"\u001bgcp.organization","title":"Google Cloud organization","desc":"Examine the Cloud Resource Manager organization that contains the account's folders, projects, IAM policy, and Security Command Center configuration. Surfaces the organization ID, name, lifecycle state, the IAM `iamPolicy` and `auditConfig` bindings, the `orgPolicies` applied across the org tree, the access-approval settings, and the child `folders()` and `projects()`. The Security Command Center accessors (`sccSources`, `sccFindings`, `sccNotificationConfigs`, `sccMuteConfigs`, `sccBigQueryExports`, `sccOrganizationSettings`) expose SCC posture across all sources, `accessPolicies()` returns the VPC Service Controls access policies bound to the org, and `customConstraints()` lists the custom Organization Policy constraints defined on it.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"project":{"name":"project","type":"\u001bgcp.project","title":"Google Cloud project","desc":"Examine a Google Cloud project — the resource container that owns every Compute, Storage, IAM, GKE, BigQuery, Cloud SQL, and other service-specific deployment in the account. Surfaces the project ID and number, lifecycle state, labels, parent organization or folder, the IAM policy and audit-log configuration (with the `hasPublicIamBinding`, `primitiveRoleBindings`, and `dataAccessLoggingEnabled` predicates that drive CIS controls 1.x and 2.1), enabled `services()`, recommendations, the project's `essentialContacts` and `apiKeys`, and the access-approval settings. Service-specific entry points hang off the project as accessor methods — `compute()`, `gke()`, `storage()`, `sql()`, `dns()`, `bigquery()`, `iam()`, `kms()`, `pubsub()`, `cloudFunctions()`, `cloudRun()`, `dataproc()`, `dataflow()`, `firestore()`, `spanner()`, `bigtable()`, `alloydb()`, `redis()`, `secretmanager()`, `binaryAuthorization()`, `monitoring()`, `logging()`, and many others — letting you traverse from a single project into every modeled service it uses.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projects":{"name":"projects","type":"\u001bgcp.projects","title":"Google Cloud (GCP) projects","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"recommendation":{"name":"recommendation","type":"\u001bgcp.recommendation","title":"Google Cloud recommendation","desc":"Examine a single recommendation and the action Recommender suggests taking. Surfaces the recommendation `id`, the `recommender` that produced it (for example `google.compute.instance.IdleResourceRecommender`), the recommendation `category` and `priority`, the proposed resource changes in `content`, the `primaryImpact` and `additionalImpact` projections (cost, security, performance, reliability, etc.), the `lastRefreshTime`, and the lifecycle `state` reflecting whether the recommendation is active, claimed, dismissed, or applied.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"resourcemanager":{"name":"resourcemanager","type":"\u001bgcp.resourcemanager","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"retryConfig":{"name":"retryConfig","type":"\u001bgcp.retryConfig","title":"Google Cloud (GCP) retry configuration (shared across Cloud Tasks and Cloud Scheduler)","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"scc":{"name":"scc","type":"\u001bgcp.scc","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"service":{"name":"service","type":"\u001bgcp.service","title":"Google Cloud service API","desc":"Examine a single Google Cloud service API (compute.googleapis.com, iam.googleapis.com, etc.) and whether it is enabled for the parent project. Surfaces the canonical service `name`, the `title` Google uses for the service, the parent project, the service `state`, and the `enabled` predicate that audits whether the API has been turned on. The parent `gcp.project.services()` collection lists every available and enabled service for a project.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"spanner":{"name":"spanner","type":"\u001bgcp.spanner","title":"Google Cloud (GCP) Spanner","desc":"Use this resource as the entry point for Spanner in the project. It hosts the project's `instances` (with their databases and backups) and the available `instanceConfigs` that determine regional and multi-region placement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sql":{"name":"sql","type":"\u001bgcp.sql","title":"Google Cloud (GCP) Cloud SQL","desc":"Use this resource as the entry point for Cloud SQL in the project. It hosts the managed-database `instances` — each exposing its database engine and version, connection settings, automated backup configuration, SSL/TLS enforcement, authorized networks, and database flags for relational-database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"storage":{"name":"storage","type":"\u001bgcp.storage","title":"Google Cloud (GCP) Cloud Storage","desc":"Use this resource as the entry point for Cloud Storage in the project. It hosts the project's `buckets`, each exposing its IAM policy, uniform bucket-level access setting, public-access prevention, retention and versioning policies, default encryption key, and lifecycle rules for object-storage audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vertexai":{"name":"vertexai","type":"\u001bgcp.vertexai","title":"Google Cloud (GCP) Vertex AI","desc":"Use this resource as the entry point for Vertex AI in the project. It hosts the machine-learning surface: `models`, `endpoints`, `datasets`, `customJobs`, `pipelineJobs`, `featureOnlineStores`, `tensorboards`, `metadataStores`, and the vector-search `indexes` and `indexEndpoints`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"is_extension":true},"gcp.accessApprovalSettings":{"id":"gcp.accessApprovalSettings","name":"gcp.accessApprovalSettings","fields":{"activeKeyVersion":{"name":"activeKeyVersion","type":"\u0007","is_mandatory":true,"title":"Asymmetric crypto key version to use for signing approval requests","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ancestorHasActiveKeyVersion":{"name":"ancestorHasActiveKeyVersion","type":"\u0004","is_mandatory":true,"title":"Whether an ancestor of this project or folder has set active key version (unset for organizations since organizations do not have ancestors)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enrolledAncestor":{"name":"enrolledAncestor","type":"\u0004","is_mandatory":true,"title":"Whether at least one service is enrolled for access approval in an ancestor","desc":"True when one or more ancestors of the project or folder have enrolled. Unset for organizations since organizations do not have ancestors.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enrolledServices":{"name":"enrolledServices","type":"\u0019\n","is_mandatory":true,"title":"List of Google Cloud services for which the given resource has access approval enrolled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"invalidKeyVersion":{"name":"invalidKeyVersion","type":"\u0004","is_mandatory":true,"title":"Whether there is some configuration issue with the active key version configured at this level of the resource hierarchy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"notificationEmails":{"name":"notificationEmails","type":"\u0019\u0007","is_mandatory":true,"title":"List of email addresses to which notifications relating to approval requests should be sent","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Access Approval settings","desc":"Examine the Access Approval configuration for a project, folder, or organization. Covers enrolled Google Cloud services, notification email addresses for approval requests, the active asymmetric KMS key version used to sign approvals, and whether an ancestor resource has enrolled or configured a key — enabling audits of which services require explicit human approval before Google personnel can access customer resources.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.accesscontextmanager":{"id":"gcp.accesscontextmanager","fields":{"accessLevel":{"name":"accessLevel","type":"\u001bgcp.accesscontextmanager.accessLevel","title":"Google Cloud Access Context Manager access level","desc":"Examine a VPC Service Controls access level — its title, description, basic conditions (device policy, IP ranges, required access levels), and custom CEL expression. Access levels define trust tiers used in service perimeter ingress and egress rules.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"accessPolicy":{"name":"accessPolicy","type":"\u001bgcp.accesscontextmanager.accessPolicy","title":"Google Cloud Access Context Manager access policy","desc":"Examine a VPC Service Controls access policy — its human-readable title, parent organization, ETag, and the `accessLevels` and `servicePerimeters` it contains. An access policy is the top-level container for all Access Context Manager rules in an organization.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"servicePerimeter":{"name":"servicePerimeter","type":"\u001bgcp.accesscontextmanager.servicePerimeter","title":"Google Cloud Access Context Manager service perimeter","desc":"Examine a VPC Service Controls service perimeter — its type (REGULAR or BRIDGE), enforced configuration (`statusConfig`), dry-run proposed configuration (`specConfig`), and whether an explicit dry-run spec is set. Use these fields to audit which projects, Google Cloud services, access levels, and ingress/egress policies are in effect.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"is_extension":true},"gcp.accesscontextmanager.accessLevel":{"id":"gcp.accesscontextmanager.accessLevel","name":"gcp.accesscontextmanager.accessLevel","fields":{"basic":{"name":"basic","type":"\n","is_mandatory":true,"title":"Basic access level conditions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Create time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"custom":{"name":"custom","type":"\n","is_mandatory":true,"title":"Custom access level CEL expression","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (accessPolicies/{policyId}/accessLevels/{levelId})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"title":{"name":"title","type":"\u0007","is_mandatory":true,"title":"Human-readable title","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Access Context Manager access level","desc":"Examine a VPC Service Controls access level — its title, description, basic conditions (device policy, IP ranges, required access levels), and custom CEL expression. Access levels define trust tiers used in service perimeter ingress and egress rules.","private":true,"min_provider_version":"13.3.4","defaults":"name title","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.accesscontextmanager.accessPolicy":{"id":"gcp.accesscontextmanager.accessPolicy","name":"gcp.accesscontextmanager.accessPolicy","fields":{"accessLevels":{"name":"accessLevels","type":"\u0019\u001bgcp.accesscontextmanager.accessLevel","title":"Access levels within this policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (accessPolicies/{policyId})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parent":{"name":"parent","type":"\u0007","is_mandatory":true,"title":"Parent organization (organizations/{orgId})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"servicePerimeters":{"name":"servicePerimeters","type":"\u0019\u001bgcp.accesscontextmanager.servicePerimeter","title":"Service perimeters within this policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"title":{"name":"title","type":"\u0007","is_mandatory":true,"title":"Human-readable title","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Access Context Manager access policy","desc":"Examine a VPC Service Controls access policy — its human-readable title, parent organization, ETag, and the `accessLevels` and `servicePerimeters` it contains. An access policy is the top-level container for all Access Context Manager rules in an organization.","private":true,"min_provider_version":"13.3.4","defaults":"name title","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.accesscontextmanager.servicePerimeter":{"id":"gcp.accesscontextmanager.servicePerimeter","name":"gcp.accesscontextmanager.servicePerimeter","fields":{"config":{"name":"config","type":"\u001bgcp.accesscontextmanager.servicePerimeter.config","title":"Google Cloud (GCP) VPC Service Controls perimeter configuration","desc":"Examine the enforced or dry-run configuration of a service perimeter — the projects inside the perimeter, restricted Google Cloud services, access levels that grant entry, VPC-accessible services settings, and the ingress and egress policies that control cross-perimeter data flows.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Create time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"perimeterType":{"name":"perimeterType","type":"\u0007","is_mandatory":true,"title":"Perimeter type (PERIMETER_TYPE_REGULAR, PERIMETER_TYPE_BRIDGE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"spec":{"name":"spec","type":"\n","is_mandatory":true,"title":"Raw dry-run perimeter config dict","desc":"Deprecated in favor of `specConfig`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"specConfig":{"name":"specConfig","type":"\u001bgcp.accesscontextmanager.servicePerimeter.config","title":"Dry-run perimeter configuration (proposed changes)","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\n","is_mandatory":true,"title":"Raw enforced perimeter config dict","desc":"Deprecated in favor of `statusConfig`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"statusConfig":{"name":"statusConfig","type":"\u001bgcp.accesscontextmanager.servicePerimeter.config","title":"Enforced perimeter configuration","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"title":{"name":"title","type":"\u0007","is_mandatory":true,"title":"Human-readable title","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"useExplicitDryRunSpec":{"name":"useExplicitDryRunSpec","type":"\u0004","is_mandatory":true,"title":"Whether dry-run spec is explicitly set","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Access Context Manager service perimeter","desc":"Examine a VPC Service Controls service perimeter — its type (REGULAR or BRIDGE), enforced configuration (`statusConfig`), dry-run proposed configuration (`specConfig`), and whether an explicit dry-run spec is set. Use these fields to audit which projects, Google Cloud services, access levels, and ingress/egress policies are in effect.","private":true,"min_provider_version":"13.3.4","defaults":"name title","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.accesscontextmanager.servicePerimeter.config":{"id":"gcp.accesscontextmanager.servicePerimeter.config","name":"gcp.accesscontextmanager.servicePerimeter.config","fields":{"accessLevels":{"name":"accessLevels","type":"\u0019\u0007","is_mandatory":true,"title":"Access levels granting access to the perimeter","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"egressPolicies":{"name":"egressPolicies","type":"\u0019\n","is_mandatory":true,"title":"Egress policies (rules for outbound access)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ingressPolicies":{"name":"ingressPolicies","type":"\u0019\n","is_mandatory":true,"title":"Ingress policies (rules for inbound access)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resources":{"name":"resources","type":"\u0019\u0007","is_mandatory":true,"title":"Projects inside the perimeter (format: projects/{project_number})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"restrictedServices":{"name":"restrictedServices","type":"\u0019\u0007","is_mandatory":true,"title":"Google Cloud services subject to perimeter restrictions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpcAccessibleServices":{"name":"vpcAccessibleServices","type":"\n","is_mandatory":true,"title":"VPC accessible services configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) VPC Service Controls perimeter configuration","desc":"Examine the enforced or dry-run configuration of a service perimeter — the projects inside the perimeter, restricted Google Cloud services, access levels that grant entry, VPC-accessible services settings, and the ingress and egress policies that control cross-perimeter data flows.","private":true,"min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.alloydb":{"id":"gcp.project.alloydbService","name":"gcp.project.alloydbService","fields":{"backup":{"name":"backup","type":"\u001bgcp.project.alloydbService.backup","title":"Google Cloud (GCP) AlloyDB backup","desc":"Examine an AlloyDB backup created from a source cluster. Query its `type` (manual or automated), `state`, `databaseVersion`, size in bytes, encryption configuration, and expiry time. `expiryQuantity` describes count-based retention when the backup was created under a quantitative retention policy.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cluster":{"name":"cluster","type":"\u001bgcp.project.alloydbService.cluster","title":"Google Cloud (GCP) AlloyDB cluster","desc":"Examine an AlloyDB for PostgreSQL cluster — the top-level container for a highly available PostgreSQL-compatible database. Query its `clusterType` (`PRIMARY` or `SECONDARY`), `databaseVersion`, `state`, network configuration, encryption configuration (CMEK via `kmsKey`), automated and continuous backup policies, SSL configuration, and maintenance schedule. Drill into `instances` for primary and read-pool instance details, `backups` for restore-point review, and `users` for database user audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"clusters":{"name":"clusters","type":"\u0019\u001bgcp.project.alloydbService.cluster","title":"List of AlloyDB clusters in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcp.project.alloydbService.instance","title":"Google Cloud (GCP) AlloyDB instance","desc":"Examine an AlloyDB instance within a cluster — either a primary read-write instance, a read-pool instance, or a secondary instance. Query its `instanceType`, `availabilityType` (`ZONAL` or `REGIONAL`), `machineConfig`, IP addresses, database flags, query insights configuration, client connection configuration, and Private Service Connect settings. `activationPolicy` controls whether the instance is always running or stopped.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) AlloyDB for PostgreSQL","desc":"Use this resource as the entry point for AlloyDB in the project. It hosts the project's `clusters` — each exposing its primary and read-pool instances, automated backup policy, encryption configuration, and network settings for PostgreSQL-compatible database audits.","private":true,"min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.artifactregistry":{"id":"gcp.project.artifactRegistryService","name":"gcp.project.artifactRegistryService","fields":{"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"repositories":{"name":"repositories","type":"\u0019\u001bgcp.project.artifactRegistryService.repository","title":"List of Artifact Registry repositories in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"repository":{"name":"repository","type":"\u001bgcp.project.artifactRegistryService.repository","title":"Google Cloud (GCP) Artifact Registry repository","desc":"Examine a single Artifact Registry repository — its package format (DOCKER, MAVEN, NPM, PYTHON, APT, YUM, GO, GENERIC), repository mode (STANDARD, VIRTUAL, REMOTE), encryption key, cleanup policies, format- and mode-specific configuration, and IAM policy bindings. Use `vulnerabilityScanningConfig` to audit whether container-image scanning is active or inherited.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud (GCP) Artifact Registry","desc":"Use this resource as the entry point for Artifact Registry in the project. It hosts the project's `repositories` — each exposing its format, mode, encryption configuration, cleanup policies, and IAM policy for container-image and package-storage audits.","private":true,"min_provider_version":"11.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.backupdr":{"id":"gcp.project.backupdrService","name":"gcp.project.backupdrService","fields":{"backupPlan":{"name":"backupPlan","type":"\u001bgcp.project.backupdrService.backupPlan","title":"Google Cloud (GCP) Backup and DR backup plan","desc":"Examine a Backup and DR backup plan — its target resource type, lifecycle state, associated backup vault, vault service account, and the backup rules that define schedules and retention windows for automated protection.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupPlans":{"name":"backupPlans","type":"\u0019\u001bgcp.project.backupdrService.backupPlan","title":"List of backup plans","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupVault":{"name":"backupVault","type":"\u001bgcp.project.backupdrService.backupVault","title":"Google Cloud (GCP) Backup and DR backup vault","desc":"Examine a Backup and DR backup vault — its minimum enforced retention duration, access restriction setting, whether the vault is deletable, service account, total stored bytes, backup count, and the `dataSources` that are protected within it. Use these fields to verify immutability and data-protection policy compliance.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupVaults":{"name":"backupVaults","type":"\u0019\u001bgcp.project.backupdrService.backupVault","title":"List of backup vaults","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataSource":{"name":"dataSource","type":"\u001bgcp.project.backupdrService.dataSource","title":"Google Cloud (GCP) Backup and DR data source","desc":"Examine a data source protected within a Backup and DR backup vault — its current state, configuration state, total stored bytes, backup count, and the GCP resource or Backup Appliance application it represents.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"managementServer":{"name":"managementServer","type":"\u001bgcp.project.backupdrService.managementServer","title":"Google Cloud (GCP) Backup and DR management server","desc":"Examine a Backup and DR management server — its current lifecycle state (CREATING, READY, UPDATING, DELETING, REPAIRING, ERROR), network configuration, management URI, OAuth2 client ID, and whether Physical Zone Separation is satisfied.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"managementServers":{"name":"managementServers","type":"\u0019\u001bgcp.project.backupdrService.managementServer","title":"List of management servers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Backup and DR Service","desc":"Use this resource as the entry point for the Backup and DR Service in the project. It hosts the `managementServers`, the `backupVaults` that store immutable backups, and the `backupPlans` that schedule them — exposing retention and enforcement settings for data-protection audits.","private":true,"min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.bigquery":{"id":"gcp.project.bigqueryService","name":"gcp.project.bigqueryService","fields":{"connection":{"name":"connection","type":"\u001bgcp.project.bigqueryService.connection","title":"Google BigQuery external data source connection","desc":"Examine a BigQuery connection used to query data residing outside BigQuery. Surfaces the connection `type` (CLOUD_SQL, AWS, AZURE, CLOUD_SPANNER, CLOUD_RESOURCE, SPARK, SALESFORCE_DATA_CLOUD, or UNKNOWN), `location`, type-specific `properties` (credentials, endpoint, database), and `hasCredential` to verify that authentication material is configured.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"connections":{"name":"connections","type":"\u0019\u001bgcp.project.bigqueryService.connection","title":"List of BigQuery connections across the dataset locations of this project","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataset":{"name":"dataset","type":"\u001bgcp.project.bigqueryService.dataset","title":"Google BigQuery dataset","desc":"Examine a BigQuery dataset's configuration, access controls, and data-protection settings. Surfaces the `location`, `labels`, `tags`, access entries (`access` and the `public()` predicate for any `allUsers` / `allAuthenticatedUsers` grant), the CMEK encryption key (`kmsKey()`), `defaultTableExpirationMs`, `maxTimeTravelHours`, `storageBillingModel`, and case-sensitivity settings. Child collections expose `tables()`, `models()`, and `routines()` within the dataset.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"datasets":{"name":"datasets","type":"\u0019\u001bgcp.project.bigqueryService.dataset","title":"List of BigQuery datasets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"model":{"name":"model","type":"\u001bgcp.project.bigqueryService.model","title":"Google BigQuery ML model","desc":"Examine a BigQuery ML model's metadata and encryption configuration. Surfaces the `type`, `location`, `labels`, `created` and `modified` timestamps, `expirationTime`, and the CMEK encryption key (`kmsKey()`) protecting the model artifacts.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reservation":{"name":"reservation","type":"\u001bgcp.project.bigqueryService.reservation","title":"Google BigQuery slot reservation","desc":"Examine a BigQuery capacity reservation's slot allocation and autoscaling configuration. Surfaces the `slotCapacity` baseline, `autoscale` settings, `concurrency` limit, `edition` (STANDARD, ENTERPRISE, ENTERPRISE_PLUS), `ignoreIdleSlots` isolation flag, and managed disaster-recovery location attributes (`primaryLocation`, `secondaryLocation`, `originalPrimaryLocation`).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"reservations":{"name":"reservations","type":"\u0019\u001bgcp.project.bigqueryService.reservation","title":"List of BigQuery reservations across the dataset locations of this project","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routine":{"name":"routine","type":"\u001bgcp.project.bigqueryService.routine","title":"Google BigQuery routine (UDF or stored procedure)","desc":"Examine a BigQuery routine's definition and metadata. Surfaces the `type` (SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION, etc.), `language` (SQL, JAVASCRIPT, PYTHON, etc.), `body` containing the routine's implementation, `description`, and `created` / `modified` timestamps.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"table":{"name":"table","type":"\u001bgcp.project.bigqueryService.table","title":"Google BigQuery table","desc":"Examine a BigQuery table's schema, partitioning, and data-protection configuration. Surfaces the `type` (TABLE, VIEW, MATERIALIZED_VIEW, EXTERNAL), `schema`, `location`, `labels`, size metrics (`numBytes`, `numLongTermBytes`, `numRows`), time-based and range `timePartitioning` and `rangePartitioning`, `clusteringFields`, `expirationTime`, CMEK encryption key (`kmsKey()`), and external data configuration for federated tables. Cloud DLP integration surfaces the table's `dlpDataProfile()` when enabled.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud BigQuery service","desc":"Use this resource as the entry point for BigQuery in the project. It hosts the project's `datasets()` (with their tables, models, routines, access entries, and CMEK encryption), `connections()` to external data sources, and slot `reservations()` for capacity management audits.","private":true,"min_provider_version":"9.0.0","defaults":"projectId","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.bigtable":{"id":"gcp.project.bigtableService","name":"gcp.project.bigtableService","fields":{"appProfile":{"name":"appProfile","type":"\u001bgcp.project.bigtableService.appProfile","title":"Google Cloud (GCP) Bigtable app profile","desc":"Examine a Cloud Bigtable app profile — the named configuration that controls how client traffic is routed to clusters and how reads behave. Query its `routingPolicy` (single-cluster vs. multi-cluster routing), `description`, and `etag`. App profiles are selected by the `name` field as it appears in the Bigtable instance.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backup":{"name":"backup","type":"\u001bgcp.project.bigtableService.backup","title":"Google Cloud (GCP) Bigtable backup","desc":"Examine a Cloud Bigtable backup created from a source table. Query its state, source table, expiration time, start and end times, size in bytes, and encryption information. Backups are stored in a specific cluster and expire automatically at `expireTime`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cluster":{"name":"cluster","type":"\u001bgcp.project.bigtableService.cluster","title":"Google Cloud (GCP) Bigtable cluster","desc":"Examine a Cloud Bigtable cluster — the zonal compute and storage unit within a Bigtable instance. Query its location (zone), state, `serveNodes`, default storage type (`SSD` or `HDD`), encryption configuration, and node scaling factor. The `kmsKey` field resolves to the customer-managed KMS key when CMEK is enabled.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instance":{"name":"instance","type":"\u001bgcp.project.bigtableService.instance","title":"Google Cloud (GCP) Bigtable instance","desc":"Examine a Cloud Bigtable instance — the top-level container for clusters, tables, and app profiles. Query its type (`PRODUCTION` or `DEVELOPMENT`), state, and labels. Drill into `clusters` for storage type and CMEK encryption configuration, `tables` for column-family and deletion-protection settings, `appProfiles` for routing policy audits, `backups` for retention review, and `iamPolicy` for access control.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.bigtableService.instance","title":"List of Bigtable instances in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"table":{"name":"table","type":"\u001bgcp.project.bigtableService.table","title":"Google Cloud (GCP) Bigtable table","desc":"Examine a Cloud Bigtable table within an instance. Query its column families and their garbage-collection configurations, timestamp granularity, deletion protection status, automated backup policy, and change stream configuration. `tieredStorageConfig` controls data movement between SSD and HDD storage tiers.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud (GCP) Bigtable","desc":"Use this resource as the entry point for Bigtable in the project. It hosts the project's `instances` — each exposing its clusters, app profiles, storage type, and encryption configuration for wide-column database audits.","private":true,"min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.cloudIdentity":{"id":"gcp.cloudIdentity","fields":{"group":{"name":"group","type":"\u001bgcp.cloudIdentity.group","title":"Google Cloud Identity group","desc":"Examine a Cloud Identity or Google Workspace group: the `email` that identifies it, its `displayName` and `description`, the `labels` that classify it as a security group or discussion forum, and its `memberships` — the users, service accounts, and nested groups that belong to it. Use it to expand an IAM binding granted to a group into the concrete principals the binding reaches.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"membership":{"name":"membership","type":"\u001bgcp.cloudIdentity.membership","title":"Google Cloud Identity group membership","desc":"Examine a single membership in a Cloud Identity group: `memberKey` identifies the member, `type` distinguishes a user from a service account or a nested group, `roles` lists the roles the member holds in the group (MEMBER, MANAGER, OWNER), and `deliverySetting` records how group mail reaches the member.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"is_extension":true},"gcp.cloudIdentity.group":{"id":"gcp.cloudIdentity.group","name":"gcp.cloudIdentity.group","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the group was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Human-friendly name displayed for the group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"email":{"name":"email","type":"\u0007","is_mandatory":true,"title":"Email address that identifies the group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Group ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels classifying the group, such as security group or discussion forum","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memberships":{"name":"memberships","type":"\u0019\u001bgcp.cloudIdentity.membership","title":"Members of the group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the group (groups/{groupId})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Identity group","desc":"Examine a Cloud Identity or Google Workspace group: the `email` that identifies it, its `displayName` and `description`, the `labels` that classify it as a security group or discussion forum, and its `memberships` — the users, service accounts, and nested groups that belong to it. Use it to expand an IAM binding granted to a group into the concrete principals the binding reaches.","private":true,"min_provider_version":"13.15.1","defaults":"displayName email","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.cloudIdentity.membership":{"id":"gcp.cloudIdentity.membership","name":"gcp.cloudIdentity.membership","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the membership was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deliverySetting":{"name":"deliverySetting","type":"\u0007","is_mandatory":true,"title":"Mail delivery setting for the member (ALL_MAIL, DIGEST, DAILY, NONE, DISABLED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memberKey":{"name":"memberKey","type":"\u0007","is_mandatory":true,"title":"Email address or identifier of the member","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the membership (groups/{groupId}/memberships/{membershipId})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"roles":{"name":"roles","type":"\u0019\u0007","is_mandatory":true,"title":"Roles the member holds in the group (MEMBER, MANAGER, OWNER)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Member type (USER, SERVICE_ACCOUNT, GROUP, SHARED_DRIVE, OTHER)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Identity group membership","desc":"Examine a single membership in a Cloud Identity group: `memberKey` identifies the member, `type` distinguishes a user from a service account or a nested group, `roles` lists the roles the member holds in the group (MEMBER, MANAGER, OWNER), and `deliverySetting` records how group mail reaches the member.","private":true,"min_provider_version":"13.15.1","defaults":"memberKey type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.compute":{"id":"gcp.project.computeService","name":"gcp.project.computeService","fields":{"address":{"name":"address","type":"\u001bgcp.project.computeService.address","title":"Google Cloud (GCP) Compute Engine static IP address","desc":"Examine a reserved static IP address (external or internal). Surfaces the `address` value, `addressType`, `ipVersion`, `purpose` (EXTERNAL, GCE_ENDPOINT, SHARED_LOADBALANCER_VIP, etc.), `networkTier`, `status`, and `prefixLength` for IP-range reservations. The typed `network()` and `subnetwork()` accessors link to the VPC resources the address is scoped to, and `resourceUrls` lists the compute resources currently using the address.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"addresses":{"name":"addresses","type":"\u0019\u001bgcp.project.computeService.address","title":"List of IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"attachedDisk":{"name":"attachedDisk","type":"\u001bgcp.project.computeService.attachedDisk","title":"Google Cloud (GCP) Compute attached disk","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backendBucket":{"name":"backendBucket","type":"\u001bgcp.project.computeService.backendBucket","title":"Google Cloud (GCP) Compute backend bucket","desc":"Examine a Compute Engine backend bucket: the backing Cloud Storage bucket name, whether Cloud CDN is enabled, the CDN policy configuration, compression mode (AUTOMATIC, DISABLED), custom response headers, and the edge security policy URL.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backendBuckets":{"name":"backendBuckets","type":"\u0019\u001bgcp.project.computeService.backendBucket","title":"Cloud Storage backend buckets for CDN/load balancing","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backendService":{"name":"backendService","type":"\u001bgcp.project.computeService.backendService","title":"Google Compute Engine backend service","desc":"Examine a load-balancer backend service's configuration and security posture. Surfaces the `loadBalancingScheme`, `protocol`, `backends()` (instance groups or NEGs), `healthChecks`, session-affinity settings, Cloud CDN policy (`cdnPolicy`), Identity-Aware Proxy configuration (`iap`), and the attached Cloud Armor `securityPolicy()`. Derived predicates `cloudArmorEnabled()` and `iapEnabled()` provide quick posture checks. The `network()` reference links to the VPC the service is deployed in.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backendServices":{"name":"backendServices","type":"\u0019\u001bgcp.project.computeService.backendService","title":"List of backend services","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disk":{"name":"disk","type":"\u001bgcp.project.computeService.disk","title":"Google Cloud (GCP) Compute Engine persistent disk","desc":"Examine a Compute Engine persistent disk and its security configuration. Surfaces the disk `type` (pd-standard, pd-ssd, pd-balanced, etc.), `sizeGb`, `status`, attached instance `users`, and the `zone` or `region` of the disk. Audit encryption posture via `diskEncryptionKey` and the typed `kmsKey()` accessor for customer-managed keys, and `enableConfidentialCompute` for Confidential VM disks. The `sourceImage()` and `sourceSnapshot()` accessors identify what the disk was created from, and `storagePool()` links to the provisioned storage pool when applicable.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"disks":{"name":"disks","type":"\u0019\u001bgcp.project.computeService.disk","title":"Google Compute Engine disks in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabled":{"name":"enabled","type":"\u0004","title":"Whether the service is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalVpnGateway":{"name":"externalVpnGateway","type":"\u001bgcp.project.computeService.externalVpnGateway","title":"Google Cloud (GCP) Compute external VPN gateway (peer/customer-side)","desc":"Examine the peer-side VPN gateway used in a Cloud VPN configuration: its redundancy type (SINGLE_IP_INTERNALLY_REDUNDANT, TWO_IPS_REDUNDANCY, FOUR_IPS_REDUNDANCY), the IP addresses of the peer gateway's interfaces, and resource labels.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"externalVpnGateways":{"name":"externalVpnGateways","type":"\u0019\u001bgcp.project.computeService.externalVpnGateway","title":"External (peer/customer-side) VPN gateways","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firewall":{"name":"firewall","type":"\u001bgcp.project.computeService.firewall","title":"Google Compute Engine VPC firewall rule","desc":"Examine a Compute Engine firewall rule's traffic-filtering configuration. Surfaces the rule `direction` (INGRESS / EGRESS), `priority`, `disabled` state, `sourceRanges`, `destinationRanges`, target and source tags and service accounts, `allowed` and `denied` protocol/port lists, and log configuration. Derived predicates — `openToInternet()`, `allowsSshFromInternet()`, and `allowsRdpFromInternet()` — flag the most common exposure patterns. The `network()` reference links to the VPC the rule belongs to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firewallPolicies":{"name":"firewallPolicies","type":"\u0019\u001bgcp.project.computeService.firewallPolicy","title":"Network firewall policies","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firewallPolicy":{"name":"firewallPolicy","type":"\u001bgcp.project.computeService.firewallPolicy","title":"Google Cloud (GCP) Compute network firewall policy","desc":"Examine a Compute Engine network firewall policy — a hierarchical or global/regional policy containing an ordered set of firewall rules that can be associated with multiple VPC networks. Query its `ruleTupleCount` (total rule tuples consumed toward the quota), `associations` (the networks and scopes the policy is attached to), and `regionUrl` (empty for global policies). Drill into `rules` for the ordered allow, deny, and goto-next rules.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firewalls":{"name":"firewalls","type":"\u0019\u001bgcp.project.computeService.firewall","title":"Google Compute Engine firewalls in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"forwardingRule":{"name":"forwardingRule","type":"\u001bgcp.project.computeService.forwardingRule","title":"Google Cloud (GCP) Compute Engine forwarding rule","desc":"Examine a load-balancer forwarding rule that routes incoming traffic to a backend. Surfaces the `ipAddress`, `ipProtocol`, `portRange`, `ports`, `loadBalancingScheme`, `networkTier`, and `targetUrl` describing where traffic is sent. The typed `network()` and `subnetwork()` accessors link to the VPC resources the rule is scoped to. Audit Private Service Connect posture via `pscConnectionStatus` and `allowPscGlobalAccess`, and packet mirroring eligibility via `isMirroringCollector`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"forwardingRules":{"name":"forwardingRules","type":"\u0019\u001bgcp.project.computeService.forwardingRule","title":"List of forwarding rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasDefaultNetwork":{"name":"hasDefaultNetwork","type":"\u0004","title":"Whether the project still has the auto-created `default` VPC network — true when a network named \"default\" exists","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthCheck":{"name":"healthCheck","type":"\u001bgcp.project.computeService.healthCheck","title":"Google Cloud (GCP) Compute health check","desc":"Examine a Compute Engine health check: its protocol type (HTTP, HTTPS, TCP, SSL, HTTP2, GRPC), check interval and timeout, healthy and unhealthy thresholds, protocol-specific configuration (httpHealthCheck, httpsHealthCheck, tcpHealthCheck, sslHealthCheck, http2HealthCheck, grpcHealthCheck), logging configuration, and whether the check is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"healthChecks":{"name":"healthChecks","type":"\u0019\u001bgcp.project.computeService.healthCheck","title":"Health checks","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"image":{"name":"image","type":"\u001bgcp.project.computeService.image","title":"Google Compute Engine custom or public machine image","desc":"Examine a Compute Engine image's configuration, encryption posture, and access controls. Surfaces the image `family`, `architecture`, disk and archive sizes, `status`, confidential-compute flag, Protected Zone attributes, Cloud Storage `storageLocations`, source provenance (`sourceDisk()`, `sourceImage()`, `sourceSnapshot()`), the CMEK key protecting the image, the IAM policy — including any `allUsers` / `allAuthenticatedUsers` grants that make the image `public()` — and user-defined `labels`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"images":{"name":"images","type":"\u0019\u001bgcp.project.computeService.image","title":"Google Compute Engine images in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcloud.compute.instance","title":"Google Cloud Compute Engine instance","desc":"Examine a Compute Engine VM instance and the security-relevant configuration around it. Surfaces the machine type and CPU platform, the instance status and lifecycle, attached `disks` and `networkInterfaces`, the boot image, applied `labels` and `metadata`, the `serviceAccounts` bound to the instance, the `shieldedInstanceConfig` (Secure Boot, vTPM, integrity monitoring), the `confidentialInstanceConfig`, OS Config patch posture, and the scheduling and reservation affinity settings. The CIS-aligned predicates (`hasPublicIp`, `usesDefaultServiceAccount`, `hasFullCloudPlatformScope`, `blockProjectSshKeysEnabled`, `osLoginEnabled`, `serialPortEnabled`) collapse common posture checks into a single boolean field per audit.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceGroup":{"name":"instanceGroup","type":"\u001bgcp.project.computeService.instanceGroup","title":"Google Cloud (GCP) Compute instance group","desc":"Examine a Compute Engine instance group — a collection of VM instances that can be managed together for load balancing and autoscaling. Query its `size` (current instance count), `namedPorts` (protocol/port pairs registered for load balancing), attached `network` and `subnetwork`, and zone. Instance groups are either managed (backed by an `instanceGroupManager`) or unmanaged.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceGroupManager":{"name":"instanceGroupManager","type":"\u001bgcp.project.computeService.instanceGroupManager","title":"Google Cloud (GCP) Compute instance group manager (managed instance group)","desc":"Examine a Compute Engine managed instance group (MIG) — a group manager that maintains a fleet of identical VM instances from a single instance template. Query its `targetSize`, `currentActions` (creatingInstances, deletingInstances, recreatingInstances), `autoHealingPolicies` (health checks and initial delay), `statefulPolicy` (preserved disks and metadata), and group `status`. `instanceTemplateUrl` identifies the template used to create instances.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceGroupManagers":{"name":"instanceGroupManagers","type":"\u0019\u001bgcp.project.computeService.instanceGroupManager","title":"Instance group managers (managed instance groups)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceGroups":{"name":"instanceGroups","type":"\u0019\u001bgcp.project.computeService.instanceGroup","title":"Instance groups","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceTemplate":{"name":"instanceTemplate","type":"\u001bgcp.project.computeService.instanceTemplate","title":"Google Cloud (GCP) Compute instance template","desc":"Examine a Compute Engine instance template: the instance properties it defines (machine type, boot and data disks, network interfaces, service account, metadata, and scheduling options), whether it was derived from an existing instance, and its creation timestamp.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceTemplates":{"name":"instanceTemplates","type":"\u0019\u001bgcp.project.computeService.instanceTemplate","title":"Instance templates","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.computeService.instance","title":"Google Compute Engine instances in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnect":{"name":"interconnect","type":"\u001bgcp.project.computeService.interconnect","title":"Google Cloud (GCP) Compute Interconnect connection","desc":"Examine a Dedicated or Partner Interconnect connection: its type (DEDICATED, PARTNER), link type (10G_LR, 100G_LR), requested and provisioned link counts, administrative status, operational status, connection state (ACTIVE, UNPROVISIONED), Google and peer IP addresses for ping testing, NOC contact email, physical location, remote location for Cross-Cloud Interconnect, MACsec feature availability, attached VLAN attachment URLs, circuit information, expected outages, zone separation compliance, and resource labels.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"interconnectAttachment":{"name":"interconnectAttachment","type":"\u001bgcp.project.computeService.interconnectAttachment","title":"Google Cloud (GCP) Compute Interconnect Attachment (VLAN)","desc":"Examine a Dedicated or Partner Interconnect VLAN attachment: its type (DEDICATED, PARTNER, PARTNER_PROVIDER), state (ACTIVE, UNPROVISIONED, PENDING_PARTNER, DEFUNCT, PENDING_CUSTOMER), edge availability domain, bandwidth, VLAN tag (802.1Q), encryption mode (NONE, IPSEC), IPv4 and IPv6 addresses for the Cloud Router and customer router sides, stack type (IPV4_ONLY, IPV4_IPV6), the associated Interconnect connection and Cloud Router resources, and partner metadata.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"interconnectAttachments":{"name":"interconnectAttachments","type":"\u0019\u001bgcp.project.computeService.interconnectAttachment","title":"VLAN attachments over Interconnects","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnects":{"name":"interconnects","type":"\u0019\u001bgcp.project.computeService.interconnect","title":"Dedicated/Partner Interconnect connections","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineType":{"name":"machineType","type":"\u001bgcp.project.computeService.machineType","title":"Google Cloud (GCP) Compute Engine machine type","desc":"Examine a Compute Engine machine type and its hardware specification. Surfaces the `name`, `guestCpus`, `memoryMb`, `isSharedCpu`, maximum persistent-disk count and total size, and the `zone` it belongs to. Used for auditing instance right-sizing and validating that workloads run on approved machine families.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"machineTypes":{"name":"machineTypes","type":"\u0019\u001bgcp.project.computeService.machineType","title":"Google Compute Engine machine types in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Google Cloud VPC network","desc":"Examine a Compute Engine VPC network and the structural posture around it. Surfaces the network `mode` (legacy, custom, or auto), the `legacy` predicate, the `autoCreateSubnetworks` flag, the routing mode, MTU, IPv6/ULA settings, the network-firewall enforcement order, the attached firewall policy, peering configurations, and the `subnetworks()` defined in the network.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkEndpointGroup":{"name":"networkEndpointGroup","type":"\u001bgcp.project.computeService.networkEndpointGroup","title":"Google Cloud (GCP) Compute network endpoint group","desc":"Examine a Compute Engine Network Endpoint Group (NEG): its endpoint type (GCE_VM_IP, GCE_VM_IP_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT), default port, number of endpoints, the network and subnetwork it belongs to, serverless backend configuration (Cloud Run, App Engine, or Cloud Functions), PSC target service, and zone or region placement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkEndpointGroups":{"name":"networkEndpointGroups","type":"\u0019\u001bgcp.project.computeService.networkEndpointGroup","title":"Network endpoint groups","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networks":{"name":"networks","type":"\u0019\u001bgcp.project.computeService.network","title":"Google Compute Engine VPC network in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packetMirroring":{"name":"packetMirroring","type":"\u001bgcp.project.computeService.packetMirroring","title":"Google Cloud (GCP) Compute packet mirroring policy","desc":"Examine a Compute Engine packet mirroring policy: whether mirroring is enabled, its priority, the collector internal load balancer, the mirrored resources (specific instances, subnetworks, or tags), traffic filter configuration, and the network it applies to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"packetMirrorings":{"name":"packetMirrorings","type":"\u0019\u001bgcp.project.computeService.packetMirroring","title":"Packet mirroring policies","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectBlockProjectSshKeys":{"name":"projectBlockProjectSshKeys","type":"\u0004","title":"Whether project-wide SSH keys are blocked — project commonInstanceMetadata item 'block-project-ssh-keys' is TRUE","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectOsLoginEnabled":{"name":"projectOsLoginEnabled","type":"\u0004","title":"Whether OS Login is enabled project-wide — project commonInstanceMetadata item 'enable-oslogin' is TRUE","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectSerialPortEnabled":{"name":"projectSerialPortEnabled","type":"\u0004","title":"Whether serial port access is enabled project-wide — project commonInstanceMetadata item 'serial-port-enable' is TRUE","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicAdvertisedPrefix":{"name":"publicAdvertisedPrefix","type":"\u001bgcp.project.computeService.publicAdvertisedPrefix","title":"Google Cloud (GCP) Compute public advertised prefix (BYOIP)","desc":"Examine a Bring Your Own IP (BYOIP) public advertised prefix: the IP CIDR range being advertised, its validation status (INITIAL, PTR_CONFIGURED, VALIDATED, PREFIX_CONFIGURATION_COMPLETE, PREFIX_CONFIGURATION_IN_PROGRESS, PREFIX_REMOVAL_IN_PROGRESS, READY_TO_USE), the DNS verification IP, BYOIP API version, PDP scope (REGIONAL, GLOBAL), and any public delegated sub-prefixes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"publicAdvertisedPrefixes":{"name":"publicAdvertisedPrefixes","type":"\u0019\u001bgcp.project.computeService.publicAdvertisedPrefix","title":"BYOIP public advertised prefixes","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Google Cloud (GCP) Compute Engine region","desc":"Examine a Compute Engine region and its capacity posture. Surfaces the region `name`, `status`, creation timestamp, per-resource `quotas` (CPU, disk, instances, etc.) as a name-to-float map, deprecation status, and whether the region supports Protected Zone Separation (`supportsPzs`).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"regions":{"name":"regions","type":"\u0019\u001bgcp.project.computeService.region","title":"Project regions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"route":{"name":"route","type":"\u001bgcp.project.computeService.route","title":"Google Cloud (GCP) Compute static route","desc":"Examine a Compute Engine route: its destination IP range, priority (0-65535), the network it belongs to, the next hop (gateway, instance, IP address, VPN tunnel, ILB forwarding rule, or NCC hub), the instance tags that scope the route, route type (STATIC, BGP, SUBNET, TRANSIT), route status (ACTIVE, INACTIVE, PENDING, DROPPED), and any configuration warnings reported by the API.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"router":{"name":"router","type":"\u001bgcp.project.computeService.router","title":"Google Compute Engine Cloud Router","desc":"Examine a Cloud Router's BGP configuration and NAT services. Surfaces `bgp` session settings, `bgpPeers` for dynamic route exchange, `encryptedInterconnectRouter` for HA VPN / Dedicated Interconnect encryption enforcement, and the `natServices()` defining Cloud NAT gateway configuration within the router. The `network()` reference links to the VPC the router is attached to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"routers":{"name":"routers","type":"\u0019\u001bgcp.project.computeService.router","title":"Cloud Routers in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routes":{"name":"routes","type":"\u0019\u001bgcp.project.computeService.route","title":"Static routes in VPC networks","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityPolicies":{"name":"securityPolicies","type":"\u0019\u001bgcp.project.computeService.securityPolicy","title":"Cloud Armor security policies","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityPolicy":{"name":"securityPolicy","type":"\u001bgcp.project.computeService.securityPolicy","title":"Google Cloud (GCP) Compute Cloud Armor security policy","desc":"Examine a Cloud Armor security policy that protects Google Cloud load balancers from DDoS attacks, web application threats, and unwanted traffic. Query its `type` (`CLOUD_ARMOR`, `CLOUD_ARMOR_EDGE`, or `CLOUD_ARMOR_NETWORK`), adaptive protection configuration, advanced options (request body inspection, JSON parsing), DDoS protection settings, and reCAPTCHA options. Drill into `rules` for the ordered list of allow, deny, rate-limit, and redirect rules.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"serviceAttachment":{"name":"serviceAttachment","type":"\u001bgcp.project.computeService.serviceAttachment","title":"Google Cloud (GCP) Compute Private Service Connect service attachment","desc":"Examine a Private Service Connect service attachment: its connection preference (ACCEPT_AUTOMATIC, ACCEPT_MANUAL), the connected consumer endpoints, consumer accept and reject lists, whether proxy protocol is enabled, DNS domain names for service discovery, NAT subnets, the producer forwarding rule, and the target service URL.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"serviceAttachments":{"name":"serviceAttachments","type":"\u0019\u001bgcp.project.computeService.serviceAttachment","title":"Private Service Connect service attachments","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceaccount":{"name":"serviceaccount","type":"\u001bgcloud.compute.serviceaccount","title":"Google Cloud (GCP) Compute service account","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"snapshot":{"name":"snapshot","type":"\u001bgcp.project.computeService.snapshot","title":"Google Cloud (GCP) Compute Engine persistent disk snapshot","desc":"Examine a Compute Engine disk snapshot and its security posture. Surfaces the snapshot `name`, `status`, `snapshotType`, `diskSizeGb`, storage consumption (`storageBytes`, `storageLocations`), and `labels`. Audit access exposure via `iamPolicy()` and the `public()` predicate that returns true when the snapshot is shared with `allUsers` or `allAuthenticatedUsers`. The typed `kmsKey()` accessor links to the customer-managed encryption key when CMEK is used, and `sourceDisk` identifies the disk the snapshot was taken from.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"snapshots":{"name":"snapshots","type":"\u0019\u001bgcp.project.computeService.snapshot","title":"Google Compute Engine snapshots in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslCertificate":{"name":"sslCertificate","type":"\u001bgcp.project.computeService.sslCertificate","title":"Google Cloud (GCP) Compute SSL certificate","desc":"Examine a Compute Engine SSL certificate attached to HTTPS or SSL proxy load balancers. Query its `type` (`SELF_MANAGED` for user-uploaded certificates or `MANAGED` for Google-managed certificates), subject alternative names, managed certificate configuration and provisioning status, expiration time, and the region it belongs to (empty for global certificates).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sslCertificates":{"name":"sslCertificates","type":"\u0019\u001bgcp.project.computeService.sslCertificate","title":"SSL/TLS certificates","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicies":{"name":"sslPolicies","type":"\u0019\u001bgcp.project.computeService.sslPolicy","title":"SSL/TLS policies for load balancers","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicy":{"name":"sslPolicy","type":"\u001bgcp.project.computeService.sslPolicy","title":"Google Cloud (GCP) Compute SSL policy","desc":"Examine a Compute Engine SSL policy that governs the TLS protocol version and cipher suites negotiated by HTTPS and SSL proxy load balancers. Query its `profile` (`COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`), `minTlsVersion`, enabled features, and custom features (when profile is `CUSTOM`). The `weakTls` field evaluates to `true` when the policy permits cipher suites or protocol versions considered cryptographically weak. `warnings` surfaces any API-reported configuration issues.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"storagePool":{"name":"storagePool","type":"\u001bgcp.project.computeService.storagePool","title":"Google Cloud (GCP) Compute storage pool","desc":"Examine a Compute Engine storage pool — a pre-provisioned block storage capacity container that disks are created from. Query its `state`, capacity provisioning type (`ADVANCED` or `STANDARD`), performance provisioning type, provisioned capacity in GiB, IOPS, and throughput. `storagePoolType` identifies the underlying disk technology, and `zone` names the zone where the pool resides.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"storagePools":{"name":"storagePools","type":"\u0019\u001bgcp.project.computeService.storagePool","title":"Storage pools","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u001bgcp.project.computeService.subnetwork","title":"Google Cloud VPC subnetwork","desc":"Examine a regional VPC subnetwork inside a Compute Engine network. Surfaces the subnetwork's IPv4 and IPv6 CIDR ranges, the `purpose` and `role` (private, regional-managed-proxy, internal-load-balancer, global-managed-proxy, etc.), the `enableFlowLogs` flag and matching `logConfig`, the `privateIpGoogleAccess` and `privateIpv6GoogleAccess` settings that control reachability of Google APIs from instances without external IPs, and typed references to the `network()` and the `region()` the subnet is bound to.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"subnetworks":{"name":"subnetworks","type":"\u0019\u001bgcp.project.computeService.subnetwork","title":"Logical partition of a VPC network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetHttpProxies":{"name":"targetHttpProxies","type":"\u0019\u001bgcp.project.computeService.targetHttpProxy","title":"Target HTTP proxies","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetHttpProxy":{"name":"targetHttpProxy","type":"\u001bgcp.project.computeService.targetHttpProxy","title":"Google Cloud (GCP) Compute target HTTP proxy","desc":"Examine a Compute Engine target HTTP proxy: the URL map it routes traffic through, whether proxy bind is enabled for Cloud Armor, and whether the proxy is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetHttpsProxies":{"name":"targetHttpsProxies","type":"\u0019\u001bgcp.project.computeService.targetHttpsProxy","title":"Target HTTPS proxies","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetHttpsProxy":{"name":"targetHttpsProxy","type":"\u001bgcp.project.computeService.targetHttpsProxy","title":"Google Cloud (GCP) Compute target HTTPS proxy","desc":"Examine a Compute Engine target HTTPS proxy: the URL map it routes traffic through, the SSL certificates it presents, the SSL policy governing TLS version and cipher requirements, the QUIC override setting (NONE, ENABLE, DISABLE), whether proxy bind is enabled for Cloud Armor, and whether the proxy is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetPool":{"name":"targetPool","type":"\u001bgcp.project.computeService.targetPool","title":"Google Cloud (GCP) Compute target pool (legacy network load balancing)","desc":"Examine a legacy network load balancing target pool: its session affinity mode (NONE, CLIENT_IP, CLIENT_IP_PROTO, CLIENT_IP_PORT_PROTO), failover ratio, backup pool URL, associated health check URLs, the instance URLs of members in the pool, and the security policy applied.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetPools":{"name":"targetPools","type":"\u0019\u001bgcp.project.computeService.targetPool","title":"Legacy target pools for network load balancing","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetSslProxies":{"name":"targetSslProxies","type":"\u0019\u001bgcp.project.computeService.targetSslProxy","title":"Target SSL proxies","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetSslProxy":{"name":"targetSslProxy","type":"\u001bgcp.project.computeService.targetSslProxy","title":"Google Cloud (GCP) Compute target SSL proxy","desc":"Examine a Compute Engine target SSL proxy: the backend service it forwards traffic to, the proxy header mode (NONE, PROXY_V1), the SSL certificates it presents, the SSL policy governing TLS version and cipher requirements, and the certificate map URL.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetTcpProxies":{"name":"targetTcpProxies","type":"\u0019\u001bgcp.project.computeService.targetTcpProxy","title":"Target TCP proxies","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetTcpProxy":{"name":"targetTcpProxy","type":"\u001bgcp.project.computeService.targetTcpProxy","title":"Google Cloud (GCP) Compute target TCP proxy","desc":"Examine a Compute Engine target TCP proxy: the backend service it forwards traffic to, the proxy header mode (NONE, PROXY_V1), whether proxy bind is enabled, and whether the proxy is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"urlMap":{"name":"urlMap","type":"\u001bgcp.project.computeService.urlMap","title":"Google Cloud (GCP) Compute URL map","desc":"Examine a Compute Engine URL map: its default backend service, host rules that match incoming hostnames, path matchers that route requests to backend services or buckets, URL map tests, and whether the map is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"urlMaps":{"name":"urlMaps","type":"\u0019\u001bgcp.project.computeService.urlMap","title":"URL maps (load balancer routing rules)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnGateway":{"name":"vpnGateway","type":"\u001bgcp.project.computeService.vpnGateway","title":"Google Cloud (GCP) Compute HA VPN gateway","desc":"Examine a High Availability (HA) VPN gateway that provides redundant Site-to-Site VPN connectivity. Query its attached `network`, IP family (`gatewayIpVersion`), stack type (`IPV4_ONLY`, `IPV4_IPV6`, or `IPV6_ONLY`), `vpnInterfaces` (each with an IP address and optional interconnect attachment), and resource manager tags. HA VPN gateways always provide two interfaces for 99.99% availability.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vpnGateways":{"name":"vpnGateways","type":"\u0019\u001bgcp.project.computeService.vpnGateway","title":"HA VPN gateways","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnTunnel":{"name":"vpnTunnel","type":"\u001bgcp.project.computeService.vpnTunnel","title":"Google Cloud (GCP) Compute VPN tunnel","desc":"Examine a Cloud VPN tunnel carrying encrypted traffic between a GCP network and a peer gateway. Query its `status`, `ikeVersion`, `localTrafficSelector` and `remoteTrafficSelector` CIDRs, and the `sharedSecretHash`. Resolve the peer via `peerExternalVpnGateway` or `peerGcpVpnGateway`, the owning HA VPN gateway via `vpnGateway`, and the dynamic routing Cloud Router via `router`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vpnTunnels":{"name":"vpnTunnels","type":"\u0019\u001bgcp.project.computeService.vpnTunnel","title":"VPN tunnels","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","title":"Google Cloud (GCP) Compute zone","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"zones":{"name":"zones","type":"\u0019\u001bgcp.project.computeService.zone","title":"Project zones","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Engine","desc":"Use this resource as the entry point for Compute Engine in the project. It hosts the compute surface (`instances`, `disks`, `snapshots`, `images`, `instanceTemplates`, `instanceGroups`, `instanceGroupManagers`, `machineTypes`, `storagePools`), the VPC networking layer (`networks`, `subnetworks`, `routers`, `routes`, `firewalls`, `firewallPolicies`, `addresses`), load balancing (`backendServices`, `backendBuckets`, `urlMaps`, the `target*Proxies`, `forwardingRules`, `healthChecks`, `targetPools`, `networkEndpointGroups`), hybrid connectivity (`vpnGateways`, `vpnTunnels`, `externalVpnGateways`, `interconnects`, `interconnectAttachments`), and security controls (`securityPolicies` for Cloud Armor, `sslPolicies`, `sslCertificates`, `packetMirrorings`). `hasDefaultNetwork` audits whether the auto-created `default` VPC network still exists.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.datastream":{"id":"gcp.project.datastreamService","name":"gcp.project.datastreamService","fields":{"connectionProfile":{"name":"connectionProfile","type":"\u001bgcp.project.datastreamService.connectionProfile","title":"Google Cloud (GCP) Datastream connection profile","desc":"Examine a Datastream connection profile — the credentials and endpoint configuration for a data source or destination. Inspect `profileType` (mysql, postgresql, oracle, sqlserver, mongodb, bigquery, gcs, salesforce) to determine the profile variant; `profile` for the type-specific connection parameters; `connectivityType` for the network path (forwardSsh, privateConnectivity, staticServiceIp); and `privateConnection` when private VPC connectivity is used.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"connectionProfiles":{"name":"connectionProfiles","type":"\u0019\u001bgcp.project.datastreamService.connectionProfile","title":"List of Datastream connection profiles in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateConnection":{"name":"privateConnection","type":"\u001bgcp.project.datastreamService.privateConnection","title":"Google Cloud (GCP) Datastream private connection","desc":"Examine a Datastream private connection — a VPC peering arrangement that provides private network access from Datastream to on-premises or private cloud data sources. Inspect `network` for the peered VPC; `subnet` for the CIDR range allocated to the peering; `state` for the lifecycle (CREATING, CREATED, FAILED, DELETING, DELETED); `error` for any failure details; and `routes` for the routing entries configured inside the private connection.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"privateConnections":{"name":"privateConnections","type":"\u0019\u001bgcp.project.datastreamService.privateConnection","title":"List of Datastream private connections in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"route":{"name":"route","type":"\u001bgcp.project.datastreamService.route","title":"Google Cloud (GCP) Datastream route","desc":"Examine a route inside a Datastream private connection. Inspect `destinationAddress` for the destination host or IP and `destinationPort` for the optional port override that steers traffic from Datastream workers through the private connection to the target data source.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"stream":{"name":"stream","type":"\u001bgcp.project.datastreamService.stream","title":"Google Cloud (GCP) Datastream stream","desc":"Examine a Datastream change-data-capture stream. Inspect `state` for the operational lifecycle; `source` and `destination` to traverse to the connection profiles at each end; `sourceConfig` and `destinationConfig` for the type-specific replication parameters; `kmsKey` for the customer-managed encryption key; `backfillStrategy` to verify whether historical data is automatically backfilled; and `errors` for failures reported by the stream.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"streams":{"name":"streams","type":"\u0019\u001bgcp.project.datastreamService.stream","title":"List of Datastream streams in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Datastream","desc":"Use this resource as the entry point for Datastream in the project. It hosts the change-data-capture surface: `streams`, the source and destination `connectionProfiles` they use, and the `privateConnections` that provide private network connectivity.","private":true,"min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.dns":{"id":"gcp.project.dnsService","name":"gcp.project.dnsService","fields":{"managedZones":{"name":"managedZones","type":"\u0019\u001bgcp.project.dnsService.managedzone","title":"Cloud DNS managed zone in project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedzone":{"name":"managedzone","type":"\u001bgcp.project.dnsService.managedzone","title":"Google Cloud DNS managed zone","desc":"Examine a Cloud DNS managed zone's configuration and security posture. Surfaces the `dnsName`, `visibility` (public or private), `dnssecConfig` (DNSSEC enablement and key-signing algorithm), the `cloudLoggingEnabled` flag, `privateVisibilityConfig` for VPC-scoped private zones, `nameServers`, `nameServerSet`, `labels`, and IAM policy bindings. Derived predicates `dnssecEnabled` and `dnsSecAlgorithmWeak()` flag DNSSEC posture issues. Child `recordSets()` expose the DNS records within the zone.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"policies":{"name":"policies","type":"\u0019\u001bgcp.project.dnsService.policy","title":"Cloud DNS rules in project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"policy":{"name":"policy","type":"\u001bgcp.project.dnsService.policy","title":"Google Cloud DNS policy","desc":"Examine a Cloud DNS policy applied to one or more VPC networks. Surfaces `enableInboundForwarding` (whether on-premises resolvers can send queries to Cloud DNS), `enableLogging` for DNS query audit trails, and `networkNames` / `networks()` listing the VPC networks the policy governs.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"recordset":{"name":"recordset","type":"\u001bgcp.project.dnsService.recordset","title":"Google Cloud DNS record set","desc":"Examine a Cloud DNS resource record set within a managed zone. Surfaces the record `name`, `type` (A, AAAA, CNAME, MX, TXT, NS, SOA, etc.), `ttl`, `rrdatas` (the actual record data as defined in RFC 1035 / 1034), and `signatureRrdatas` (DNSSEC signatures as defined in RFC 4034).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"responsePolicies":{"name":"responsePolicies","type":"\u0019\u001bgcp.project.dnsService.responsePolicy","title":"Cloud DNS response policies in project","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"responsePolicy":{"name":"responsePolicy","type":"\u001bgcp.project.dnsService.responsePolicy","title":"Google Cloud DNS response policy","desc":"Examine a Cloud DNS response policy that overrides DNS answers for queries made against one or more VPC networks. Because a response policy can redirect or rewrite resolved addresses, surfacing its bindings matters for security review. Surfaces the server-assigned `id`, the user-assigned `responsePolicyName`, `description`, `networkUrls` / `networks()` listing the VPC networks the policy is attached to, and `gkeClusters` naming any bound GKE clusters.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud (GCP) Cloud DNS","desc":"Use this resource as the entry point for Cloud DNS in the project. It hosts the `managedZones` (public and private DNS zones, including their DNSSEC state and record sets) and the `policies` that govern inbound and outbound DNS resolution for the project's VPC networks.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.essentialContact":{"id":"gcp.essentialContact","name":"gcp.essentialContact","fields":{"email":{"name":"email","type":"\u0007","is_mandatory":true,"title":"Email address to send notifications to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"languageTag":{"name":"languageTag","type":"\u0007","is_mandatory":true,"title":"Preferred language for notifications, as a ISO 639-1 language code","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"notificationCategories":{"name":"notificationCategories","type":"\u0019\u0007","is_mandatory":true,"title":"Categories of notifications that the contact will receive communication for","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"validated":{"name":"validated","type":"\t","is_mandatory":true,"title":"Last time the validation state was updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"validationState":{"name":"validationState","type":"\u0007","is_mandatory":true,"title":"Validity of the contact","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Essential Contacts entry","desc":"Examine a contact registered to receive security, legal, billing, technical, or product-update notifications for a GCP organization, folder, or project. Exposes the contact's email address, preferred language, the notification categories they are subscribed to, and their validation state — allowing audits to confirm that critical security contacts are present and validated.","private":true,"min_provider_version":"9.0.0","defaults":"email notificationCategories","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.firestore":{"id":"gcp.project.firestoreService","name":"gcp.project.firestoreService","fields":{"database":{"name":"database","type":"\u001bgcp.project.firestoreService.database","title":"Google Cloud (GCP) Firestore database","desc":"Examine a Firestore database's configuration and protection settings. Covers the database type (FIRESTORE_NATIVE or DATASTORE_MODE), location, concurrency mode, App Engine integration mode, point-in-time recovery enablement, delete-protection state, customer-managed KMS encryption configuration, version retention period, the earliest recoverable timestamp, resource manager tags, indexes, and backup schedules.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"databases":{"name":"databases","type":"\u0019\u001bgcp.project.firestoreService.database","title":"List of Firestore databases in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Firestore","desc":"Use this resource as the entry point for Firestore in the project. It hosts the project's `databases` — each exposing its database type (Native or Datastore mode), location, concurrency mode, point-in-time recovery setting, and delete-protection state.","private":true,"min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.folder":{"id":"gcp.folder","name":"gcp.folder","fields":{"auditConfig":{"name":"auditConfig","type":"\u0019\u001bgcp.resourcemanager.auditConfig","title":"Audit logging configuration on the folder","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deleteTime":{"name":"deleteTime","type":"\t","is_mandatory":true,"title":"Timestamp when deletion was requested","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"folders":{"name":"folders","type":"\u001bgcp.folders","title":"List of folders","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"Folder IAM policy","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Folder ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logging":{"name":"logging","type":"\u001bgcp.folder.loggingService","title":"Cloud Logging configuration scoped to the folder","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingService":{"name":"loggingService","type":"\u001bgcp.folder.loggingService","title":"Google Cloud (GCP) folder-scope Cloud Logging","desc":"Use this resource as the entry point for folder-level Cloud Logging configuration. It hosts the folder's logging `sinks` — the export rules that forward log entries from every project under the folder to a central destination. Folder-level sinks are how a business unit or environment enforces consistent log aggregation across all of its projects without requiring per-project configuration.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Folder name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"orgPolicies":{"name":"orgPolicies","type":"\u0019\u001bgcp.orgPolicy","title":"Organization policies applied to the folder","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parentId":{"name":"parentId","type":"\u0007","is_mandatory":true,"title":"Parent ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projects":{"name":"projects","type":"\u001bgcp.projects","title":"List of projects","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Folder state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) folder","desc":"Examine a Cloud Resource Manager folder — a node in the org hierarchy between the organization and its projects. Surfaces the folder `id`, `name`, `parentId`, lifecycle `state`, creation and update timestamps, and the timestamp when deletion was requested. Use `folders()` to enumerate immediate child folders and `projects()` to list the projects directly under this folder.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.folder.loggingService":{"id":"gcp.folder.loggingService","name":"gcp.folder.loggingService","fields":{"folderName":{"name":"folderName","type":"\u0007","is_mandatory":true,"title":"Full folder resource name (folders/{id})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sink":{"name":"sink","type":"\u001bgcp.folder.loggingService.sink","title":"Google Cloud (GCP) folder-level Cloud Logging sink","desc":"Examine a folder-scoped Cloud Logging export sink. Surfaces the `destination` (Cloud Storage bucket, BigQuery dataset, Pub/Sub topic, or another log bucket), the advanced log `filter`, the `writerIdentity` used for authorization, and the `includeChildren` flag — when true, the sink also receives log entries (recursively) from any contained projects or sub-folders.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sinks":{"name":"sinks","type":"\u0019\u001bgcp.folder.loggingService.sink","title":"List of logging sinks defined at the folder level","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) folder-scope Cloud Logging","desc":"Use this resource as the entry point for folder-level Cloud Logging configuration. It hosts the folder's logging `sinks` — the export rules that forward log entries from every project under the folder to a central destination. Folder-level sinks are how a business unit or environment enforces consistent log aggregation across all of its projects without requiring per-project configuration.","private":true,"min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.folder.loggingService.sink":{"id":"gcp.folder.loggingService.sink","name":"gcp.folder.loggingService.sink","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the sink","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destination":{"name":"destination","type":"\u0007","is_mandatory":true,"title":"Export destination","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the sink is disabled (no log entries are exported)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Optional advanced logs filter","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"folderName":{"name":"folderName","type":"\u0007","is_mandatory":true,"title":"Full folder resource name (folders/{id})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"includeChildren":{"name":"includeChildren","type":"\u0004","is_mandatory":true,"title":"When true, the sink also receives log entries (recursively) from contained projects or sub-folders","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Sink ID (the short name of the sink within the folder)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"writerIdentity":{"name":"writerIdentity","type":"\u0007","is_mandatory":true,"title":"When exporting logs, logging adopts this identity for authorization","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) folder-level Cloud Logging sink","desc":"Examine a folder-scoped Cloud Logging export sink. Surfaces the `destination` (Cloud Storage bucket, BigQuery dataset, Pub/Sub topic, or another log bucket), the advanced log `filter`, the `writerIdentity` used for authorization, and the `includeChildren` flag — when true, the sink also receives log entries (recursively) from any contained projects or sub-folders.","private":true,"min_provider_version":"13.16.3","defaults":"name destination","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.folders":{"id":"gcp.folders","name":"gcp.folders","fields":{"children":{"name":"children","type":"\u0019\u001bgcp.folder","title":"List of the children folders only (non-recursive)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"list":{"name":"list","type":"\u0019\u001bgcp.folder","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parentId":{"name":"parentId","type":"\u0007","is_mandatory":true,"title":"Parent ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"list_type":"\u001bgcp.folder","title":"Google Cloud (GCP) folders","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.memcache":{"id":"gcp.project.memcacheService","name":"gcp.project.memcacheService","fields":{"instance":{"name":"instance","type":"\u001bgcp.project.memcacheService.instance","title":"Google Cloud (GCP) Memcached instance","desc":"Examine a Memorystore for Memcache instance. Inspect `nodeCount`, `nodeCpuCount`, and `nodeMemorySizeMb` for the cluster's compute allocation; `network` for the authorized VPC network; `parameters` for the effective Memcached tuning parameters; `maintenancePolicy` for the maintenance window configuration; and `state` for the instance's operational lifecycle. Individual nodes are accessible via `nodes`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.memcacheService.instance","title":"List of Memcached instances in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore for Memcached","desc":"Use this resource as the entry point for Memorystore for Memcached in the project. It hosts the project's `instances` — each exposing its node configuration, authorized network, memcached parameters, and maintenance settings for cache-tier audits.","private":true,"min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.memorystore":{"id":"gcp.project.memorystoreService","name":"gcp.project.memorystoreService","fields":{"backup":{"name":"backup","type":"\u001bgcp.project.memorystoreService.backup","title":"Google Cloud (GCP) Memorystore backup","desc":"Examine a Memorystore backup snapshot. Inspect `backupType` (ON_DEMAND or AUTOMATED) and `state` for lifecycle status; `engineVersion`, `nodeType`, `shardCount`, and `replicaCount` for the cluster shape at backup time; `totalSizeBytes` for storage consumption; `encryptionInfo` for the encryption details; `expireTime` for the retention deadline; and `backupFiles` for the individual component files that make up the backup.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupCollection":{"name":"backupCollection","type":"\u001bgcp.project.memorystoreService.backupCollection","title":"Google Cloud (GCP) Memorystore backup collection","desc":"Examine a Memorystore backup collection — the container that retains all backups for a single instance. Inspect `instance` to traverse to the source instance; `totalBackupCount` and `totalBackupSizeBytes` for storage consumption; `kmsKey` for the customer-managed encryption key protecting the backups; `lastBackupTime` for the most recent backup timestamp; and `backups` to iterate the individual backup records.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupCollections":{"name":"backupCollections","type":"\u0019\u001bgcp.project.memorystoreService.backupCollection","title":"List of Memorystore backup collections in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcp.project.memorystoreService.instance","title":"Google Cloud (GCP) Memorystore instance","desc":"Examine a Memorystore instance running Valkey or Redis. Inspect `mode` (STANDALONE, CLUSTER, CLUSTER_DISABLED) and `shardCount` for the topology; `authorizationMode` and `transitEncryptionMode` for security posture; `kmsKey` for customer-managed encryption; `persistenceConfig` for RDB or AOF durability settings; `maintenancePolicy` for the maintenance window; `deletionProtectionEnabled` to check against accidental removal; and `automatedBackupConfig` for the backup schedule and retention settings.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.memorystoreService.instance","title":"List of Memorystore instances in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore","desc":"Use this resource as the entry point for the unified Memorystore service (Valkey and Redis) in the project. It hosts the project's `instances` and the `backupCollections` that retain their backups — exposing node configuration, persistence, and encryption settings for cache-tier audits.","private":true,"min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.modelarmor":{"id":"gcp.project.modelArmorService","name":"gcp.project.modelArmorService","fields":{"floorSetting":{"name":"floorSetting","type":"\u001bgcp.project.modelArmorService.floorSetting","title":"Floor setting (organization-level AI safety configuration)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"template":{"name":"template","type":"\u001bgcp.project.modelArmorService.template","title":"Google Cloud (GCP) Model Armor template","desc":"Examine a Model Armor safety-filter template — its filter configuration (RAI settings, SDP settings, PI and jailbreak filter, malicious URI filter) and template metadata (enforcement type, error handling, multi- language detection). Templates are applied to AI prompts and responses to enforce safety policies.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"templates":{"name":"templates","type":"\u0019\u001bgcp.project.modelArmorService.template","title":"List of Model Armor templates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Model Armor","desc":"Use this resource as the entry point for Model Armor in the project. It hosts the safety-filter `templates` and the project `floorSetting` — the minimum AI safety configuration enforced across prompts and responses.","private":true,"min_provider_version":"13.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.orgPolicy":{"id":"gcp.orgPolicy","name":"gcp.orgPolicy","fields":{"constraint":{"name":"constraint","type":"\u001bgcp.orgPolicy.constraint","title":"Google Cloud (GCP) Organization policy constraint","desc":"Examine a predefined Organization Policy constraint — the policy vocabulary item that an `orgPolicy` rule references. Query the `constraintDefault` behavior when no policy is set (`CONSTRAINT_DEFAULT_ALLOW` or `CONSTRAINT_DEFAULT_DENY`), `listConstraint` details (allowed/denied values, supports wildcards), and `booleanConstraint` details. The `name` field is the full constraint identifier, e.g., `constraints/compute.disableSerialPortAccess`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"constraintName":{"name":"constraintName","type":"\u0007","is_mandatory":true,"title":"Constraint name (e.g., \"constraints/compute.disableSerialPortAccess\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customConstraint":{"name":"customConstraint","type":"\u001bgcp.orgPolicy.customConstraint","title":"Google Cloud (GCP) custom Organization Policy constraint","desc":"Examine a customer-defined constraint that extends Organization Policy beyond Google's predefined constraints. `resourceTypes` and `methodTypes` scope which resources and API operations the constraint governs, `condition` holds the CEL expression evaluated against each resource, and `actionType` decides whether a match is allowed or denied. Custom constraints exist only at the organization level and are selected by their full resource `name`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dryRunOnly":{"name":"dryRunOnly","type":"\u0004","title":"Whether the policy only has a dry-run spec and no enforced live spec, meaning it is evaluated for testing but does not actually enforce","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dryRunSpec":{"name":"dryRunSpec","type":"\n","is_mandatory":true,"title":"Dry-run policy specification (for testing)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Etag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"spec":{"name":"spec","type":"\n","is_mandatory":true,"title":"Policy specification","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Time last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Organization Policy","desc":"Examine an Organization Policy applied to a project, folder, or organization. Query the `constraintName` (e.g., `constraints/compute.disableSerialPortAccess`), the effective `spec` (rules and inheritance behavior), the dry-run `dryRunSpec` for testing policy changes before enforcement, and the `etag` for optimistic concurrency control.","private":true,"min_provider_version":"11.5.1","defaults":"constraintName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.orgPolicy.constraint":{"id":"gcp.orgPolicy.constraint","name":"gcp.orgPolicy.constraint","fields":{"booleanConstraint":{"name":"booleanConstraint","type":"\n","is_mandatory":true,"title":"Boolean constraint details (if this is a boolean constraint)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"constraintDefault":{"name":"constraintDefault","type":"\u0007","is_mandatory":true,"title":"Default behavior when the constraint is not explicitly set (CONSTRAINT_DEFAULT_ALLOW, CONSTRAINT_DEFAULT_DENY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"listConstraint":{"name":"listConstraint","type":"\n","is_mandatory":true,"title":"List constraint details (if this is a list constraint)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (e.g., constraints/compute.disableSerialPortAccess)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Organization policy constraint","desc":"Examine a predefined Organization Policy constraint — the policy vocabulary item that an `orgPolicy` rule references. Query the `constraintDefault` behavior when no policy is set (`CONSTRAINT_DEFAULT_ALLOW` or `CONSTRAINT_DEFAULT_DENY`), `listConstraint` details (allowed/denied values, supports wildcards), and `booleanConstraint` details. The `name` field is the full constraint identifier, e.g., `constraints/compute.disableSerialPortAccess`.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.orgPolicy.customConstraint":{"id":"gcp.orgPolicy.customConstraint","name":"gcp.orgPolicy.customConstraint","fields":{"actionType":{"name":"actionType","type":"\u0007","is_mandatory":true,"title":"Action taken when the condition is met (ALLOW, DENY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"condition":{"name":"condition","type":"\u0007","is_mandatory":true,"title":"CEL condition expression evaluated against the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the constraint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"One-line display name for the constraint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"methodTypes":{"name":"methodTypes","type":"\u0019\u0007","is_mandatory":true,"title":"API operations the constraint is enforced on (CREATE, UPDATE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (e.g., organizations/123/customConstraints/custom.disableGkeAutoUpgrade)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceTypes":{"name":"resourceTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Resource types the constraint applies to (e.g., compute.googleapis.com/Instance)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Timestamp when the constraint was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) custom Organization Policy constraint","desc":"Examine a customer-defined constraint that extends Organization Policy beyond Google's predefined constraints. `resourceTypes` and `methodTypes` scope which resources and API operations the constraint governs, `condition` holds the CEL expression evaluated against each resource, and `actionType` decides whether a match is allowed or denied. Custom constraints exist only at the organization level and are selected by their full resource `name`.","private":true,"min_provider_version":"13.15.1","defaults":"displayName name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.organization":{"id":"gcp.organization","name":"gcp.organization","fields":{"accessApprovalSettings":{"name":"accessApprovalSettings","type":"\u001bgcp.accessApprovalSettings","title":"Access approval settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"accessPolicies":{"name":"accessPolicies","type":"\u0019\u001bgcp.accesscontextmanager.accessPolicy","title":"VPC Service Controls access policies","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"auditConfig":{"name":"auditConfig","type":"\u0019\u001bgcp.resourcemanager.auditConfig","title":"Audit logging configuration","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudIdentityGroups":{"name":"cloudIdentityGroups","type":"\u0019\u001bgcp.cloudIdentity.group","title":"Cloud Identity groups in the associated Google Workspace / Cloud Identity account","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customConstraints":{"name":"customConstraints","type":"\u0019\u001bgcp.orgPolicy.customConstraint","title":"Custom Organization Policy constraints defined on the organization","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customRoles":{"name":"customRoles","type":"\u0019\u001bgcp.organization.role","title":"Custom IAM roles defined at the organization level","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customerId":{"name":"customerId","type":"\u0007","is_mandatory":true,"title":"Google Workspace / Cloud Identity customer ID associated with the organization","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deleteTime":{"name":"deleteTime","type":"\t","is_mandatory":true,"title":"Timestamp when deletion was requested","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"folders":{"name":"folders","type":"\u001bgcp.folders","title":"List of folders","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"Organization IAM policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Organization ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logging":{"name":"logging","type":"\u001bgcp.organization.loggingService","title":"Cloud Logging configuration scoped to the organization","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingService":{"name":"loggingService","type":"\u001bgcp.organization.loggingService","title":"Google Cloud (GCP) organization-scope Cloud Logging","desc":"Use this resource as the entry point for organization-level Cloud Logging configuration. It hosts the organization's logging `sinks` — the export rules that forward log entries from every project under the organization to a central destination (Cloud Storage, BigQuery, Pub/Sub, or another log bucket). Org-level sinks are the primary control for forcing tamper-resistant log aggregation across the entire org, which is a baseline requirement for incident response and most compliance frameworks.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"name":{"name":"name","type":"\u0007","title":"Organization name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkSecurityProfile":{"name":"networkSecurityProfile","type":"\u001bgcp.organization.networkSecurityProfile","title":"Network Security profile for an organization","desc":"Examine a Network Security profile that defines a reusable set of threat-detection and traffic-handling behavior referenced by firewall policy rules: `threatPreventionProfile` configures intrusion prevention severity overrides, `urlFilteringProfile` configures URL filtering, and the intercept and mirroring profiles configure packet handling. The `type` field records which behavior the profile carries. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkSecurityProfileGroup":{"name":"networkSecurityProfileGroup","type":"\u001bgcp.organization.networkSecurityProfileGroup","title":"Network Security profile group for an organization","desc":"Examine a Network Security profile group, which bundles individual security profiles so that a single firewall policy rule can apply threat prevention, URL filtering, mirroring, and intercept behavior together. Each field references the full resource name of the security profile that supplies that behavior. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkSecurityProfileGroups":{"name":"networkSecurityProfileGroups","type":"\u0019\u001bgcp.organization.networkSecurityProfileGroup","title":"Network Security profile groups defined for the organization","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkSecurityProfiles":{"name":"networkSecurityProfiles","type":"\u0019\u001bgcp.organization.networkSecurityProfile","title":"Network Security profiles defined for the organization","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"orgPolicies":{"name":"orgPolicies","type":"\u0019\u001bgcp.orgPolicy","title":"Organization policies","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projects":{"name":"projects","type":"\u001bgcp.projects","title":"List of projects","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"role":{"name":"role","type":"\u001bgcp.organization.role","title":"Google Cloud (GCP) IAM custom role defined at the organization level","desc":"Examine a custom IAM role defined on the organization rather than on an individual project — its title, description, launch stage (`ALPHA`, `BETA`, `GA`, `DEPRECATED`, `DISABLED`), the full list of permissions it grants, and whether it has been soft-deleted. Organization-level custom roles are reusable across every project in the org, so an overly broad permission set has a wider blast radius than the equivalent project-scoped role.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sccBigQueryExports":{"name":"sccBigQueryExports","type":"\u0019\u001bgcp.scc.bigQueryExport","title":"Security Command Center BigQuery export configs","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccFindings":{"name":"sccFindings","type":"\u0019\u001bgcp.scc.finding","title":"Security Command Center findings across all sources (active findings only)","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccMuteConfigs":{"name":"sccMuteConfigs","type":"\u0019\u001bgcp.scc.muteConfig","title":"Security Command Center mute configs","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccNotificationConfigs":{"name":"sccNotificationConfigs","type":"\u0019\u001bgcp.scc.notificationConfig","title":"Security Command Center notification configs","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccOrganizationSettings":{"name":"sccOrganizationSettings","type":"\u001bgcp.scc.organizationSettings","title":"Security Command Center organization settings","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sccSources":{"name":"sccSources","type":"\u0019\u001bgcp.scc.source","title":"Security Command Center sources","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","title":"Organization state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last modified timestamp","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud organization","desc":"Examine the Cloud Resource Manager organization that contains the account's folders, projects, IAM policy, and Security Command Center configuration. Surfaces the organization ID, name, lifecycle state, the IAM `iamPolicy` and `auditConfig` bindings, the `orgPolicies` applied across the org tree, the access-approval settings, and the child `folders()` and `projects()`. The Security Command Center accessors (`sccSources`, `sccFindings`, `sccNotificationConfigs`, `sccMuteConfigs`, `sccBigQueryExports`, `sccOrganizationSettings`) expose SCC posture across all sources, `accessPolicies()` returns the VPC Service Controls access policies bound to the org, and `customConstraints()` lists the custom Organization Policy constraints defined on it.","min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.organization.loggingService":{"id":"gcp.organization.loggingService","name":"gcp.organization.loggingService","fields":{"organizationName":{"name":"organizationName","type":"\u0007","is_mandatory":true,"title":"Full organization resource name (organizations/{id})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sink":{"name":"sink","type":"\u001bgcp.organization.loggingService.sink","title":"Google Cloud (GCP) organization-level Cloud Logging sink","desc":"Examine an organization-scoped Cloud Logging export sink. Surfaces the `destination` (Cloud Storage bucket, BigQuery dataset, Pub/Sub topic, or another log bucket), the advanced log `filter`, the `writerIdentity` used for authorization, and the `includeChildren` flag — when true, the sink also receives log entries (recursively) from any contained folders, billing accounts, or projects.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sinks":{"name":"sinks","type":"\u0019\u001bgcp.organization.loggingService.sink","title":"List of logging sinks defined at the organization level","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) organization-scope Cloud Logging","desc":"Use this resource as the entry point for organization-level Cloud Logging configuration. It hosts the organization's logging `sinks` — the export rules that forward log entries from every project under the organization to a central destination (Cloud Storage, BigQuery, Pub/Sub, or another log bucket). Org-level sinks are the primary control for forcing tamper-resistant log aggregation across the entire org, which is a baseline requirement for incident response and most compliance frameworks.","private":true,"min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.organization.loggingService.sink":{"id":"gcp.organization.loggingService.sink","name":"gcp.organization.loggingService.sink","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the sink","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destination":{"name":"destination","type":"\u0007","is_mandatory":true,"title":"Export destination","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the sink is disabled (no log entries are exported)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Optional advanced logs filter","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"includeChildren":{"name":"includeChildren","type":"\u0004","is_mandatory":true,"title":"When true, the sink also receives log entries (recursively) from contained folders, billing accounts, or projects","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Sink ID (the short name of the sink within the organization)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"organizationName":{"name":"organizationName","type":"\u0007","is_mandatory":true,"title":"Full organization resource name (organizations/{id})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"writerIdentity":{"name":"writerIdentity","type":"\u0007","is_mandatory":true,"title":"When exporting logs, logging adopts this identity for authorization","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) organization-level Cloud Logging sink","desc":"Examine an organization-scoped Cloud Logging export sink. Surfaces the `destination` (Cloud Storage bucket, BigQuery dataset, Pub/Sub topic, or another log bucket), the advanced log `filter`, the `writerIdentity` used for authorization, and the `includeChildren` flag — when true, the sink also receives log entries (recursively) from any contained folders, billing accounts, or projects.","private":true,"min_provider_version":"13.16.3","defaults":"name destination","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.organization.networkSecurityProfile":{"id":"gcp.organization.networkSecurityProfile","name":"gcp.organization.networkSecurityProfile","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the security profile was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customInterceptProfile":{"name":"customInterceptProfile","type":"\n","is_mandatory":true,"title":"Custom packet-intercept configuration applied by the profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customMirroringProfile":{"name":"customMirroringProfile","type":"\n","is_mandatory":true,"title":"Custom packet-mirroring configuration applied by the profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Entity tag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the security profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"threatPreventionProfile":{"name":"threatPreventionProfile","type":"\n","is_mandatory":true,"title":"Threat prevention configuration, including per-severity and per-threat overrides","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Profile type (THREAT_PREVENTION, CUSTOM_MIRRORING, CUSTOM_INTERCEPT, URL_FILTERING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time the security profile was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"urlFilteringProfile":{"name":"urlFilteringProfile","type":"\n","is_mandatory":true,"title":"URL filtering configuration applied by the profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Network Security profile for an organization","desc":"Examine a Network Security profile that defines a reusable set of threat-detection and traffic-handling behavior referenced by firewall policy rules: `threatPreventionProfile` configures intrusion prevention severity overrides, `urlFilteringProfile` configures URL filtering, and the intercept and mirroring profiles configure packet handling. The `type` field records which behavior the profile carries. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.organization.networkSecurityProfileGroup":{"id":"gcp.organization.networkSecurityProfileGroup","name":"gcp.organization.networkSecurityProfileGroup","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the security profile group was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customInterceptProfile":{"name":"customInterceptProfile","type":"\u0007","is_mandatory":true,"title":"Resource name of the custom intercept profile in the group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customMirroringProfile":{"name":"customMirroringProfile","type":"\u0007","is_mandatory":true,"title":"Resource name of the custom mirroring profile in the group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Entity tag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the security profile group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"threatPreventionProfile":{"name":"threatPreventionProfile","type":"\u0007","is_mandatory":true,"title":"Resource name of the threat prevention profile in the group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time the security profile group was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Network Security profile group for an organization","desc":"Examine a Network Security profile group, which bundles individual security profiles so that a single firewall policy rule can apply threat prevention, URL filtering, mirroring, and intercept behavior together. Each field references the full resource name of the security profile that supplies that behavior. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.organization.role":{"id":"gcp.organization.role","name":"gcp.organization.role","fields":{"deleted":{"name":"deleted","type":"\u0004","is_mandatory":true,"title":"Whether the role has been deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the role","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"grantsIamPolicyManagement":{"name":"grantsIamPolicyManagement","type":"\u0004","title":"Whether the role grants any IAM policy management permission (any permission ending in .setIamPolicy)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"grantsServiceAccountImpersonation":{"name":"grantsServiceAccountImpersonation","type":"\u0004","title":"Whether the role grants service-account impersonation","desc":"True when any included permission is iam.serviceAccounts.actAs, getAccessToken, signBlob, signJwt, getOpenIdToken, or implicitDelegation — the permissions that enable acting as a service account and escalating privilege.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"includedPermissions":{"name":"includedPermissions","type":"\u0019\u0007","is_mandatory":true,"title":"Permissions included in this role","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the role (e.g., organizations/123/roles/myRole)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"organizationId":{"name":"organizationId","type":"\u0007","is_mandatory":true,"title":"Organization ID (without the \"organizations/\" prefix)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stage":{"name":"stage","type":"\u0007","is_mandatory":true,"title":"Launch stage of the role (ALPHA, BETA, GA, DEPRECATED, DISABLED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"title":{"name":"title","type":"\u0007","is_mandatory":true,"title":"Title of the role","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) IAM custom role defined at the organization level","desc":"Examine a custom IAM role defined on the organization rather than on an individual project — its title, description, launch stage (`ALPHA`, `BETA`, `GA`, `DEPRECATED`, `DISABLED`), the full list of permissions it grants, and whether it has been soft-deleted. Organization-level custom roles are reusable across every project in the org, so an overly broad permission set has a wider blast radius than the equivalent project-scoped role.","private":true,"min_provider_version":"13.16.3","defaults":"title name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project":{"id":"gcp.project","name":"gcp.project","fields":{"accessApprovalSettings":{"name":"accessApprovalSettings","type":"\u001bgcp.accessApprovalSettings","title":"Access approval settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"alloydb":{"name":"alloydb","type":"\u001bgcp.project.alloydbService","title":"GCP AlloyDB resources","min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"alloydbService":{"name":"alloydbService","type":"\u001bgcp.project.alloydbService","title":"Google Cloud (GCP) AlloyDB for PostgreSQL","desc":"Use this resource as the entry point for AlloyDB in the project. It hosts the project's `clusters` — each exposing its primary and read-pool instances, automated backup policy, encryption configuration, and network settings for PostgreSQL-compatible database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"apiGateway":{"name":"apiGateway","type":"\u001bgcp.project.apiGatewayService","title":"GCP API Gateway resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"apiGatewayService":{"name":"apiGatewayService","type":"\u001bgcp.project.apiGatewayService","title":"Google Cloud (GCP) API Gateway","desc":"Use this resource as the entry point for API Gateway in the project. It hosts the managed APIs (with their API configs) and the deployed `gateways` — exposing managed-service names, deployment state, and the hostnames clients use to reach backend services.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"apiKey":{"name":"apiKey","type":"\u001bgcp.project.apiKey","title":"Google Cloud (GCP) project API key","desc":"Examine an API key scoped to the project — its display name, annotations, creation and deletion timestamps, the encrypted key string, and the restrictions that limit which applications, IP addresses, or API targets may use it. The `restrictions` sub-resource exposes the `unrestricted` flag used by CIS benchmarks to detect keys that have no app, IP, or referrer restrictions configured.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"apiKeys":{"name":"apiKeys","type":"\u0019\u001bgcp.project.apiKey","title":"API keys","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"appEngine":{"name":"appEngine","type":"\u001bgcp.project.appEngineService","title":"GCP App Engine resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"appEngineService":{"name":"appEngineService","type":"\u001bgcp.project.appEngineService","title":"Google Cloud (GCP) App Engine","desc":"Use this resource as the entry point for App Engine in the project. It hosts the `application` (with its location, serving status, and identity settings) and the deployed `services` and their versions.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"artifactRegistry":{"name":"artifactRegistry","type":"\u001bgcp.project.artifactRegistryService","title":"GCP Artifact Registry resources","min_provider_version":"11.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"artifactRegistryService":{"name":"artifactRegistryService","type":"\u001bgcp.project.artifactRegistryService","title":"Google Cloud (GCP) Artifact Registry","desc":"Use this resource as the entry point for Artifact Registry in the project. It hosts the project's `repositories` — each exposing its format, mode, encryption configuration, cleanup policies, and IAM policy for container-image and package-storage audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"auditConfig":{"name":"auditConfig","type":"\u0019\u001bgcp.resourcemanager.auditConfig","title":"Audit logging configuration","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupdr":{"name":"backupdr","type":"\u001bgcp.project.backupdrService","title":"GCP Backup and DR resources","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupdrService":{"name":"backupdrService","type":"\u001bgcp.project.backupdrService","title":"Google Cloud (GCP) Backup and DR Service","desc":"Use this resource as the entry point for the Backup and DR Service in the project. It hosts the `managementServers`, the `backupVaults` that store immutable backups, and the `backupPlans` that schedule them — exposing retention and enforcement settings for data-protection audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"batch":{"name":"batch","type":"\u001bgcp.project.batchService","title":"GCP Batch resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"batchService":{"name":"batchService","type":"\u001bgcp.project.batchService","title":"Google Cloud (GCP) Batch","desc":"Use this resource as the entry point for Batch in the project. It hosts the project's `jobs` — each exposing its task groups, compute and network configuration, and execution state for managed batch-compute audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"bigquery":{"name":"bigquery","type":"\u001bgcp.project.bigqueryService","title":"GCP BigQuery resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"bigqueryService":{"name":"bigqueryService","type":"\u001bgcp.project.bigqueryService","title":"Google Cloud BigQuery service","desc":"Use this resource as the entry point for BigQuery in the project. It hosts the project's `datasets()` (with their tables, models, routines, access entries, and CMEK encryption), `connections()` to external data sources, and slot `reservations()` for capacity management audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"bigtable":{"name":"bigtable","type":"\u001bgcp.project.bigtableService","title":"GCP Bigtable resources","min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"bigtableService":{"name":"bigtableService","type":"\u001bgcp.project.bigtableService","title":"Google Cloud (GCP) Bigtable","desc":"Use this resource as the entry point for Bigtable in the project. It hosts the project's `instances` — each exposing its clusters, app profiles, storage type, and encryption configuration for wide-column database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"binaryAuthorization":{"name":"binaryAuthorization","type":"\u001bgcp.project.binaryAuthorizationControl","title":"Binary Authorization resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"binaryAuthorizationControl":{"name":"binaryAuthorizationControl","type":"\u001bgcp.project.binaryAuthorizationControl","title":"Google Cloud (GCP) Binary Authorization","desc":"Use this resource as the entry point for Binary Authorization in the project. It hosts the project's deployment `policy` — covering default and per-cluster admission rules, allowlist patterns, and global policy evaluation mode — and the list of trusted `attestors` whose signatures validate container images before deployment.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"certificateAuthority":{"name":"certificateAuthority","type":"\u001bgcp.project.certificateAuthorityService","title":"GCP Certificate Authority Service resources","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificateAuthorityService":{"name":"certificateAuthorityService","type":"\u001bgcp.project.certificateAuthorityService","title":"Google Cloud (GCP) Certificate Authority Service","desc":"Use this resource as the entry point for the Private CA Service in the project. It hosts the `caPools` and, through them, the certificate authorities and issued certificates — exposing tier, issuance policy, and publishing options. This models private CA infrastructure, distinct from the load-balancer-facing certs in `certificateManager`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"certificateManager":{"name":"certificateManager","type":"\u001bgcp.project.certificateManagerService","title":"GCP Certificate Manager resources","min_provider_version":"13.13.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificateManagerService":{"name":"certificateManagerService","type":"\u001bgcp.project.certificateManagerService","title":"Google Cloud (GCP) Certificate Manager","desc":"Use this resource as the entry point for the Certificate Manager service in the project. It hosts the load-balancer-facing TLS certificate surface: `certificates` (Google-managed and self-managed leaf certs), `certificateMaps` and their `certificateMapEntries` (the host→cert routing attached to GCLB target proxies), `dnsAuthorizations` (the DNS challenge records used to issue managed certs), `certificateIssuanceConfigs` (private-CA-backed issuance settings), and `trustConfigs` (mTLS trust anchors). Certificate Manager is distinct from `certificateAuthority` — that resource models the Private CA Service, while this one models the front-door certs Google's load balancers serve.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudBuild":{"name":"cloudBuild","type":"\u001bgcp.project.cloudBuildService","title":"GCP Cloud Build resources","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudBuildService":{"name":"cloudBuildService","type":"\u001bgcp.project.cloudBuildService","title":"Google Cloud (GCP) Cloud Build","desc":"Use this resource as the entry point for Cloud Build in the project. It hosts the build `triggers` (with their source repositories and build configuration) and the private `workerPools` that builds run on.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudDeploy":{"name":"cloudDeploy","type":"\u001bgcp.project.cloudDeployService","title":"GCP Cloud Deploy resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudDeployService":{"name":"cloudDeployService","type":"\u001bgcp.project.cloudDeployService","title":"Google Cloud (GCP) Cloud Deploy","desc":"Use this resource as the entry point for Cloud Deploy in the project. It hosts the `deliveryPipelines` (the promotion sequences for releases) and the `targets` they deploy to — exposing execution configuration and per-target settings for continuous-delivery audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudDomains":{"name":"cloudDomains","type":"\u001bgcp.project.cloudDomainsService","title":"GCP Cloud Domains resources","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudDomainsService":{"name":"cloudDomainsService","type":"\u001bgcp.project.cloudDomainsService","title":"Google Cloud Domains","desc":"Use this resource as the entry point for Cloud Domains in the project. It hosts the `registrations` — the domain names registered through Cloud Domains — and `enabled` reports whether the Cloud Domains API is turned on for the project.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudFunction":{"name":"cloudFunction","type":"\u001bgcp.project.cloudFunction","title":"Google Cloud (GCP) Cloud Function (1st gen)","desc":"Examine a first-generation Cloud Function deployed to a project. Covers the trigger configuration (HTTP or event), runtime, service account, networking (VPC connector, ingress and egress settings), memory and timeout limits, environment variables, secret bindings, KMS encryption key, and build settings including the Artifact Registry repository and custom worker pool.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudFunctionV2":{"name":"cloudFunctionV2","type":"\u001bgcp.project.cloudFunctionV2","title":"Google Cloud (GCP) Cloud Function (v2 / 2nd gen)","desc":"Examine a second-generation Cloud Function backed by Cloud Run. Covers function state and environment generation (GEN_1, GEN_2), the deployed HTTPS URL, KMS encryption key, build configuration (runtime, entry point, Artifact Registry repository, worker pool), service configuration (scaling limits, VPC connector, ingress settings, service account, secret bindings), and the Eventarc event trigger.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudFunctions":{"name":"cloudFunctions","type":"\u0019\u001bgcp.project.cloudFunction","title":"GCP Cloud Functions (v1)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudFunctionsV2":{"name":"cloudFunctionsV2","type":"\u0019\u001bgcp.project.cloudFunctionV2","title":"GCP Cloud Functions (v2 / 2nd gen)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudRun":{"name":"cloudRun","type":"\u001bgcp.project.cloudRunService","title":"GCP Cloud Run resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudRunService":{"name":"cloudRunService","type":"\u001bgcp.project.cloudRunService","title":"Google Cloud (GCP) Cloud Run","desc":"Use this resource as the entry point for Cloud Run in the project. It hosts the deployed `services` and `jobs` — each exposing its container image, revision configuration, ingress and IAM settings, and execution environment — along with the `operations` history and the `regions` where Cloud Run resources can run.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudScheduler":{"name":"cloudScheduler","type":"\u001bgcp.project.cloudSchedulerService","title":"GCP Cloud Scheduler resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudSchedulerService":{"name":"cloudSchedulerService","type":"\u001bgcp.project.cloudSchedulerService","title":"Google Cloud (GCP) Cloud Scheduler","desc":"Use this resource as the entry point for Cloud Scheduler in the project. It hosts the project's `jobs` — each exposing its cron schedule, target (HTTP, Pub/Sub, or App Engine), retry configuration, and last-run state.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cloudTasks":{"name":"cloudTasks","type":"\u001bgcp.project.cloudTasksService","title":"GCP Cloud Tasks resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudTasksService":{"name":"cloudTasksService","type":"\u001bgcp.project.cloudTasksService","title":"Google Cloud (GCP) Cloud Tasks","desc":"Use this resource as the entry point for Cloud Tasks in the project. It hosts the project's `queues` — each exposing its rate limits, retry configuration, and processing state for task-queue audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"commonInstanceMetadata":{"name":"commonInstanceMetadata","type":"\u001a\u0007\u0007","title":"Common instance metadata for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"composer":{"name":"composer","type":"\u001bgcp.project.composerService","title":"GCP Cloud Composer resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"composerService":{"name":"composerService","type":"\u001bgcp.project.composerService","title":"Google Cloud (GCP) Cloud Composer","desc":"Use this resource as the entry point for Cloud Composer in the project. It hosts the managed Apache Airflow `environments` — each exposing its lifecycle state, image version, labels, and environment configuration covering node config, software config, encryption, and web server access control.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"compute":{"name":"compute","type":"\u001bgcp.project.computeService","title":"GCP Compute resources for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"computeService":{"name":"computeService","type":"\u001bgcp.project.computeService","title":"Google Cloud (GCP) Compute Engine","desc":"Use this resource as the entry point for Compute Engine in the project. It hosts the compute surface (`instances`, `disks`, `snapshots`, `images`, `instanceTemplates`, `instanceGroups`, `instanceGroupManagers`, `machineTypes`, `storagePools`), the VPC networking layer (`networks`, `subnetworks`, `routers`, `routes`, `firewalls`, `firewallPolicies`, `addresses`), load balancing (`backendServices`, `backendBuckets`, `urlMaps`, the `target*Proxies`, `forwardingRules`, `healthChecks`, `targetPools`, `networkEndpointGroups`), hybrid connectivity (`vpnGateways`, `vpnTunnels`, `externalVpnGateways`, `interconnects`, `interconnectAttachments`), and security controls (`securityPolicies` for Cloud Armor, `sslPolicies`, `sslCertificates`, `packetMirrorings`). `hasDefaultNetwork` audits whether the auto-created `default` VPC network still exists.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"containerAnalysis":{"name":"containerAnalysis","type":"\u001bgcp.project.containerAnalysisService","title":"GCP Container Analysis resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"containerAnalysisService":{"name":"containerAnalysisService","type":"\u001bgcp.project.containerAnalysisService","title":"Google Cloud (GCP) Container Analysis","desc":"Use this resource as the entry point for Container Analysis in the project. It hosts the vulnerability `occurrences` — the scan findings attached to container images for software-supply-chain audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"createTime":{"name":"createTime","type":"\t","title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataAccessLoggingEnabled":{"name":"dataAccessLoggingEnabled","type":"\u0004","title":"Whether DATA_READ and DATA_WRITE audit logging is enabled for allServices with no exempted members (CIS 2.1)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataflow":{"name":"dataflow","type":"\u001bgcp.project.dataflowService","title":"GCP Dataflow resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataflowService":{"name":"dataflowService","type":"\u001bgcp.project.dataflowService","title":"Google Cloud (GCP) Dataflow","desc":"Use this resource as the entry point for Dataflow in the project. It hosts the project's `jobs` — each exposing its pipeline type, current state, environment configuration, and worker settings for stream and batch processing audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dataplex":{"name":"dataplex","type":"\u001bgcp.project.dataplexService","title":"GCP Dataplex resources","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataplexService":{"name":"dataplexService","type":"\u001bgcp.project.dataplexService","title":"Google Cloud Dataplex","desc":"Use this resource as the entry point for Dataplex in the project. It hosts the data-management hierarchy: `lakes` group data across storage systems into zones, and from each lake you can drill into its zones and the Cloud Storage buckets and BigQuery datasets they govern. `enabled` reports whether the Dataplex API is turned on for the project.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dataproc":{"name":"dataproc","type":"\u001bgcp.project.dataprocService","title":"GCP Dataproc resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataprocService":{"name":"dataprocService","type":"\u001bgcp.project.dataprocService","title":"Google Cloud (GCP) Dataproc","desc":"Use this resource as the entry point for Dataproc in the project. It hosts the managed Spark and Hadoop surface: `clusters`, submitted `jobs`, and the `autoscalingPolicies` that govern cluster scaling. `regions` lists where Dataproc resources can be created and `enabled` reports whether the service is turned on.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"datastream":{"name":"datastream","type":"\u001bgcp.project.datastreamService","title":"GCP Datastream resources","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datastreamService":{"name":"datastreamService","type":"\u001bgcp.project.datastreamService","title":"Google Cloud (GCP) Datastream","desc":"Use this resource as the entry point for Datastream in the project. It hosts the change-data-capture surface: `streams`, the source and destination `connectionProfiles` they use, and the `privateConnections` that provide private network connectivity.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"deleteTime":{"name":"deleteTime","type":"\t","title":"Timestamp when deletion was requested","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dlp":{"name":"dlp","type":"\u001bgcp.project.dlpService","title":"GCP Cloud DLP resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dlpService":{"name":"dlpService","type":"\u001bgcp.project.dlpService","title":"Google Cloud (GCP) Sensitive Data Protection (Cloud DLP)","desc":"Use this resource as the entry point for Sensitive Data Protection in the project. It hosts the configuration surface (`inspectTemplates`, `deidentifyTemplates`, `storedInfoTypes`, `jobTriggers`, `discoveryConfigs`, `connections`), the `dlpJobs` that run inspection and risk-analysis scans, and the data sensitivity profiles produced by discovery — `projectDataProfiles`, `tableDataProfiles`, `columnDataProfiles`, and `fileStoreDataProfiles`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dns":{"name":"dns","type":"\u001bgcp.project.dnsService","title":"GCP Cloud DNS","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsService":{"name":"dnsService","type":"\u001bgcp.project.dnsService","title":"Google Cloud (GCP) Cloud DNS","desc":"Use this resource as the entry point for Cloud DNS in the project. It hosts the `managedZones` (public and private DNS zones, including their DNSSEC state and record sets) and the `policies` that govern inbound and outbound DNS resolution for the project's VPC networks.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"essentialContacts":{"name":"essentialContacts","type":"\u0019\u001bgcp.essentialContact","title":"GCP contacts for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventarc":{"name":"eventarc","type":"\u001bgcp.project.eventarcService","title":"GCP Eventarc resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventarcService":{"name":"eventarcService","type":"\u001bgcp.project.eventarcService","title":"Google Cloud (GCP) Eventarc","desc":"Use this resource as the entry point for Eventarc in the project. It hosts the `triggers` that route events to destinations and the `channels` that deliver events from third-party and custom sources.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"filestore":{"name":"filestore","type":"\u001bgcp.project.filestoreService","title":"GCP Cloud Filestore resources","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filestoreService":{"name":"filestoreService","type":"\u001bgcp.project.filestoreService","title":"Google Cloud (GCP) Filestore","desc":"Use this resource as the entry point for Filestore in the project. It hosts the project's `instances` — each exposing its service tier, file shares, network configuration, and capacity for managed NFS audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firestore":{"name":"firestore","type":"\u001bgcp.project.firestoreService","title":"GCP Firestore resources","min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firestoreService":{"name":"firestoreService","type":"\u001bgcp.project.firestoreService","title":"Google Cloud (GCP) Firestore","desc":"Use this resource as the entry point for Firestore in the project. It hosts the project's `databases` — each exposing its database type (Native or Datastore mode), location, concurrency mode, point-in-time recovery setting, and delete-protection state.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"gke":{"name":"gke","type":"\u001bgcp.project.gkeService","title":"GCP GKE resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gkeBackup":{"name":"gkeBackup","type":"\u001bgcp.project.gkeBackupService","title":"GCP GKE Backup resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gkeBackupService":{"name":"gkeBackupService","type":"\u001bgcp.project.gkeBackupService","title":"Google Cloud (GCP) Backup for GKE","desc":"Use this resource as the entry point for Backup for GKE in the project. It hosts the `backupPlans` that schedule cluster backups and the `restorePlans` that govern how those backups are restored.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"gkeService":{"name":"gkeService","type":"\u001bgcp.project.gkeService","title":"Google Kubernetes Engine (GKE)","desc":"Use this resource as the entry point for GKE in the project. It hosts the project's `clusters` — each exposing its node pools, network and control-plane configuration, workload identity, binary authorization, release channel, and security posture for Kubernetes audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"hasPublicIamBinding":{"name":"hasPublicIamBinding","type":"\u0004","title":"Whether the project's IAM policy grants any role to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthcare":{"name":"healthcare","type":"\u001bgcp.project.healthcareService","title":"GCP Cloud Healthcare resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthcareService":{"name":"healthcareService","type":"\u001bgcp.project.healthcareService","title":"Google Cloud (GCP) Cloud Healthcare API","desc":"Use this resource as the entry point for the Cloud Healthcare API in the project. It hosts the `datasets` and, through them, the DICOM, FHIR, and HL7v2 stores — exposing encryption configuration, time zone, and notification settings for healthcare-data audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"iam":{"name":"iam","type":"\u001bgcp.project.iamService","title":"GCP IAM resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamService":{"name":"iamService","type":"\u001bgcp.project.iamService","title":"Google Cloud (GCP) Identity and Access Management (IAM)","desc":"Use this resource to enumerate the project's IAM building blocks: the `serviceAccounts` and their service-account keys, custom `roles` defined in the project, and the Workload Identity Federation pools (and their external providers) reachable through `workloadIdentityPools`. This is the entry point for IAM audits — service-account-key sprawl, key rotation, custom role permission scope, and external federation trust anchors all hang off of here.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"iap":{"name":"iap","type":"\u001bgcp.project.iapService","title":"GCP Identity-Aware Proxy resources","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iapService":{"name":"iapService","type":"\u001bgcp.project.iapService","title":"Google Cloud (GCP) Identity-Aware Proxy (IAP)","desc":"Use this resource as the entry point for Identity-Aware Proxy in the project. It hosts the OAuth `brands` (and their OAuth clients) and the `tunnelDestGroups` that scope TCP forwarding for access-control audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique, user-assigned ID of the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ids":{"name":"ids","type":"\u001bgcp.project.idsService","title":"GCP Cloud IDS resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"idsService":{"name":"idsService","type":"\u001bgcp.project.idsService","title":"Google Cloud (GCP) Cloud IDS","desc":"Use this resource as the entry point for Cloud IDS in the project. It hosts the IDS `endpoints` — each exposing its severity threshold, inspected network, traffic-logging setting, and operational state for intrusion-detection audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"kms":{"name":"kms","type":"\u001bgcp.project.kmsService","title":"KMS-related resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsService":{"name":"kmsService","type":"\u001bgcp.project.kmsService","title":"Google Cloud (GCP) Cloud Key Management Service (KMS)","desc":"Use this resource as the entry point for Cloud KMS in the project. It hosts the `keyrings` and, through them, the crypto keys and key versions used for encryption — exposing rotation schedule, protection level, and IAM policy. `locations` lists the regions where key material can be created, and `retiredResources` surfaces deleted KMS resources.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"labels":{"name":"labels","type":"\u001a\u0007\u0007","title":"Labels associated with this project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lien":{"name":"lien","type":"\u001bgcp.project.lien","title":"Google Cloud (GCP) Resource Manager lien","desc":"Examine the encumbrances that block destructive operations on a project. A lien names the operations it blocks through `restrictions` (e.g. `resourcemanager.projects.delete`), the system that created it via `origin`, and a human-readable `reason`. Liens are deletion-protection controls — a project with a `resourcemanager.projects.delete` lien cannot be deleted until the lien is removed. Liens are selected by their system-generated `name` (e.g. `liens/1234abcd`).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"liens":{"name":"liens","type":"\u0019\u001bgcp.project.lien","title":"Resource Manager liens that block deletion or other operations on the project","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logging":{"name":"logging","type":"\u001bgcp.project.loggingservice","title":"Logging resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingservice":{"name":"loggingservice","type":"\u001bgcp.project.loggingservice","title":"Google Cloud (GCP) Cloud Logging","desc":"Use this resource as the entry point for Cloud Logging in the project. It hosts `buckets` (log storage with retention and CMEK settings), `metrics` (log-based metrics for alerting on security events), `sinks` (export configurations to Cloud Storage, BigQuery, or Pub/Sub), and `exclusions` (filters that drop matching log entries before ingestion). Together these are the primary surface for CIS logging benchmark controls.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"memcache":{"name":"memcache","type":"\u001bgcp.project.memcacheService","title":"GCP Memorystore for Memcached resources","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memcacheService":{"name":"memcacheService","type":"\u001bgcp.project.memcacheService","title":"Google Cloud (GCP) Memorystore for Memcached","desc":"Use this resource as the entry point for Memorystore for Memcached in the project. It hosts the project's `instances` — each exposing its node configuration, authorized network, memcached parameters, and maintenance settings for cache-tier audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"memorystore":{"name":"memorystore","type":"\u001bgcp.project.memorystoreService","title":"GCP Memorystore (unified Valkey/Redis) resources","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memorystoreService":{"name":"memorystoreService","type":"\u001bgcp.project.memorystoreService","title":"Google Cloud (GCP) Memorystore","desc":"Use this resource as the entry point for the unified Memorystore service (Valkey and Redis) in the project. It hosts the project's `instances` and the `backupCollections` that retain their backups — exposing node configuration, persistence, and encryption settings for cache-tier audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"modelArmor":{"name":"modelArmor","type":"\u001bgcp.project.modelArmorService","title":"GCP Model Armor resources","min_provider_version":"13.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modelArmorService":{"name":"modelArmorService","type":"\u001bgcp.project.modelArmorService","title":"Google Cloud (GCP) Model Armor","desc":"Use this resource as the entry point for Model Armor in the project. It hosts the safety-filter `templates` and the project `floorSetting` — the minimum AI safety configuration enforced across prompts and responses.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"monitoring":{"name":"monitoring","type":"\u001bgcp.project.monitoringService","title":"Monitoring resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"monitoringService":{"name":"monitoringService","type":"\u001bgcp.project.monitoringService","title":"Google Cloud (GCP) Cloud Monitoring","desc":"Use this resource as the entry point for Cloud Monitoring in the project. It hosts the observability surface: `alertPolicies`, `uptimeCheckConfigs`, `notificationChannels`, resource `groups`, `dashboards`, and the monitored `services` used for SLO tracking.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"name":{"name":"name","type":"\u0007","title":"Unique resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkSecurity":{"name":"networkSecurity","type":"\u001bgcp.project.networkSecurityService","title":"GCP Network Security resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkSecurityService":{"name":"networkSecurityService","type":"\u001bgcp.project.networkSecurityService","title":"Network Security service for a project","desc":"Use this resource to reach Google Cloud Network Security resources for a project: service-mesh `authorizationPolicies`, the `serverTlsPolicies` and `clientTlsPolicies` that govern TLS behavior, the `tlsInspectionPolicies` used to decrypt and inspect traffic, the `addressGroups` referenced by firewall policy rules, and the `urlLists` used for URL-based filtering.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"notebooks":{"name":"notebooks","type":"\u001bgcp.project.notebooksService","title":"GCP legacy Notebooks resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"notebooksService":{"name":"notebooksService","type":"\u001bgcp.project.notebooksService","title":"Google Cloud (GCP) Notebooks","desc":"Use this resource as the entry point for the legacy Notebooks service in the project. It hosts the user-managed notebook `instances` — each exposing its machine configuration, network settings, and public-IP exposure. New deployments should use `workbench` instead.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"number":{"name":"number","type":"\u0007","title":"Project number","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"orgPolicies":{"name":"orgPolicies","type":"\u0019\u001bgcp.orgPolicy","title":"Organization policies","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"orgPolicyConstraints":{"name":"orgPolicyConstraints","type":"\u0019\u001bgcp.orgPolicy.constraint","title":"Available organization policy constraints","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osConfig":{"name":"osConfig","type":"\u001bgcp.project.osConfigService","title":"GCP VM Manager (OS Config) resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osConfigService":{"name":"osConfigService","type":"\u001bgcp.project.osConfigService","title":"VM Manager (OS Config) service for a project","desc":"Use this resource to reach Google Cloud VM Manager resources for a project: `patchDeployments` lists scheduled OS patch rollouts and `osPolicyAssignments` lists the OS policy assignments applied to instances across every zone. Per-instance patch and vulnerability state is exposed on `gcp.project.computeService.instance` through its `inventory` and `vulnerabilityReport` fields.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"parentId":{"name":"parentId","type":"\u0007","title":"Parent ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"primitiveRoleBindings":{"name":"primitiveRoleBindings","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM bindings using primitive roles (roles/owner, roles/editor, roles/viewer); CIS recommends using predefined or custom roles instead","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsub":{"name":"pubsub","type":"\u001bgcp.project.pubsubService","title":"GCP pub/sub-related resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsubService":{"name":"pubsubService","type":"\u001bgcp.project.pubsubService","title":"Google Cloud (GCP) Pub/Sub","desc":"Use this resource as the entry point for Pub/Sub in the project. It hosts the messaging surface: `topics` and their `subscriptions`, point-in-time `snapshots`, and the `schemas` that validate message payloads — each exposing IAM policy, encryption, and retention settings.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"recommendations":{"name":"recommendations","type":"\u0019\u001bgcp.recommendation","title":"List of recommendations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"redis":{"name":"redis","type":"\u001bgcp.project.redisService","title":"GCP Redis resources","min_provider_version":"11.0.79","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"redisService":{"name":"redisService","type":"\u001bgcp.project.redisService","title":"Google Cloud (GCP) Memorystore for Redis","desc":"Use this resource as the entry point for Memorystore for Redis in the project. It hosts the managed-Redis `instances` and the newer `clusters` (sharded Memorystore for Redis Cluster deployments) — each exposing auth mode, transit encryption, authorized network, and maintenance settings for cache-tier audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sccFindings":{"name":"sccFindings","type":"\u0019\u001bgcp.scc.finding","title":"Security Command Center findings for this project (active findings only)","min_provider_version":"13.3.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secretmanager":{"name":"secretmanager","type":"\u001bgcp.project.secretmanagerService","title":"GCP Secret Manager resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secretmanagerService":{"name":"secretmanagerService","type":"\u001bgcp.project.secretmanagerService","title":"Google Cloud (GCP) Secret Manager","desc":"Use this resource as the entry point for Secret Manager in the project. It hosts the project's `secrets` — each exposing its replication policy, rotation schedule, expiration, version state, and IAM policy for secret-management audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"services":{"name":"services","type":"\u0019\u001bgcp.service","title":"List of available and enabled services for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceRepositories":{"name":"sourceRepositories","type":"\u001bgcp.project.sourceRepositoriesService","title":"GCP Cloud Source Repositories resources","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceRepositoriesService":{"name":"sourceRepositoriesService","type":"\u001bgcp.project.sourceRepositoriesService","title":"Google Cloud (GCP) Cloud Source Repositories","desc":"Use this resource as the entry point for Cloud Source Repositories in the project. It hosts the project's `repos` — each exposing its size, mirror configuration, and IAM policy for source-control audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"spanner":{"name":"spanner","type":"\u001bgcp.project.spannerService","title":"GCP Spanner resources","min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"spannerService":{"name":"spannerService","type":"\u001bgcp.project.spannerService","title":"Google Cloud (GCP) Spanner","desc":"Use this resource as the entry point for Spanner in the project. It hosts the project's `instances` (with their databases and backups) and the available `instanceConfigs` that determine regional and multi-region placement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sql":{"name":"sql","type":"\u001bgcp.project.sqlService","title":"GCP Cloud SQL resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sqlService":{"name":"sqlService","type":"\u001bgcp.project.sqlService","title":"Google Cloud (GCP) Cloud SQL","desc":"Use this resource as the entry point for Cloud SQL in the project. It hosts the managed-database `instances` — each exposing its database engine and version, connection settings, automated backup configuration, SSL/TLS enforcement, authorized networks, and database flags for relational-database audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"state":{"name":"state","type":"\u0007","title":"Project lifecycle state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storage":{"name":"storage","type":"\u001bgcp.project.storageService","title":"GCP Storage resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageService":{"name":"storageService","type":"\u001bgcp.project.storageService","title":"Google Cloud (GCP) Cloud Storage","desc":"Use this resource as the entry point for Cloud Storage in the project. It hosts the project's `buckets`, each exposing its IAM policy, uniform bucket-level access setting, public-access prevention, retention and versioning policies, default encryption key, and lifecycle rules for object-storage audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"tagBinding":{"name":"tagBinding","type":"\u001bgcp.project.tagBinding","title":"Google Cloud (GCP) Resource Manager tag binding","desc":"Examine the connection between a tag value and the project. A tag binding applies a `tagValue` to the bound resource and all of its descendants, and tags drive conditional IAM and organization-policy enforcement. The `tagValueNamespacedName` gives the human-readable key/value path and `resource` identifies the bound resource. Tag bindings are selected by their `name`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"tagBindings":{"name":"tagBindings","type":"\u0019\u001bgcp.project.tagBinding","title":"Resource Manager tag bindings attached to the project","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vertexai":{"name":"vertexai","type":"\u001bgcp.project.vertexaiService","title":"GCP Vertex AI resources","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vertexaiService":{"name":"vertexaiService","type":"\u001bgcp.project.vertexaiService","title":"Google Cloud (GCP) Vertex AI","desc":"Use this resource as the entry point for Vertex AI in the project. It hosts the machine-learning surface: `models`, `endpoints`, `datasets`, `customJobs`, `pipelineJobs`, `featureOnlineStores`, `tensorboards`, `metadataStores`, and the vector-search `indexes` and `indexEndpoints`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"workbench":{"name":"workbench","type":"\u001bgcp.project.workbenchService","title":"GCP Vertex AI Workbench resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workbenchService":{"name":"workbenchService","type":"\u001bgcp.project.workbenchService","title":"Google Cloud (GCP) Vertex AI Workbench","desc":"Use this resource as the entry point for Vertex AI Workbench in the project. It hosts the managed notebook `instances` — each exposing its machine configuration, network and access settings, health state, and public-IP exposure for data-science environment audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"workflows":{"name":"workflows","type":"\u001bgcp.project.workflowsService","title":"GCP Workflows resources","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workflowsService":{"name":"workflowsService","type":"\u001bgcp.project.workflowsService","title":"Google Cloud Workflows","desc":"Use this resource as the entry point for Workflows in the project. It hosts the `workflows` — serverless orchestrations that chain together services and APIs — and `enabled` reports whether the Workflows API is turned on for the project.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"workstations":{"name":"workstations","type":"\u001bgcp.project.workstationsService","title":"GCP Cloud Workstations resources","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workstationsService":{"name":"workstationsService","type":"\u001bgcp.project.workstationsService","title":"Google Cloud (GCP) Cloud Workstations","desc":"Use this resource as the entry point for Cloud Workstations in the project. It hosts the workstation `clusters` — each exposing its network configuration, private-cluster settings, and degraded state for managed-development-environment audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud project","desc":"Examine a Google Cloud project — the resource container that owns every Compute, Storage, IAM, GKE, BigQuery, Cloud SQL, and other service-specific deployment in the account. Surfaces the project ID and number, lifecycle state, labels, parent organization or folder, the IAM policy and audit-log configuration (with the `hasPublicIamBinding`, `primitiveRoleBindings`, and `dataAccessLoggingEnabled` predicates that drive CIS controls 1.x and 2.1), enabled `services()`, recommendations, the project's `essentialContacts` and `apiKeys`, and the access-approval settings. Service-specific entry points hang off the project as accessor methods — `compute()`, `gke()`, `storage()`, `sql()`, `dns()`, `bigquery()`, `iam()`, `kms()`, `pubsub()`, `cloudFunctions()`, `cloudRun()`, `dataproc()`, `dataflow()`, `firestore()`, `spanner()`, `bigtable()`, `alloydb()`, `redis()`, `secretmanager()`, `binaryAuthorization()`, `monitoring()`, `logging()`, and many others — letting you traverse from a single project into every modeled service it uses.","min_provider_version":"9.0.0","defaults":"name number","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.alloydbService":{"id":"gcp.project.alloydbService","name":"gcp.project.alloydbService","fields":{"backup":{"name":"backup","type":"\u001bgcp.project.alloydbService.backup","title":"Google Cloud (GCP) AlloyDB backup","desc":"Examine an AlloyDB backup created from a source cluster. Query its `type` (manual or automated), `state`, `databaseVersion`, size in bytes, encryption configuration, and expiry time. `expiryQuantity` describes count-based retention when the backup was created under a quantitative retention policy.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cluster":{"name":"cluster","type":"\u001bgcp.project.alloydbService.cluster","title":"Google Cloud (GCP) AlloyDB cluster","desc":"Examine an AlloyDB for PostgreSQL cluster — the top-level container for a highly available PostgreSQL-compatible database. Query its `clusterType` (`PRIMARY` or `SECONDARY`), `databaseVersion`, `state`, network configuration, encryption configuration (CMEK via `kmsKey`), automated and continuous backup policies, SSL configuration, and maintenance schedule. Drill into `instances` for primary and read-pool instance details, `backups` for restore-point review, and `users` for database user audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"clusters":{"name":"clusters","type":"\u0019\u001bgcp.project.alloydbService.cluster","title":"List of AlloyDB clusters in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcp.project.alloydbService.instance","title":"Google Cloud (GCP) AlloyDB instance","desc":"Examine an AlloyDB instance within a cluster — either a primary read-write instance, a read-pool instance, or a secondary instance. Query its `instanceType`, `availabilityType` (`ZONAL` or `REGIONAL`), `machineConfig`, IP addresses, database flags, query insights configuration, client connection configuration, and Private Service Connect settings. `activationPolicy` controls whether the instance is always running or stopped.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) AlloyDB for PostgreSQL","desc":"Use this resource as the entry point for AlloyDB in the project. It hosts the project's `clusters` — each exposing its primary and read-pool instances, automated backup policy, encryption configuration, and network settings for PostgreSQL-compatible database audits.","private":true,"min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.alloydbService.backup":{"id":"gcp.project.alloydbService.backup","name":"gcp.project.alloydbService.backup","fields":{"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Source cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseVersion":{"name":"databaseVersion","type":"\u0007","is_mandatory":true,"title":"Database version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionConfig":{"name":"encryptionConfig","type":"\n","is_mandatory":true,"title":"Encryption configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionInfo":{"name":"encryptionInfo","type":"\n","is_mandatory":true,"title":"Encryption information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expiryQuantity":{"name":"expiryQuantity","type":"\n","is_mandatory":true,"title":"Expiry quantity configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expiryTime":{"name":"expiryTime","type":"\t","is_mandatory":true,"title":"Expiry time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels for the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconciling":{"name":"reconciling","type":"\u0004","is_mandatory":true,"title":"Whether the backup is in a reconciling state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sizeBytes":{"name":"sizeBytes","type":"\u0005","is_mandatory":true,"title":"Size of the backup in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Backup type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"UID of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) AlloyDB backup","desc":"Examine an AlloyDB backup created from a source cluster. Query its `type` (manual or automated), `state`, `databaseVersion`, size in bytes, encryption configuration, and expiry time. `expiryQuantity` describes count-based retention when the backup was created under a quantitative retention policy.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.alloydbService.cluster":{"id":"gcp.project.alloydbService.cluster","name":"gcp.project.alloydbService.cluster","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Annotations for the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"automatedBackupPolicy":{"name":"automatedBackupPolicy","type":"\n","is_mandatory":true,"title":"Automated backup policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backups":{"name":"backups","type":"\u0019\u001bgcp.project.alloydbService.backup","title":"List of backups for this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterType":{"name":"clusterType","type":"\u0007","is_mandatory":true,"title":"Cluster type (PRIMARY or SECONDARY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"continuousBackupConfig":{"name":"continuousBackupConfig","type":"\n","is_mandatory":true,"title":"Continuous backup configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"continuousBackupInfo":{"name":"continuousBackupInfo","type":"\n","is_mandatory":true,"title":"Continuous backup information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseVersion":{"name":"databaseVersion","type":"\u0007","is_mandatory":true,"title":"Database version (PostgreSQL engine version)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionConfig":{"name":"encryptionConfig","type":"\n","is_mandatory":true,"title":"Encryption configuration (CMEK)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionInfo":{"name":"encryptionInfo","type":"\n","is_mandatory":true,"title":"Encryption information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.alloydbService.instance","title":"List of instances in this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used for cluster encryption (null when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels for the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceSchedule":{"name":"maintenanceSchedule","type":"\n","is_mandatory":true,"title":"Maintenance schedule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceUpdatePolicy":{"name":"maintenanceUpdatePolicy","type":"\n","is_mandatory":true,"title":"Maintenance update policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkConfig":{"name":"networkConfig","type":"\n","is_mandatory":true,"title":"Network configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"primaryConfig":{"name":"primaryConfig","type":"\n","is_mandatory":true,"title":"Primary cluster configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscEnabled":{"name":"pscEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Private Service Connect is enabled on the cluster","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconciling":{"name":"reconciling","type":"\u0004","is_mandatory":true,"title":"Whether the cluster is in a reconciling state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secondaryConfig":{"name":"secondaryConfig","type":"\n","is_mandatory":true,"title":"Secondary cluster configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslConfig":{"name":"sslConfig","type":"\n","is_mandatory":true,"title":"SSL configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"UID of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"user":{"name":"user","type":"\u001bgcp.project.alloydbService.cluster.user","title":"Google Cloud (GCP) AlloyDB cluster user","desc":"Examine a database user defined on an AlloyDB cluster. Query the `userType` (`ALLOYDB_BUILT_IN` for password-authenticated users or `ALLOYDB_IAM_USER` for IAM-authenticated users) and the PostgreSQL database role memberships granted to the user.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"users":{"name":"users","type":"\u0019\u001bgcp.project.alloydbService.cluster.user","title":"Database users defined on the cluster (built-in or AlloyDB IAM users)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) AlloyDB cluster","desc":"Examine an AlloyDB for PostgreSQL cluster — the top-level container for a highly available PostgreSQL-compatible database. Query its `clusterType` (`PRIMARY` or `SECONDARY`), `databaseVersion`, `state`, network configuration, encryption configuration (CMEK via `kmsKey`), automated and continuous backup policies, SSL configuration, and maintenance schedule. Drill into `instances` for primary and read-pool instance details, `backups` for restore-point review, and `users` for database user audits.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.alloydbService.cluster.user":{"id":"gcp.project.alloydbService.cluster.user","name":"gcp.project.alloydbService.cluster.user","fields":{"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Source cluster resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseRoles":{"name":"databaseRoles","type":"\u0019\u0007","is_mandatory":true,"title":"PostgreSQL database role memberships granted to this user","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the user (projects/.../clusters/.../users/{name})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userType":{"name":"userType","type":"\u0007","is_mandatory":true,"title":"User type (\"ALLOYDB_BUILT_IN\" or \"ALLOYDB_IAM_USER\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) AlloyDB cluster user","desc":"Examine a database user defined on an AlloyDB cluster. Query the `userType` (`ALLOYDB_BUILT_IN` for password-authenticated users or `ALLOYDB_IAM_USER` for IAM-authenticated users) and the PostgreSQL database role memberships granted to the user.","private":true,"min_provider_version":"13.12.2","defaults":"name userType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.alloydbService.instance":{"id":"gcp.project.alloydbService.instance","name":"gcp.project.alloydbService.instance","fields":{"activationPolicy":{"name":"activationPolicy","type":"\u0007","is_mandatory":true,"title":"Policy that controls whether the instance is up and running (ALWAYS, NEVER)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"availabilityType":{"name":"availabilityType","type":"\u0007","is_mandatory":true,"title":"Availability type (ZONAL or REGIONAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clientConnectionConfig":{"name":"clientConnectionConfig","type":"\n","is_mandatory":true,"title":"Client connection configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionPoolConfig":{"name":"connectionPoolConfig","type":"\n","is_mandatory":true,"title":"Managed connection pool configuration for the instance","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseFlags":{"name":"databaseFlags","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Database flags","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enablePublicIp":{"name":"enablePublicIp","type":"\u0004","is_mandatory":true,"title":"Whether the instance has a public IP endpoint enabled","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gceZone":{"name":"gceZone","type":"\u0007","is_mandatory":true,"title":"GCE zone of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceType":{"name":"instanceType","type":"\u0007","is_mandatory":true,"title":"Instance type (PRIMARY, READ_POOL, or SECONDARY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipAddress":{"name":"ipAddress","type":"\u0007","is_mandatory":true,"title":"IP address of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineConfig":{"name":"machineConfig","type":"\n","is_mandatory":true,"title":"Machine configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkConfig":{"name":"networkConfig","type":"\n","is_mandatory":true,"title":"Network configuration, including the public-IP setting and the list of authorized external networks permitted to reach the public endpoint","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodes":{"name":"nodes","type":"\u0019\n","is_mandatory":true,"title":"List of available nodes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"outboundPublicIpAddresses":{"name":"outboundPublicIpAddresses","type":"\u0019\u0007","is_mandatory":true,"title":"Outbound public IP addresses assigned to the instance for egress to the internet","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscInstanceConfig":{"name":"pscInstanceConfig","type":"\n","is_mandatory":true,"title":"Private Service Connect instance configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicIpAddress":{"name":"publicIpAddress","type":"\u0007","is_mandatory":true,"title":"Public IP address of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"queryInsightsConfig":{"name":"queryInsightsConfig","type":"\n","is_mandatory":true,"title":"Query insights configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"readPoolConfig":{"name":"readPoolConfig","type":"\n","is_mandatory":true,"title":"Read pool configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconciling":{"name":"reconciling","type":"\u0004","is_mandatory":true,"title":"Whether the instance is in a reconciling state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"UID of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"writableNode":{"name":"writableNode","type":"\n","is_mandatory":true,"title":"Writable node information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) AlloyDB instance","desc":"Examine an AlloyDB instance within a cluster — either a primary read-write instance, a read-pool instance, or a secondary instance. Query its `instanceType`, `availabilityType` (`ZONAL` or `REGIONAL`), `machineConfig`, IP addresses, database flags, query insights configuration, client connection configuration, and Private Service Connect settings. `activationPolicy` controls whether the instance is always running or stopped.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.apiGatewayService":{"id":"gcp.project.apiGatewayService","name":"gcp.project.apiGatewayService","fields":{"api":{"name":"api","type":"\u001bgcp.project.apiGatewayService.api","title":"Google Cloud (GCP) API Gateway API","desc":"Examine a managed API Gateway API: its lifecycle state (CREATING, ACTIVE, FAILED, DELETING, UPDATING), the name of the Google-managed service backing it, resource labels, creation and update timestamps, and the API configurations deployed under this API.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"apiConfig":{"name":"apiConfig","type":"\u001bgcp.project.apiGatewayService.apiConfig","title":"Google Cloud (GCP) API Gateway API config","desc":"Examine an API Gateway API configuration: its lifecycle state (CREATING, ACTIVE, FAILED, DELETING, UPDATING, ACTIVATING), the associated service config ID, the IAM service account used by gateways to authenticate to backend services, OpenAPI specification documents, resource labels, and creation and update timestamps.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"apis":{"name":"apis","type":"\u0019\u001bgcp.project.apiGatewayService.api","title":"List of API Gateway APIs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gateway":{"name":"gateway","type":"\u001bgcp.project.apiGatewayService.gateway","title":"Google Cloud (GCP) API Gateway gateway","desc":"Examine an API Gateway deployment: its lifecycle state (CREATING, ACTIVE, FAILED, DELETING, UPDATING), the API config it serves, the default hostname clients use to reach backend services, resource labels, and creation and update timestamps.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"gateways":{"name":"gateways","type":"\u0019\u001bgcp.project.apiGatewayService.gateway","title":"List of API Gateway gateways","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) API Gateway","desc":"Use this resource as the entry point for API Gateway in the project. It hosts the managed APIs (with their API configs) and the deployed `gateways` — exposing managed-service names, deployment state, and the hostnames clients use to reach backend services.","private":true,"min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.apiGatewayService.api":{"id":"gcp.project.apiGatewayService.api","name":"gcp.project.apiGatewayService.api","fields":{"configs":{"name":"configs","type":"\u0019\u001bgcp.project.apiGatewayService.apiConfig","title":"API configurations for this API","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the API was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedService":{"name":"managedService","type":"\u0007","is_mandatory":true,"title":"Name of the Google managed service backing this API","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/global/apis/{api})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the API (CREATING, ACTIVE, FAILED, DELETING, UPDATING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"The time the API was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) API Gateway API","desc":"Examine a managed API Gateway API: its lifecycle state (CREATING, ACTIVE, FAILED, DELETING, UPDATING), the name of the Google-managed service backing it, resource labels, creation and update timestamps, and the API configurations deployed under this API.","private":true,"min_provider_version":"13.15.1","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.apiGatewayService.apiConfig":{"id":"gcp.project.apiGatewayService.apiConfig","name":"gcp.project.apiGatewayService.apiConfig","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the API config was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gatewayServiceAccount":{"name":"gatewayServiceAccount","type":"\u0007","is_mandatory":true,"title":"IAM service account that gateways serving this config use to authenticate to other services","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/global/apis/{api}/configs/{config})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"openapiDocuments":{"name":"openapiDocuments","type":"\u0019\n","is_mandatory":true,"title":"OpenAPI specification documents describing the API","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceConfigId":{"name":"serviceConfigId","type":"\u0007","is_mandatory":true,"title":"ID of the associated service config","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the API config (CREATING, ACTIVE, FAILED, DELETING, UPDATING, ACTIVATING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"The time the API config was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) API Gateway API config","desc":"Examine an API Gateway API configuration: its lifecycle state (CREATING, ACTIVE, FAILED, DELETING, UPDATING, ACTIVATING), the associated service config ID, the IAM service account used by gateways to authenticate to backend services, OpenAPI specification documents, resource labels, and creation and update timestamps.","private":true,"min_provider_version":"13.15.1","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.apiGatewayService.gateway":{"id":"gcp.project.apiGatewayService.gateway","name":"gcp.project.apiGatewayService.gateway","fields":{"apiConfig":{"name":"apiConfig","type":"\u0007","is_mandatory":true,"title":"Resource name of the API config served by this gateway","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the gateway was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultHostname":{"name":"defaultHostname","type":"\u0007","is_mandatory":true,"title":"Default API Gateway host name serving this gateway","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/gateways/{gateway})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the gateway (CREATING, ACTIVE, FAILED, DELETING, UPDATING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"The time the gateway was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) API Gateway gateway","desc":"Examine an API Gateway deployment: its lifecycle state (CREATING, ACTIVE, FAILED, DELETING, UPDATING), the API config it serves, the default hostname clients use to reach backend services, resource labels, and creation and update timestamps.","private":true,"min_provider_version":"13.15.1","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.apiKey":{"id":"gcp.project.apiKey","name":"gcp.project.apiKey","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"System-managed annotation metadata on the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deleted":{"name":"deleted","type":"\t","is_mandatory":true,"title":"Deletion timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"The ID of the key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyString":{"name":"keyString","type":"\u0007","is_mandatory":true,"title":"Encrypted and signed value held by this key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Human-readable display name of this key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"restrictions":{"name":"restrictions","type":"\u001bgcp.project.apiKey.restrictions","is_mandatory":true,"title":"API key restrictions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) project API key","desc":"Examine an API key scoped to the project — its display name, annotations, creation and deletion timestamps, the encrypted key string, and the restrictions that limit which applications, IP addresses, or API targets may use it. The `restrictions` sub-resource exposes the `unrestricted` flag used by CIS benchmarks to detect keys that have no app, IP, or referrer restrictions configured.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.apiKey.restrictions":{"id":"gcp.project.apiKey.restrictions","name":"gcp.project.apiKey.restrictions","fields":{"androidKeyRestrictions":{"name":"androidKeyRestrictions","type":"\n","is_mandatory":true,"title":"The Android apps that are allowed to use the key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"apiTargets":{"name":"apiTargets","type":"\u0019\n","is_mandatory":true,"title":"A restriction for a specific service and optionally one or more specific methods","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"appliedRestrictionTypes":{"name":"appliedRestrictionTypes","type":"\u0019\u0007","title":"Names of the restriction categories actually set on the key","desc":"Contains one entry for each configured category: `androidKeyRestrictions`, `browserKeyRestrictions`, `iosKeyRestrictions`, `serverKeyRestrictions`, and `apiTargets`. An empty list means the key is fully unrestricted; a partial list surfaces keys that restrict the caller but not the callable APIs (or vice versa).","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"browserKeyRestrictions":{"name":"browserKeyRestrictions","type":"\n","is_mandatory":true,"title":"The HTTP referrers that are allowed to use the key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iosKeyRestrictions":{"name":"iosKeyRestrictions","type":"\n","is_mandatory":true,"title":"The iOS apps that are allowed to use the key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parentResourcePath":{"name":"parentResourcePath","type":"\u0007","is_mandatory":true,"title":"Parent resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverKeyRestrictions":{"name":"serverKeyRestrictions","type":"\n","is_mandatory":true,"title":"The IP addresses that are allowed to use the key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"unrestricted":{"name":"unrestricted","type":"\u0004","title":"Whether the API key has no restrictions configured (no app/IP/referrer/API target restriction). CIS flags unrestricted keys.","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) project API key restrictions","desc":"Examine the access restrictions applied to a GCP API key — Android app restrictions, iOS app restrictions, HTTP referrer restrictions, server IP restrictions, and specific API target restrictions. The `unrestricted` derived field is `true` when none of these restriction types are configured, which CIS benchmarks flag as a finding.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.appEngineService":{"id":"gcp.project.appEngineService","name":"gcp.project.appEngineService","fields":{"application":{"name":"application","type":"\u001bgcp.project.appEngineService.application","title":"The App Engine application","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firewallRule":{"name":"firewallRule","type":"\u001bgcp.project.appEngineService.firewallRule","title":"Google Cloud (GCP) App Engine firewall ingress rule","desc":"Examine an App Engine firewall ingress rule — the application's only IP-level perimeter control. Each rule applies an `action` (ALLOW or DENY) to a `sourceRange` CIDR, evaluated in `priority` order. A rule whose `sourceRange` is \"*\" matches every address, so an ALLOW-all rule exposes the application to the entire internet.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firewallRules":{"name":"firewallRules","type":"\u0019\u001bgcp.project.appEngineService.firewallRule","title":"App Engine firewall ingress rules (the application's IP allow/deny perimeter)","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"service":{"name":"service","type":"\u001bgcp.project.appEngineService.service","title":"Google Cloud (GCP) App Engine service","desc":"Examine an App Engine service (e.g., \"default\"): its traffic split configuration across versions, resource labels, and the deployed versions reachable through the `versions` field.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"services":{"name":"services","type":"\u0019\u001bgcp.project.appEngineService.service","title":"List of App Engine services","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"version":{"name":"version","type":"\u001bgcp.project.appEngineService.version","title":"Google Cloud (GCP) App Engine version","desc":"Examine a deployed App Engine version: its serving status (SERVING, STOPPED), runtime (e.g., \"python39\", \"go121\", \"nodejs20\"), execution environment (standard or flex), runtime API version, VPC access connector configuration, URL handlers with their HTTPS enforcement and login requirements, and creation timestamp.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud (GCP) App Engine","desc":"Use this resource as the entry point for App Engine in the project. It hosts the `application` (with its location, serving status, and identity settings) and the deployed `services` and their versions.","private":true,"min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.appEngineService.application":{"id":"gcp.project.appEngineService.application","name":"gcp.project.appEngineService.application","fields":{"authDomain":{"name":"authDomain","type":"\u0007","is_mandatory":true,"title":"Auth domain","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"codeBucket":{"name":"codeBucket","type":"\u0007","is_mandatory":true,"title":"The Google Cloud Storage bucket for default staging","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseType":{"name":"databaseType","type":"\u0007","is_mandatory":true,"title":"The type of the Cloud Firestore or Cloud Datastore database","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultBucket":{"name":"defaultBucket","type":"\u0007","is_mandatory":true,"title":"The default Google Cloud Storage bucket for Blobstore and Log","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultCookieExpiration":{"name":"defaultCookieExpiration","type":"\u0007","is_mandatory":true,"title":"Default Cookie expiration for the application","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultHostname":{"name":"defaultHostname","type":"\u0007","is_mandatory":true,"title":"Default hostname for the application","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"featureSettings":{"name":"featureSettings","type":"\n","is_mandatory":true,"title":"Feature settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcrDomain":{"name":"gcrDomain","type":"\u0007","is_mandatory":true,"title":"GCR domain used for storing managed Docker images (e.g. \"us.gcr.io\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iap":{"name":"iap","type":"\n","is_mandatory":true,"title":"IAP configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Application identifier (same as project ID)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locationId":{"name":"locationId","type":"\u0007","is_mandatory":true,"title":"Location from which the application is served (e.g. \"us-central\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"servingStatus":{"name":"servingStatus","type":"\u0007","is_mandatory":true,"title":"Serving status (SERVING, USER_DISABLED, SYSTEM_DISABLED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) App Engine application","desc":"Examine the App Engine application for a project: its serving location, serving status (SERVING, USER_DISABLED, SYSTEM_DISABLED), default hostname, Cloud Storage buckets for code staging and Blobstore, GCR domain for managed Docker images, database type (Firestore or Datastore), auth domain, Identity-Aware Proxy configuration, and feature settings.","private":true,"min_provider_version":"11.6.6","defaults":"id locationId servingStatus","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.appEngineService.firewallRule":{"id":"gcp.project.appEngineService.firewallRule","name":"gcp.project.appEngineService.firewallRule","fields":{"action":{"name":"action","type":"\u0007","is_mandatory":true,"title":"Action applied to matching traffic (ALLOW, DENY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Evaluation priority (lower numbers evaluated first; 2147483647 is the implicit default rule)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceRange":{"name":"sourceRange","type":"\u0007","is_mandatory":true,"title":"Source IP CIDR range the rule matches (\"*\" matches all addresses)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) App Engine firewall ingress rule","desc":"Examine an App Engine firewall ingress rule — the application's only IP-level perimeter control. Each rule applies an `action` (ALLOW or DENY) to a `sourceRange` CIDR, evaluated in `priority` order. A rule whose `sourceRange` is \"*\" matches every address, so an ALLOW-all rule exposes the application to the entire internet.","private":true,"min_provider_version":"13.19.2","defaults":"priority action sourceRange","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.appEngineService.service":{"id":"gcp.project.appEngineService.service","name":"gcp.project.appEngineService.service","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Relative name of the service (e.g., \"default\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"split":{"name":"split","type":"\n","is_mandatory":true,"title":"Traffic split configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versions":{"name":"versions","type":"\u0019\u001bgcp.project.appEngineService.version","title":"Versions of this service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) App Engine service","desc":"Examine an App Engine service (e.g., \"default\"): its traffic split configuration across versions, resource labels, and the deployed versions reachable through the `versions` field.","private":true,"min_provider_version":"11.6.6","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.appEngineService.version":{"id":"gcp.project.appEngineService.version","name":"gcp.project.appEngineService.version","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the version was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"env":{"name":"env","type":"\u0007","is_mandatory":true,"title":"App Engine execution environment (standard or flex)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"handlers":{"name":"handlers","type":"\u0019\n","is_mandatory":true,"title":"URL handlers, each with its HTTPS enforcement (securityLevel) and login requirement","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Relative name of the version (e.g., \"v1\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"inboundServices":{"name":"inboundServices","type":"\u0019\u0007","is_mandatory":true,"title":"Inbound service channels the version accepts beyond HTTP (e.g. mail, XMPP, warmup) — additional ingress surface","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"runtime":{"name":"runtime","type":"\u0007","is_mandatory":true,"title":"The runtime (e.g., \"python39\", \"go121\", \"nodejs20\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"runtimeApiVersion":{"name":"runtimeApiVersion","type":"\u0007","is_mandatory":true,"title":"The version of the API in the given runtime environment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceId":{"name":"serviceId","type":"\u0007","is_mandatory":true,"title":"Service ID this version belongs to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"servingStatus":{"name":"servingStatus","type":"\u0007","is_mandatory":true,"title":"Serving status (SERVING, STOPPED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpcAccessConnector":{"name":"vpcAccessConnector","type":"\n","is_mandatory":true,"title":"VPC access connector configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) App Engine version","desc":"Examine a deployed App Engine version: its serving status (SERVING, STOPPED), runtime (e.g., \"python39\", \"go121\", \"nodejs20\"), execution environment (standard or flex), runtime API version, VPC access connector configuration, URL handlers with their HTTPS enforcement and login requirements, and creation timestamp.","private":true,"min_provider_version":"11.6.6","defaults":"id servingStatus","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.artifactRegistryService":{"id":"gcp.project.artifactRegistryService","name":"gcp.project.artifactRegistryService","fields":{"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"repositories":{"name":"repositories","type":"\u0019\u001bgcp.project.artifactRegistryService.repository","title":"List of Artifact Registry repositories in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"repository":{"name":"repository","type":"\u001bgcp.project.artifactRegistryService.repository","title":"Google Cloud (GCP) Artifact Registry repository","desc":"Examine a single Artifact Registry repository — its package format (DOCKER, MAVEN, NPM, PYTHON, APT, YUM, GO, GENERIC), repository mode (STANDARD, VIRTUAL, REMOTE), encryption key, cleanup policies, format- and mode-specific configuration, and IAM policy bindings. Use `vulnerabilityScanningConfig` to audit whether container-image scanning is active or inherited.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud (GCP) Artifact Registry","desc":"Use this resource as the entry point for Artifact Registry in the project. It hosts the project's `repositories` — each exposing its format, mode, encryption configuration, cleanup policies, and IAM policy for container-image and package-storage audits.","private":true,"min_provider_version":"11.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.artifactRegistryService.repository":{"id":"gcp.project.artifactRegistryService.repository","name":"gcp.project.artifactRegistryService.repository","fields":{"cleanupPolicies":{"name":"cleanupPolicies","type":"\u0019\u001bgcp.project.artifactRegistryService.repository.cleanupPolicy","is_mandatory":true,"title":"Cleanup policies for artifact retention","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cleanupPolicy":{"name":"cleanupPolicy","type":"\u001bgcp.project.artifactRegistryService.repository.cleanupPolicy","title":"Google Cloud (GCP) Artifact Registry repository cleanup policy","desc":"Examine a cleanup policy attached to an Artifact Registry repository. Each policy has an `action` (DELETE or KEEP) and a `policyType` that selects between a condition-based filter (`condition`) or a most-recent- versions retention rule (`mostRecentVersions`).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cleanupPolicyDryRun":{"name":"cleanupPolicyDryRun","type":"\u0004","is_mandatory":true,"title":"Whether cleanup policy dry-run mode is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Repository description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"format":{"name":"format","type":"\u0007","is_mandatory":true,"title":"Package format (DOCKER, MAVEN, NPM, PYTHON, APT, YUM, GO, GENERIC, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"formatConfig":{"name":"formatConfig","type":"\u001bgcp.project.artifactRegistryService.repository.formatConfig","is_mandatory":true,"title":"Format-specific configuration (Docker immutable tags, Maven version policy)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings for this repository","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt the repository's artifacts at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKeyName":{"name":"kmsKeyName","type":"\u0007","is_mandatory":true,"title":"Cloud KMS encryption key name (empty means Google-managed encryption)","desc":"Deprecated in favor of kmsKey().","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-assigned labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Repository location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Repository mode (STANDARD_REPOSITORY, VIRTUAL_REPOSITORY, REMOTE_REPOSITORY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modeConfig":{"name":"modeConfig","type":"\u001bgcp.project.artifactRegistryService.repository.modeConfig","is_mandatory":true,"title":"Mode-specific configuration (virtual upstream policies, remote repo config)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Repository name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"registryUri":{"name":"registryUri","type":"\u0007","is_mandatory":true,"title":"Registry endpoint URI (e.g., us-docker.pkg.dev/project/repo)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the repository satisfies Physical Zone Isolation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the repository satisfies Physical Zone Separation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sizeBytes":{"name":"sizeBytes","type":"\u0005","is_mandatory":true,"title":"Total storage size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"upstreamPolicy":{"name":"upstreamPolicy","type":"\u001bgcp.project.artifactRegistryService.repository.upstreamPolicy","title":"Google Cloud (GCP) Artifact Registry virtual repository upstream policy","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vulnScanConfig":{"name":"vulnScanConfig","type":"\u001bgcp.project.artifactRegistryService.repository.vulnScanConfig","title":"Google Cloud (GCP) Artifact Registry repository vulnerability scanning configuration","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vulnerabilityScanningConfig":{"name":"vulnerabilityScanningConfig","type":"\u001bgcp.project.artifactRegistryService.repository.vulnScanConfig","is_mandatory":true,"title":"Vulnerability scanning configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Artifact Registry repository","desc":"Examine a single Artifact Registry repository — its package format (DOCKER, MAVEN, NPM, PYTHON, APT, YUM, GO, GENERIC), repository mode (STANDARD, VIRTUAL, REMOTE), encryption key, cleanup policies, format- and mode-specific configuration, and IAM policy bindings. Use `vulnerabilityScanningConfig` to audit whether container-image scanning is active or inherited.","private":true,"min_provider_version":"11.6.1","defaults":"name format location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.artifactRegistryService.repository.cleanupPolicy":{"id":"gcp.project.artifactRegistryService.repository.cleanupPolicy","name":"gcp.project.artifactRegistryService.repository.cleanupPolicy","fields":{"action":{"name":"action","type":"\u0007","is_mandatory":true,"title":"Policy action (DELETE or KEEP)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"condition":{"name":"condition","type":"\u001bgcp.project.artifactRegistryService.repository.cleanupPolicy.condition","is_mandatory":true,"title":"Condition filter details; fields are non-empty only when policyType == \"condition\"","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mostRecentVersions":{"name":"mostRecentVersions","type":"\u001bgcp.project.artifactRegistryService.repository.cleanupPolicy.mostRecentVersions","is_mandatory":true,"title":"Most-recent-version details; fields are non-empty only when policyType == \"mostRecentVersions\"","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"policyType":{"name":"policyType","type":"\u0007","is_mandatory":true,"title":"Policy type: \"condition\" or \"mostRecentVersions\"","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Artifact Registry repository cleanup policy","desc":"Examine a cleanup policy attached to an Artifact Registry repository. Each policy has an `action` (DELETE or KEEP) and a `policyType` that selects between a condition-based filter (`condition`) or a most-recent- versions retention rule (`mostRecentVersions`).","private":true,"min_provider_version":"11.6.1","defaults":"id action policyType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.artifactRegistryService.repository.cleanupPolicy.condition":{"id":"gcp.project.artifactRegistryService.repository.cleanupPolicy.condition","name":"gcp.project.artifactRegistryService.repository.cleanupPolicy.condition","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"newerThan":{"name":"newerThan","type":"\u0007","is_mandatory":true,"title":"Match versions newer than this duration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"olderThan":{"name":"olderThan","type":"\u0007","is_mandatory":true,"title":"Match versions older than this duration (e.g., \"2592000s\" for 30 days)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packageNamePrefixes":{"name":"packageNamePrefixes","type":"\u0019\u0007","is_mandatory":true,"title":"Package name prefix filters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tagPrefixes":{"name":"tagPrefixes","type":"\u0019\u0007","is_mandatory":true,"title":"Tag prefix filters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tagState":{"name":"tagState","type":"\u0007","is_mandatory":true,"title":"Tag state filter (TAGGED, UNTAGGED, ANY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versionNamePrefixes":{"name":"versionNamePrefixes","type":"\u0019\u0007","is_mandatory":true,"title":"Version name prefix filters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Artifact Registry cleanup policy condition","private":true,"min_provider_version":"11.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.artifactRegistryService.repository.cleanupPolicy.mostRecentVersions":{"id":"gcp.project.artifactRegistryService.repository.cleanupPolicy.mostRecentVersions","name":"gcp.project.artifactRegistryService.repository.cleanupPolicy.mostRecentVersions","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keepCount":{"name":"keepCount","type":"\u0005","is_mandatory":true,"title":"Number of recent versions to keep","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packageNamePrefixes":{"name":"packageNamePrefixes","type":"\u0019\u0007","is_mandatory":true,"title":"Package name prefix filters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Artifact Registry cleanup policy most recent versions config","private":true,"min_provider_version":"11.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.artifactRegistryService.repository.formatConfig":{"id":"gcp.project.artifactRegistryService.repository.formatConfig","name":"gcp.project.artifactRegistryService.repository.formatConfig","fields":{"allowSnapshotOverwrites":{"name":"allowSnapshotOverwrites","type":"\u0004","is_mandatory":true,"title":"Whether Maven snapshot overwrites are allowed (Maven repos only)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"format":{"name":"format","type":"\u0007","is_mandatory":true,"title":"Repository format (e.g., DOCKER, MAVEN, NPM, PYTHON, APT, YUM, GO, KFP)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"immutableTags":{"name":"immutableTags","type":"\u0004","is_mandatory":true,"title":"Whether Docker image tags are immutable (Docker repos only)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mavenVersionPolicy":{"name":"mavenVersionPolicy","type":"\u0007","is_mandatory":true,"title":"Maven version policy: RELEASE, SNAPSHOT, or VERSION_POLICY_UNSPECIFIED (Maven repos only)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Artifact Registry repository format-specific configuration","private":true,"min_provider_version":"11.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.artifactRegistryService.repository.modeConfig":{"id":"gcp.project.artifactRegistryService.repository.modeConfig","name":"gcp.project.artifactRegistryService.repository.modeConfig","fields":{"disableUpstreamValidation":{"name":"disableUpstreamValidation","type":"\u0004","is_mandatory":true,"title":"Whether upstream validation is disabled (remote repos)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"remoteRepositoryDescription":{"name":"remoteRepositoryDescription","type":"\u0007","is_mandatory":true,"title":"Remote repository description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"upstreamPolicies":{"name":"upstreamPolicies","type":"\u0019\u001bgcp.project.artifactRegistryService.repository.upstreamPolicy","is_mandatory":true,"title":"Upstream policies for virtual repositories (ordered by priority)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Artifact Registry repository mode-specific configuration","private":true,"min_provider_version":"11.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.artifactRegistryService.repository.upstreamPolicy":{"id":"gcp.project.artifactRegistryService.repository.upstreamPolicy","name":"gcp.project.artifactRegistryService.repository.upstreamPolicy","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Priority (lower value = higher priority)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"repository":{"name":"repository","type":"\u0007","is_mandatory":true,"title":"Full resource name of the upstream repository","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Artifact Registry virtual repository upstream policy","private":true,"min_provider_version":"11.6.1","defaults":"id priority","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.artifactRegistryService.repository.vulnScanConfig":{"id":"gcp.project.artifactRegistryService.repository.vulnScanConfig","name":"gcp.project.artifactRegistryService.repository.vulnScanConfig","fields":{"enablementConfig":{"name":"enablementConfig","type":"\u0007","is_mandatory":true,"title":"Scanning enablement config (INHERITED, DISABLED, ENABLEMENT_CONFIG_UNSPECIFIED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enablementState":{"name":"enablementState","type":"\u0007","is_mandatory":true,"title":"Current scanning state (SCANNING_ACTIVE, SCANNING_DISABLED, SCANNING_UNSUPPORTED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enablementStateReason":{"name":"enablementStateReason","type":"\u0007","is_mandatory":true,"title":"Explanation of the current scanning state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastEnableTime":{"name":"lastEnableTime","type":"\t","is_mandatory":true,"title":"Time scanning was last enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Artifact Registry repository vulnerability scanning configuration","private":true,"min_provider_version":"11.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.backupdrService":{"id":"gcp.project.backupdrService","name":"gcp.project.backupdrService","fields":{"backupPlan":{"name":"backupPlan","type":"\u001bgcp.project.backupdrService.backupPlan","title":"Google Cloud (GCP) Backup and DR backup plan","desc":"Examine a Backup and DR backup plan — its target resource type, lifecycle state, associated backup vault, vault service account, and the backup rules that define schedules and retention windows for automated protection.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupPlans":{"name":"backupPlans","type":"\u0019\u001bgcp.project.backupdrService.backupPlan","title":"List of backup plans","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupVault":{"name":"backupVault","type":"\u001bgcp.project.backupdrService.backupVault","title":"Google Cloud (GCP) Backup and DR backup vault","desc":"Examine a Backup and DR backup vault — its minimum enforced retention duration, access restriction setting, whether the vault is deletable, service account, total stored bytes, backup count, and the `dataSources` that are protected within it. Use these fields to verify immutability and data-protection policy compliance.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupVaults":{"name":"backupVaults","type":"\u0019\u001bgcp.project.backupdrService.backupVault","title":"List of backup vaults","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataSource":{"name":"dataSource","type":"\u001bgcp.project.backupdrService.dataSource","title":"Google Cloud (GCP) Backup and DR data source","desc":"Examine a data source protected within a Backup and DR backup vault — its current state, configuration state, total stored bytes, backup count, and the GCP resource or Backup Appliance application it represents.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"managementServer":{"name":"managementServer","type":"\u001bgcp.project.backupdrService.managementServer","title":"Google Cloud (GCP) Backup and DR management server","desc":"Examine a Backup and DR management server — its current lifecycle state (CREATING, READY, UPDATING, DELETING, REPAIRING, ERROR), network configuration, management URI, OAuth2 client ID, and whether Physical Zone Separation is satisfied.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"managementServers":{"name":"managementServers","type":"\u0019\u001bgcp.project.backupdrService.managementServer","title":"List of management servers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Backup and DR Service","desc":"Use this resource as the entry point for the Backup and DR Service in the project. It hosts the `managementServers`, the `backupVaults` that store immutable backups, and the `backupPlans` that schedule them — exposing retention and enforcement settings for data-protection audits.","private":true,"min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.backupdrService.backupPlan":{"id":"gcp.project.backupdrService.backupPlan","name":"gcp.project.backupdrService.backupPlan","fields":{"backupRules":{"name":"backupRules","type":"\u0019\n","is_mandatory":true,"title":"Backup rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupVault":{"name":"backupVault","type":"\u001bgcp.project.backupdrService.backupVault","title":"Backup vault","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupVaultServiceAccount":{"name":"backupVaultServiceAccount","type":"\u0007","is_mandatory":true,"title":"Backup vault service account","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceType":{"name":"resourceType","type":"\u0007","is_mandatory":true,"title":"Resource type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Backup and DR backup plan","desc":"Examine a Backup and DR backup plan — its target resource type, lifecycle state, associated backup vault, vault service account, and the backup rules that define schedules and retention windows for automated protection.","private":true,"min_provider_version":"13.1.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.backupdrService.backupVault":{"id":"gcp.project.backupdrService.backupVault","name":"gcp.project.backupdrService.backupVault","fields":{"accessRestriction":{"name":"accessRestriction","type":"\u0007","is_mandatory":true,"title":"Access restriction","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"System-managed annotation metadata on the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupCount":{"name":"backupCount","type":"\u0005","is_mandatory":true,"title":"Backup count","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupMinimumEnforcedRetentionDuration":{"name":"backupMinimumEnforcedRetentionDuration","type":"\u0007","is_mandatory":true,"title":"Minimum enforced retention duration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataSources":{"name":"dataSources","type":"\u0019\u001bgcp.project.backupdrService.dataSource","title":"Data sources in this backup vault","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deletable":{"name":"deletable","type":"\u0004","is_mandatory":true,"title":"Whether the vault is deletable","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"effectiveTime":{"name":"effectiveTime","type":"\t","is_mandatory":true,"title":"Effective time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKeyName":{"name":"kmsKeyName","type":"\u0007","is_mandatory":true,"title":"Cloud KMS key name encrypting backups at rest (empty when Google-managed encryption is used)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u0007","is_mandatory":true,"title":"Service account","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalStoredBytes":{"name":"totalStoredBytes","type":"\u0005","is_mandatory":true,"title":"Total stored bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Backup and DR backup vault","desc":"Examine a Backup and DR backup vault — its minimum enforced retention duration, access restriction setting, whether the vault is deletable, service account, total stored bytes, backup count, and the `dataSources` that are protected within it. Use these fields to verify immutability and data-protection policy compliance.","private":true,"min_provider_version":"13.1.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.backupdrService.dataSource":{"id":"gcp.project.backupdrService.dataSource","name":"gcp.project.backupdrService.dataSource","fields":{"backupCount":{"name":"backupCount","type":"\u0005","is_mandatory":true,"title":"Backup count","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"configState":{"name":"configState","type":"\u0007","is_mandatory":true,"title":"Configuration state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataSourceBackupApplianceApplication":{"name":"dataSourceBackupApplianceApplication","type":"\n","is_mandatory":true,"title":"Data source Backup Appliance application","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataSourceGcpResource":{"name":"dataSourceGcpResource","type":"\n","is_mandatory":true,"title":"Data source GCP resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalStoredBytes":{"name":"totalStoredBytes","type":"\u0005","is_mandatory":true,"title":"Total stored bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Backup and DR data source","desc":"Examine a data source protected within a Backup and DR backup vault — its current state, configuration state, total stored bytes, backup count, and the GCP resource or Backup Appliance application it represents.","private":true,"min_provider_version":"13.1.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.backupdrService.managementServer":{"id":"gcp.project.backupdrService.managementServer","name":"gcp.project.backupdrService.managementServer","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managementUri":{"name":"managementUri","type":"\n","is_mandatory":true,"title":"Management URI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networks":{"name":"networks","type":"\u0019\n","is_mandatory":true,"title":"Networks for the management server","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oauth2ClientId":{"name":"oauth2ClientId","type":"\u0007","is_mandatory":true,"title":"OAuth2 client ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the resource satisfies PZS","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state (CREATING, READY, UPDATING, DELETING, REPAIRING, ERROR)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of the management server (BACKUP_RESTORE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Backup and DR management server","desc":"Examine a Backup and DR management server — its current lifecycle state (CREATING, READY, UPDATING, DELETING, REPAIRING, ERROR), network configuration, management URI, OAuth2 client ID, and whether Physical Zone Separation is satisfied.","private":true,"min_provider_version":"13.1.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.batchService":{"id":"gcp.project.batchService","name":"gcp.project.batchService","fields":{"job":{"name":"job","type":"\u001bgcp.project.batchService.job","title":"Google Cloud (GCP) Batch job","desc":"Examine a Cloud Batch job and its execution configuration. Inspect `taskGroups` for the task specifications, parallelism, and scheduling policies; `allocationPolicy` for the compute and network resources provisioned to run the tasks; `status` for the current lifecycle state; and `logsPolicy` for where task logs are sent.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"jobs":{"name":"jobs","type":"\u0019\u001bgcp.project.batchService.job","title":"Batch jobs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Batch","desc":"Use this resource as the entry point for Batch in the project. It hosts the project's `jobs` — each exposing its task groups, compute and network configuration, and execution state for managed batch-compute audits.","private":true,"min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.batchService.job":{"id":"gcp.project.batchService.job","name":"gcp.project.batchService.job","fields":{"allocationPolicy":{"name":"allocationPolicy","type":"\n","is_mandatory":true,"title":"Resource allocation policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logsPolicy":{"name":"logsPolicy","type":"\n","is_mandatory":true,"title":"Logs policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Job priority (0-100)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\n","is_mandatory":true,"title":"Job status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"taskGroup":{"name":"taskGroup","type":"\u001bgcp.project.batchService.job.taskGroup","title":"Google Cloud (GCP) Batch job task group","desc":"Examine a task group within a Cloud Batch job. Inspect `taskSpec` for the container or script definition, environment variables, and volume mounts; `taskCount` and `parallelism` for the execution scale; `schedulingPolicy` (AS_SOON_AS_POSSIBLE or IN_ORDER) for the run order; and `permissiveSsh` for the inter-task SSH access setting.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"taskGroups":{"name":"taskGroups","type":"\u0019\u001bgcp.project.batchService.job.taskGroup","is_mandatory":true,"title":"Task groups","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Batch job","desc":"Examine a Cloud Batch job and its execution configuration. Inspect `taskGroups` for the task specifications, parallelism, and scheduling policies; `allocationPolicy` for the compute and network resources provisioned to run the tasks; `status` for the current lifecycle state; and `logsPolicy` for where task logs are sent.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.batchService.job.taskGroup":{"id":"gcp.project.batchService.job.taskGroup","name":"gcp.project.batchService.job.taskGroup","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parallelism":{"name":"parallelism","type":"\u0005","is_mandatory":true,"title":"Max parallel tasks","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"permissiveSsh":{"name":"permissiveSsh","type":"\u0004","is_mandatory":true,"title":"Permissive SSH access between tasks","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"requireHostsFile":{"name":"requireHostsFile","type":"\u0004","is_mandatory":true,"title":"Whether tasks require Docker (vs VM)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"schedulingPolicy":{"name":"schedulingPolicy","type":"\u0007","is_mandatory":true,"title":"Scheduling policy (AS_SOON_AS_POSSIBLE, IN_ORDER)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"taskCount":{"name":"taskCount","type":"\u0005","is_mandatory":true,"title":"Number of tasks","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"taskCountPerNode":{"name":"taskCountPerNode","type":"\u0005","is_mandatory":true,"title":"Max tasks per VM","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"taskSpec":{"name":"taskSpec","type":"\n","is_mandatory":true,"title":"Task specification","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Batch job task group","desc":"Examine a task group within a Cloud Batch job. Inspect `taskSpec` for the container or script definition, environment variables, and volume mounts; `taskCount` and `parallelism` for the execution scale; `schedulingPolicy` (AS_SOON_AS_POSSIBLE or IN_ORDER) for the run order; and `permissiveSsh` for the inter-task SSH access setting.","private":true,"min_provider_version":"13.6.1","defaults":"name taskCount","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigqueryService":{"id":"gcp.project.bigqueryService","name":"gcp.project.bigqueryService","fields":{"connection":{"name":"connection","type":"\u001bgcp.project.bigqueryService.connection","title":"Google BigQuery external data source connection","desc":"Examine a BigQuery connection used to query data residing outside BigQuery. Surfaces the connection `type` (CLOUD_SQL, AWS, AZURE, CLOUD_SPANNER, CLOUD_RESOURCE, SPARK, SALESFORCE_DATA_CLOUD, or UNKNOWN), `location`, type-specific `properties` (credentials, endpoint, database), and `hasCredential` to verify that authentication material is configured.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"connections":{"name":"connections","type":"\u0019\u001bgcp.project.bigqueryService.connection","title":"List of BigQuery connections across the dataset locations of this project","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataset":{"name":"dataset","type":"\u001bgcp.project.bigqueryService.dataset","title":"Google BigQuery dataset","desc":"Examine a BigQuery dataset's configuration, access controls, and data-protection settings. Surfaces the `location`, `labels`, `tags`, access entries (`access` and the `public()` predicate for any `allUsers` / `allAuthenticatedUsers` grant), the CMEK encryption key (`kmsKey()`), `defaultTableExpirationMs`, `maxTimeTravelHours`, `storageBillingModel`, and case-sensitivity settings. Child collections expose `tables()`, `models()`, and `routines()` within the dataset.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"datasets":{"name":"datasets","type":"\u0019\u001bgcp.project.bigqueryService.dataset","title":"List of BigQuery datasets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"model":{"name":"model","type":"\u001bgcp.project.bigqueryService.model","title":"Google BigQuery ML model","desc":"Examine a BigQuery ML model's metadata and encryption configuration. Surfaces the `type`, `location`, `labels`, `created` and `modified` timestamps, `expirationTime`, and the CMEK encryption key (`kmsKey()`) protecting the model artifacts.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reservation":{"name":"reservation","type":"\u001bgcp.project.bigqueryService.reservation","title":"Google BigQuery slot reservation","desc":"Examine a BigQuery capacity reservation's slot allocation and autoscaling configuration. Surfaces the `slotCapacity` baseline, `autoscale` settings, `concurrency` limit, `edition` (STANDARD, ENTERPRISE, ENTERPRISE_PLUS), `ignoreIdleSlots` isolation flag, and managed disaster-recovery location attributes (`primaryLocation`, `secondaryLocation`, `originalPrimaryLocation`).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"reservations":{"name":"reservations","type":"\u0019\u001bgcp.project.bigqueryService.reservation","title":"List of BigQuery reservations across the dataset locations of this project","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routine":{"name":"routine","type":"\u001bgcp.project.bigqueryService.routine","title":"Google BigQuery routine (UDF or stored procedure)","desc":"Examine a BigQuery routine's definition and metadata. Surfaces the `type` (SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION, etc.), `language` (SQL, JAVASCRIPT, PYTHON, etc.), `body` containing the routine's implementation, `description`, and `created` / `modified` timestamps.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"table":{"name":"table","type":"\u001bgcp.project.bigqueryService.table","title":"Google BigQuery table","desc":"Examine a BigQuery table's schema, partitioning, and data-protection configuration. Surfaces the `type` (TABLE, VIEW, MATERIALIZED_VIEW, EXTERNAL), `schema`, `location`, `labels`, size metrics (`numBytes`, `numLongTermBytes`, `numRows`), time-based and range `timePartitioning` and `rangePartitioning`, `clusteringFields`, `expirationTime`, CMEK encryption key (`kmsKey()`), and external data configuration for federated tables. Cloud DLP integration surfaces the table's `dlpDataProfile()` when enabled.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud BigQuery service","desc":"Use this resource as the entry point for BigQuery in the project. It hosts the project's `datasets()` (with their tables, models, routines, access entries, and CMEK encryption), `connections()` to external data sources, and slot `reservations()` for capacity management audits.","private":true,"min_provider_version":"9.0.0","defaults":"projectId","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigqueryService.connection":{"id":"gcp.project.bigqueryService.connection","name":"gcp.project.bigqueryService.connection","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-provided description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"friendlyName":{"name":"friendlyName","type":"\u0007","is_mandatory":true,"title":"User-provided display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasCredential":{"name":"hasCredential","type":"\u0004","is_mandatory":true,"title":"Whether a credential is configured for this connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location (region or multi-region) of the connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modified":{"name":"modified","type":"\t","is_mandatory":true,"title":"Last modified timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the connection: projects/{project}/locations/{location}/connections/{id}","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Type-specific properties (e.g., for CLOUD_SQL, AWS, AZURE connections)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Underlying connection type (CLOUD_SQL, AWS, AZURE, CLOUD_SPANNER, CLOUD_RESOURCE, SPARK, SALESFORCE_DATA_CLOUD, or UNKNOWN)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google BigQuery external data source connection","desc":"Examine a BigQuery connection used to query data residing outside BigQuery. Surfaces the connection `type` (CLOUD_SQL, AWS, AZURE, CLOUD_SPANNER, CLOUD_RESOURCE, SPARK, SALESFORCE_DATA_CLOUD, or UNKNOWN), `location`, type-specific `properties` (credentials, endpoint, database), and `hasCredential` to verify that authentication material is configured.","private":true,"min_provider_version":"13.11.2","defaults":"name friendlyName type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigqueryService.dataset":{"id":"gcp.project.bigqueryService.dataset","name":"gcp.project.bigqueryService.dataset","fields":{"access":{"name":"access","type":"\u0019\u001bgcp.project.bigqueryService.dataset.accessEntry","is_mandatory":true,"title":"Access permissions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"accessEntry":{"name":"accessEntry","type":"\u001bgcp.project.bigqueryService.dataset.accessEntry","title":"Google Cloud (GCP) BigQuery dataset access entry","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultCollation":{"name":"defaultCollation","type":"\u0007","is_mandatory":true,"title":"Default collation for the dataset","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultPartitionExpirationMs":{"name":"defaultPartitionExpirationMs","type":"\u0005","is_mandatory":true,"title":"Default partition expiration time in milliseconds","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultTableExpirationMs":{"name":"defaultTableExpirationMs","type":"\u0005","is_mandatory":true,"title":"Default expiration time (in milliseconds) for tables in the dataset","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-friendly description of this dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalDatasetReference":{"name":"externalDatasetReference","type":"\n","is_mandatory":true,"title":"External source backing this dataset","desc":"For externally defined datasets (for example BigLake or Iceberg tables federated through AWS Glue), this dict has two keys: `externalSource` is the URI of the upstream system that backs the dataset, and `connection` is the Cloud connection used to reach it in the form `projects/{project_id}/locations/{location_id}/connections/{connection_id}`. Null for datasets stored natively in BigQuery.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Dataset ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isCaseInsensitive":{"name":"isCaseInsensitive","type":"\u0004","is_mandatory":true,"title":"Whether field names are treated as case insensitive","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used to protect tables in this dataset (null when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsName":{"name":"kmsName","type":"\u0007","is_mandatory":true,"title":"Customer-managed KMS key resource name","desc":"Deprecated in favor of `kmsKey()`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Geo location of the dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxTimeTravelHours":{"name":"maxTimeTravelHours","type":"\u0005","is_mandatory":true,"title":"Maximum time travel in hours for the dataset (48 to 168)","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"models":{"name":"models","type":"\u0019\u001bgcp.project.bigqueryService.model","title":"Returns models in the dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modified":{"name":"modified","type":"\t","is_mandatory":true,"title":"Modified timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-friendly name for this dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether any access entry grants the dataset to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routines":{"name":"routines","type":"\u0019\u001bgcp.project.bigqueryService.routine","title":"Returns routines in the dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageBillingModel":{"name":"storageBillingModel","type":"\u0007","is_mandatory":true,"title":"Storage billing model (LOGICAL or PHYSICAL)","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tables":{"name":"tables","type":"\u0019\u001bgcp.project.bigqueryService.table","title":"Returns tables in the dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tags":{"name":"tags","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Tags associated with this dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google BigQuery dataset","desc":"Examine a BigQuery dataset's configuration, access controls, and data-protection settings. Surfaces the `location`, `labels`, `tags`, access entries (`access` and the `public()` predicate for any `allUsers` / `allAuthenticatedUsers` grant), the CMEK encryption key (`kmsKey()`), `defaultTableExpirationMs`, `maxTimeTravelHours`, `storageBillingModel`, and case-sensitivity settings. Child collections expose `tables()`, `models()`, and `routines()` within the dataset.","private":true,"min_provider_version":"9.0.0","defaults":"id name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigqueryService.dataset.accessEntry":{"id":"gcp.project.bigqueryService.dataset.accessEntry","name":"gcp.project.bigqueryService.dataset.accessEntry","fields":{"datasetId":{"name":"datasetId","type":"\u0007","is_mandatory":true,"title":"Dataset ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datasetRef":{"name":"datasetRef","type":"\n","is_mandatory":true,"title":"Resources within a dataset granted access","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"entity":{"name":"entity","type":"\u0007","is_mandatory":true,"title":"Entity (individual or group) granted access","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"entityType":{"name":"entityType","type":"\u0007","is_mandatory":true,"title":"Type of the entity","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"role":{"name":"role","type":"\u0007","is_mandatory":true,"title":"Role of the entity","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routineRef":{"name":"routineRef","type":"\n","is_mandatory":true,"title":"Routine granted access (only UDF currently supported)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"viewRef":{"name":"viewRef","type":"\n","is_mandatory":true,"title":"View granted access (entityType must be ViewEntity)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) BigQuery dataset access entry","private":true,"min_provider_version":"9.0.0","defaults":"role entity entityType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigqueryService.model":{"id":"gcp.project.bigqueryService.model","name":"gcp.project.bigqueryService.model","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datasetId":{"name":"datasetId","type":"\u0007","is_mandatory":true,"title":"Dataset ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-friendly description of the model","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expirationTime":{"name":"expirationTime","type":"\t","is_mandatory":true,"title":"Expiration time of the model","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Model ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used to protect this model (null when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsName":{"name":"kmsName","type":"\u0007","is_mandatory":true,"title":"Customer-managed KMS key resource name","desc":"Deprecated in favor of `kmsKey()`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Geographic location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modified":{"name":"modified","type":"\t","is_mandatory":true,"title":"Modified timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-friendly name of the model","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of the model","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google BigQuery ML model","desc":"Examine a BigQuery ML model's metadata and encryption configuration. Surfaces the `type`, `location`, `labels`, `created` and `modified` timestamps, `expirationTime`, and the CMEK encryption key (`kmsKey()`) protecting the model artifacts.","private":true,"min_provider_version":"9.0.0","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigqueryService.reservation":{"id":"gcp.project.bigqueryService.reservation","name":"gcp.project.bigqueryService.reservation","fields":{"autoscale":{"name":"autoscale","type":"\n","is_mandatory":true,"title":"Autoscale configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"concurrency":{"name":"concurrency","type":"\u0005","is_mandatory":true,"title":"Soft upper bound on the number of concurrent jobs in this reservation (0 = system-managed)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"edition":{"name":"edition","type":"\u0007","is_mandatory":true,"title":"Edition of the reservation (STANDARD, ENTERPRISE, ENTERPRISE_PLUS, ...)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ignoreIdleSlots":{"name":"ignoreIdleSlots","type":"\u0004","is_mandatory":true,"title":"If true, reservation will not use idle slots from sibling reservations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location (region or multi-region) of the reservation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the reservation: projects/{project}/locations/{location}/reservations/{id}","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"originalPrimaryLocation":{"name":"originalPrimaryLocation","type":"\u0007","is_mandatory":true,"title":"Location where the reservation was originally created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"primaryLocation":{"name":"primaryLocation","type":"\u0007","is_mandatory":true,"title":"Current location of the reservation's primary replica (managed DR)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secondaryLocation":{"name":"secondaryLocation","type":"\u0007","is_mandatory":true,"title":"Current location of the reservation's secondary replica (managed DR)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"slotCapacity":{"name":"slotCapacity","type":"\u0005","is_mandatory":true,"title":"Baseline slots available to this reservation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google BigQuery slot reservation","desc":"Examine a BigQuery capacity reservation's slot allocation and autoscaling configuration. Surfaces the `slotCapacity` baseline, `autoscale` settings, `concurrency` limit, `edition` (STANDARD, ENTERPRISE, ENTERPRISE_PLUS), `ignoreIdleSlots` isolation flag, and managed disaster-recovery location attributes (`primaryLocation`, `secondaryLocation`, `originalPrimaryLocation`).","private":true,"min_provider_version":"13.11.2","defaults":"name slotCapacity edition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigqueryService.routine":{"id":"gcp.project.bigqueryService.routine","name":"gcp.project.bigqueryService.routine","fields":{"body":{"name":"body","type":"\u0007","is_mandatory":true,"title":"The body of the routine","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datasetId":{"name":"datasetId","type":"\u0007","is_mandatory":true,"title":"Dataset ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-friendly description of the routine","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Routine ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"language":{"name":"language","type":"\u0007","is_mandatory":true,"title":"Language of the routine, such as SQL or JAVASCRIPT","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modified":{"name":"modified","type":"\t","is_mandatory":true,"title":"Modified timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of routine","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google BigQuery routine (UDF or stored procedure)","desc":"Examine a BigQuery routine's definition and metadata. Surfaces the `type` (SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION, etc.), `language` (SQL, JAVASCRIPT, PYTHON, etc.), `body` containing the routine's implementation, `description`, and `created` / `modified` timestamps.","private":true,"min_provider_version":"9.0.0","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigqueryService.table":{"id":"gcp.project.bigqueryService.table","name":"gcp.project.bigqueryService.table","fields":{"clusteringFields":{"name":"clusteringFields","type":"\n","is_mandatory":true,"title":"Data clustering configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datasetId":{"name":"datasetId","type":"\u0007","is_mandatory":true,"title":"Dataset ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-friendly description of the table","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dlpDataProfile":{"name":"dlpDataProfile","type":"\u001bgcp.project.dlpService.tableDataProfile","title":"Cloud DLP table data profile for this table — sensitivity score, risk level, and predicted infoTypes. Null when discovery has not profiled this table","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expirationTime":{"name":"expirationTime","type":"\t","is_mandatory":true,"title":"Time when this table expires","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalDataConfig":{"name":"externalDataConfig","type":"\n","is_mandatory":true,"title":"Information about table stored outside of BigQuery.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Table ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used to protect this table (null when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsName":{"name":"kmsName","type":"\u0007","is_mandatory":true,"title":"Customer-managed KMS key resource name","desc":"Deprecated in favor of `kmsKey()`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location of the table","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"materializedView":{"name":"materializedView","type":"\n","is_mandatory":true,"title":"Information for materialized views","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modified":{"name":"modified","type":"\t","is_mandatory":true,"title":"Modified timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"The user-friendly name for the table","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"numBytes":{"name":"numBytes","type":"\u0005","is_mandatory":true,"title":"Size of the table in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"numLongTermBytes":{"name":"numLongTermBytes","type":"\u0005","is_mandatory":true,"title":"Number of bytes in the table considered \"long-term storage\" for reduced billing purposes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"numRows":{"name":"numRows","type":"\u0005","is_mandatory":true,"title":"Number of rows of data in this table","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rangePartitioning":{"name":"rangePartitioning","type":"\n","is_mandatory":true,"title":"Integer-range-based partitioning on a table","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"requirePartitionFilter":{"name":"requirePartitionFilter","type":"\u0004","is_mandatory":true,"title":"Whether queries that reference this table must specify a partition filter","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"schema":{"name":"schema","type":"\u0019\n","is_mandatory":true,"title":"Table schema","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"snapshotTime":{"name":"snapshotTime","type":"\t","is_mandatory":true,"title":"Snapshot creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timePartitioning":{"name":"timePartitioning","type":"\n","is_mandatory":true,"title":"Time-based date partitioning on a table","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Table type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"useLegacySQL":{"name":"useLegacySQL","type":"\u0004","is_mandatory":true,"title":"Whether the view query uses Legacy SQL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"viewQuery":{"name":"viewQuery","type":"\u0007","is_mandatory":true,"title":"Query to use for a logical view","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google BigQuery table","desc":"Examine a BigQuery table's schema, partitioning, and data-protection configuration. Surfaces the `type` (TABLE, VIEW, MATERIALIZED_VIEW, EXTERNAL), `schema`, `location`, `labels`, size metrics (`numBytes`, `numLongTermBytes`, `numRows`), time-based and range `timePartitioning` and `rangePartitioning`, `clusteringFields`, `expirationTime`, CMEK encryption key (`kmsKey()`), and external data configuration for federated tables. Cloud DLP integration surfaces the table's `dlpDataProfile()` when enabled.","private":true,"min_provider_version":"9.0.0","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigtableService":{"id":"gcp.project.bigtableService","name":"gcp.project.bigtableService","fields":{"appProfile":{"name":"appProfile","type":"\u001bgcp.project.bigtableService.appProfile","title":"Google Cloud (GCP) Bigtable app profile","desc":"Examine a Cloud Bigtable app profile — the named configuration that controls how client traffic is routed to clusters and how reads behave. Query its `routingPolicy` (single-cluster vs. multi-cluster routing), `description`, and `etag`. App profiles are selected by the `name` field as it appears in the Bigtable instance.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backup":{"name":"backup","type":"\u001bgcp.project.bigtableService.backup","title":"Google Cloud (GCP) Bigtable backup","desc":"Examine a Cloud Bigtable backup created from a source table. Query its state, source table, expiration time, start and end times, size in bytes, and encryption information. Backups are stored in a specific cluster and expire automatically at `expireTime`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cluster":{"name":"cluster","type":"\u001bgcp.project.bigtableService.cluster","title":"Google Cloud (GCP) Bigtable cluster","desc":"Examine a Cloud Bigtable cluster — the zonal compute and storage unit within a Bigtable instance. Query its location (zone), state, `serveNodes`, default storage type (`SSD` or `HDD`), encryption configuration, and node scaling factor. The `kmsKey` field resolves to the customer-managed KMS key when CMEK is enabled.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instance":{"name":"instance","type":"\u001bgcp.project.bigtableService.instance","title":"Google Cloud (GCP) Bigtable instance","desc":"Examine a Cloud Bigtable instance — the top-level container for clusters, tables, and app profiles. Query its type (`PRODUCTION` or `DEVELOPMENT`), state, and labels. Drill into `clusters` for storage type and CMEK encryption configuration, `tables` for column-family and deletion-protection settings, `appProfiles` for routing policy audits, `backups` for retention review, and `iamPolicy` for access control.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.bigtableService.instance","title":"List of Bigtable instances in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"table":{"name":"table","type":"\u001bgcp.project.bigtableService.table","title":"Google Cloud (GCP) Bigtable table","desc":"Examine a Cloud Bigtable table within an instance. Query its column families and their garbage-collection configurations, timestamp granularity, deletion protection status, automated backup policy, and change stream configuration. `tieredStorageConfig` controls data movement between SSD and HDD storage tiers.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud (GCP) Bigtable","desc":"Use this resource as the entry point for Bigtable in the project. It hosts the project's `instances` — each exposing its clusters, app profiles, storage type, and encryption configuration for wide-column database audits.","private":true,"min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigtableService.appProfile":{"id":"gcp.project.bigtableService.appProfile","name":"gcp.project.bigtableService.appProfile","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the app profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the app profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routingPolicy":{"name":"routingPolicy","type":"\n","is_mandatory":true,"title":"Routing policy configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Bigtable app profile","desc":"Examine a Cloud Bigtable app profile — the named configuration that controls how client traffic is routed to clusters and how reads behave. Query its `routingPolicy` (single-cluster vs. multi-cluster routing), `description`, and `etag`. App profiles are selected by the `name` field as it appears in the Bigtable instance.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigtableService.backup":{"id":"gcp.project.bigtableService.backup","name":"gcp.project.bigtableService.backup","fields":{"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionInfo":{"name":"encryptionInfo","type":"\n","is_mandatory":true,"title":"Encryption information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endTime":{"name":"endTime","type":"\t","is_mandatory":true,"title":"End time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Expiration time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sizeBytes":{"name":"sizeBytes","type":"\u0005","is_mandatory":true,"title":"Size of the backup in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceTable":{"name":"sourceTable","type":"\u0007","is_mandatory":true,"title":"Source table of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"startTime":{"name":"startTime","type":"\t","is_mandatory":true,"title":"Start time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Bigtable backup","desc":"Examine a Cloud Bigtable backup created from a source table. Query its state, source table, expiration time, start and end times, size in bytes, and encryption information. Backups are stored in a specific cluster and expire automatically at `expireTime`.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigtableService.cluster":{"id":"gcp.project.bigtableService.cluster","name":"gcp.project.bigtableService.cluster","fields":{"autoscalingConfig":{"name":"autoscalingConfig","type":"\n","is_mandatory":true,"title":"Autoscaling configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultStorageType":{"name":"defaultStorageType","type":"\u0007","is_mandatory":true,"title":"Default storage type (SSD or HDD)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionConfig":{"name":"encryptionConfig","type":"\n","is_mandatory":true,"title":"Encryption configuration (CMEK)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used for cluster encryption (null when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location of the cluster (zone)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeScalingFactor":{"name":"nodeScalingFactor","type":"\u0007","is_mandatory":true,"title":"Node scaling factor","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serveNodes":{"name":"serveNodes","type":"\u0005","is_mandatory":true,"title":"Number of nodes in the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Bigtable cluster","desc":"Examine a Cloud Bigtable cluster — the zonal compute and storage unit within a Bigtable instance. Query its location (zone), state, `serveNodes`, default storage type (`SSD` or `HDD`), encryption configuration, and node scaling factor. The `kmsKey` field resolves to the customer-managed KMS key when CMEK is enabled.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigtableService.instance":{"id":"gcp.project.bigtableService.instance","name":"gcp.project.bigtableService.instance","fields":{"appProfiles":{"name":"appProfiles","type":"\u0019\u001bgcp.project.bigtableService.appProfile","title":"List of app profiles in this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backups":{"name":"backups","type":"\u0019\u001bgcp.project.bigtableService.backup","title":"List of backups across all clusters in this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusters":{"name":"clusters","type":"\u0019\u001bgcp.project.bigtableService.cluster","title":"List of clusters in this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings for the Bigtable instance","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceType":{"name":"instanceType","type":"\u0007","is_mandatory":true,"title":"Instance type (PRODUCTION or DEVELOPMENT)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tables":{"name":"tables","type":"\u0019\u001bgcp.project.bigtableService.table","title":"List of tables in this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Bigtable instance","desc":"Examine a Cloud Bigtable instance — the top-level container for clusters, tables, and app profiles. Query its type (`PRODUCTION` or `DEVELOPMENT`), state, and labels. Drill into `clusters` for storage type and CMEK encryption configuration, `tables` for column-family and deletion-protection settings, `appProfiles` for routing policy audits, `backups` for retention review, and `iamPolicy` for access control.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.bigtableService.table":{"id":"gcp.project.bigtableService.table","name":"gcp.project.bigtableService.table","fields":{"automatedBackupPolicy":{"name":"automatedBackupPolicy","type":"\n","is_mandatory":true,"title":"Automated backup policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"changeStreamConfig":{"name":"changeStreamConfig","type":"\n","is_mandatory":true,"title":"Change stream configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"columnFamilies":{"name":"columnFamilies","type":"\n","is_mandatory":true,"title":"Column families and their configurations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deletionProtection":{"name":"deletionProtection","type":"\u0004","is_mandatory":true,"title":"Whether deletion protection is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"granularity":{"name":"granularity","type":"\u0007","is_mandatory":true,"title":"Timestamp granularity","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the table","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tieredStorageConfig":{"name":"tieredStorageConfig","type":"\n","is_mandatory":true,"title":"Tiered storage configuration controlling movement of data between SSD and HDD tiers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Bigtable table","desc":"Examine a Cloud Bigtable table within an instance. Query its column families and their garbage-collection configurations, timestamp granularity, deletion protection status, automated backup policy, and change stream configuration. `tieredStorageConfig` controls data movement between SSD and HDD storage tiers.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.binaryAuthorizationControl":{"id":"gcp.project.binaryAuthorizationControl","name":"gcp.project.binaryAuthorizationControl","fields":{"admissionRule":{"name":"admissionRule","type":"\u001bgcp.project.binaryAuthorizationControl.admissionRule","title":"Google Cloud (GCP) Binary Authorization admission rule","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"attestor":{"name":"attestor","type":"\u001bgcp.project.binaryAuthorizationControl.attestor","title":"Google Cloud (GCP) Binary Authorization attestor","desc":"Examine a Binary Authorization attestor trusted to verify container image signatures. Covers the backing Grafeas Attestation Authority note, the set of trusted public keys (PGP or PKIX) whose signatures satisfy attestation requirements, the delegation service account email used to query Container Analysis, and the last-updated timestamp. Audits look for attestors with no trusted keys (which reject all attestations) or keys using weak or unspecified signature algorithms.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"attestors":{"name":"attestors","type":"\u0019\u001bgcp.project.binaryAuthorizationControl.attestor","title":"List of attestors","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"policy":{"name":"policy","type":"\u001bgcp.project.binaryAuthorizationControl.policy","is_mandatory":true,"title":"The policy for container image binary authorization","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Binary Authorization","desc":"Use this resource as the entry point for Binary Authorization in the project. It hosts the project's deployment `policy` — covering default and per-cluster admission rules, allowlist patterns, and global policy evaluation mode — and the list of trusted `attestors` whose signatures validate container images before deployment.","private":true,"min_provider_version":"11.0.15","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.binaryAuthorizationControl.admissionRule":{"id":"gcp.project.binaryAuthorizationControl.admissionRule","name":"gcp.project.binaryAuthorizationControl.admissionRule","fields":{"enforcementMode":{"name":"enforcementMode","type":"\u0007","is_mandatory":true,"title":"The action when a pod creation is denied by the admission rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"evaluationMode":{"name":"evaluationMode","type":"\u0007","is_mandatory":true,"title":"How this admission rule will be evaluated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"requireAttestationsBy":{"name":"requireAttestationsBy","type":"\u0019\u0007","is_mandatory":true,"title":"The resource names of the attestors that must attest to a container image","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Binary Authorization admission rule","private":true,"min_provider_version":"11.0.15","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.binaryAuthorizationControl.attestor":{"id":"gcp.project.binaryAuthorizationControl.attestor","name":"gcp.project.binaryAuthorizationControl.attestor","fields":{"delegationServiceAccountEmail":{"name":"delegationServiceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Output-only service account email this attestor uses to query Container Analysis","desc":"Administrators must grant it `containeranalysis.notes.occurrences.viewer` on the backing note.","min_provider_version":"13.13.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"noteReference":{"name":"noteReference","type":"\u0007","is_mandatory":true,"title":"Resource name of the Grafeas Attestation.Authority Note backing this attestor (format: `projects/*/notes/*`)","min_provider_version":"13.13.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicKey":{"name":"publicKey","type":"\u001bgcp.project.binaryAuthorizationControl.attestor.publicKey","title":"Google Cloud (GCP) Binary Authorization attestor public key","desc":"Examine a public key trusted to verify signed attestations for the parent attestor. The discriminator is `type`: `pgp` indicates an ASCII-armored OpenPGP public key (`asciiArmoredPgpPublicKey`); `pkix` indicates a PEM-encoded PKIX `SubjectPublicKeyInfo` (`pkixPublicKeyPem`) with a `pkixSignatureAlgorithm` constraining the signature scheme. Audits look for keys with weak algorithms (`RSA_SIGN_PKCS1_2048_SHA256` and friends), missing signature algorithms (`SIGNATURE_ALGORITHM_UNSPECIFIED`), or PGP keys where PKIX would be stronger.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"publicKeys":{"name":"publicKeys","type":"\u0019\u001bgcp.project.binaryAuthorizationControl.attestor.publicKey","is_mandatory":true,"title":"Public keys that verify attestations signed by this attestor. An empty list means the attestor rejects every attestation.","min_provider_version":"13.13.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userOwnedGrafeasNote":{"name":"userOwnedGrafeasNote","type":"\n","is_mandatory":true,"title":"Raw user-owned Grafeas note dict","desc":"Deprecated in favor of `noteReference`, `publicKeys`, and `delegationServiceAccountEmail`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"}},"title":"Google Cloud (GCP) Binary Authorization attestor","desc":"Examine a Binary Authorization attestor trusted to verify container image signatures. Covers the backing Grafeas Attestation Authority note, the set of trusted public keys (PGP or PKIX) whose signatures satisfy attestation requirements, the delegation service account email used to query Container Analysis, and the last-updated timestamp. Audits look for attestors with no trusted keys (which reject all attestations) or keys using weak or unspecified signature algorithms.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.binaryAuthorizationControl.attestor.publicKey":{"id":"gcp.project.binaryAuthorizationControl.attestor.publicKey","name":"gcp.project.binaryAuthorizationControl.attestor.publicKey","fields":{"asciiArmoredPgpPublicKey":{"name":"asciiArmoredPgpPublicKey","type":"\u0007","is_mandatory":true,"title":"For `pgp` keys: ASCII-armored PGP public key block","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Optional descriptive comment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Public key ID","desc":"Signatures sent to BinAuthz must include this exact ID. For PGP keys it equals the OpenPGP V4 fingerprint; for PKIX keys it is user-specified.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pkixPublicKeyPem":{"name":"pkixPublicKeyPem","type":"\u0007","is_mandatory":true,"title":"For `pkix` keys: PEM-encoded `SubjectPublicKeyInfo` (RFC 7468 §13)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pkixSignatureAlgorithm":{"name":"pkixSignatureAlgorithm","type":"\u0007","is_mandatory":true,"title":"For `pkix` keys: signature algorithm (e.g., `RSA_PSS_2048_SHA256`, `ECDSA_P256_SHA256`, `SIGNATURE_ALGORITHM_UNSPECIFIED`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Discriminator: `pgp` (ASCII-armored OpenPGP) or `pkix` (PEM-encoded `SubjectPublicKeyInfo`). Empty when no key material is set.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Binary Authorization attestor public key","desc":"Examine a public key trusted to verify signed attestations for the parent attestor. The discriminator is `type`: `pgp` indicates an ASCII-armored OpenPGP public key (`asciiArmoredPgpPublicKey`); `pkix` indicates a PEM-encoded PKIX `SubjectPublicKeyInfo` (`pkixPublicKeyPem`) with a `pkixSignatureAlgorithm` constraining the signature scheme. Audits look for keys with weak algorithms (`RSA_SIGN_PKCS1_2048_SHA256` and friends), missing signature algorithms (`SIGNATURE_ALGORITHM_UNSPECIFIED`), or PGP keys where PKIX would be stronger.","private":true,"min_provider_version":"13.13.4","defaults":"id pkixSignatureAlgorithm","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.binaryAuthorizationControl.policy":{"id":"gcp.project.binaryAuthorizationControl.policy","name":"gcp.project.binaryAuthorizationControl.policy","fields":{"admissionWhitelistPatterns":{"name":"admissionWhitelistPatterns","type":"\u0019\u0007","is_mandatory":true,"title":"Admission policy allowlisting","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterAdmissionRules":{"name":"clusterAdmissionRules","type":"\u001a\u0007\u001bgcp.project.binaryAuthorizationControl.admissionRule","is_mandatory":true,"title":"Per-cluster admission rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultAdmissionRule":{"name":"defaultAdmissionRule","type":"\u001bgcp.project.binaryAuthorizationControl.admissionRule","is_mandatory":true,"title":"Default admission rule for a cluster without a per-cluster, per-kubernetes-service-account, or per-istio-service-identity admission rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"globalPolicyEvaluationMode":{"name":"globalPolicyEvaluationMode","type":"\u0007","is_mandatory":true,"title":"Controls the evaluation of a Google-maintained global admission policy for common system-level images","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"istioServiceIdentityAdmissionRules":{"name":"istioServiceIdentityAdmissionRules","type":"\u001a\u0007\u001bgcp.project.binaryAuthorizationControl.admissionRule","is_mandatory":true,"title":"Per-istio-service-identity admission rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kubernetesNamespaceAdmissionRules":{"name":"kubernetesNamespaceAdmissionRules","type":"\u001a\u0007\u001bgcp.project.binaryAuthorizationControl.admissionRule","is_mandatory":true,"title":"Per-kubernetes-namespace admission rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kubernetesServiceAccountAdmissionRules":{"name":"kubernetesServiceAccountAdmissionRules","type":"\u001a\u0007\u001bgcp.project.binaryAuthorizationControl.admissionRule","is_mandatory":true,"title":"Per-kubernetes-service-account admission rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"The resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time when the policy was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Binary Authorization policy","desc":"Examine the Binary Authorization policy that controls which container images may be deployed in the project. Covers the default admission rule (evaluation mode and enforcement mode), per-cluster admission rules, per-Kubernetes-namespace and per-service-account rules, per-Istio-service-identity rules, admission allowlist patterns, and whether a Google-maintained global policy is also evaluated.","private":true,"min_provider_version":"11.0.15","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateAuthorityService":{"id":"gcp.project.certificateAuthorityService","name":"gcp.project.certificateAuthorityService","fields":{"caPool":{"name":"caPool","type":"\u001bgcp.project.certificateAuthorityService.caPool","title":"Google Cloud (GCP) Certificate Authority Service CA pool","desc":"Examine a CA pool within the Private CA Service — a logical grouping of certificate authorities that share an issuance policy and publishing options. Query the pool `tier` (`ENTERPRISE` for full-featured or `DEVOPS` for high-volume issuance), `issuancePolicy` (constraints on what the CAs may sign), `publishingOptions` (CRL/OCSP URLs), and labels. Drill into `certificateAuthorities` and `certificates` to review CA states and issued certificate details.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"caPools":{"name":"caPools","type":"\u0019\u001bgcp.project.certificateAuthorityService.caPool","title":"CA Pools in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificate":{"name":"certificate","type":"\u001bgcp.project.certificateAuthorityService.certificate","title":"Google Cloud (GCP) Certificate Authority Service certificate","desc":"Examine a certificate issued by the Private CA Service within a CA pool. Query the `subjectDescription` (common name, SAN, validity period), `certDescription` (key usage, extended key usage, subject key identifier), PEM-encoded certificate and chain, and revocation details. `issuerCertificateAuthority` identifies which CA within the pool signed this certificate.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"certificateAuthority":{"name":"certificateAuthority","type":"\u001bgcp.project.certificateAuthorityService.certificateAuthority","title":"Google Cloud (GCP) Certificate Authority","desc":"Examine a certificate authority managed by the Private CA Service. Query its `type` (`SELF_SIGNED` for root CAs or `SUBORDINATE` for intermediate CAs), `state` (`ENABLED`, `DISABLED`, `STAGED`, `AWAITING_USER_ACTIVATION`, `DELETION_REQUESTED`), key specification, certificate configuration (subject, subject alternative names), certificate lifetime, PEM-encoded CA certificate chains, GCS bucket for published CRL and CA certs, and access URLs. `expireTime` is when the CA certificate itself expires.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Authority Service","desc":"Use this resource as the entry point for the Private CA Service in the project. It hosts the `caPools` and, through them, the certificate authorities and issued certificates — exposing tier, issuance policy, and publishing options. This models private CA infrastructure, distinct from the load-balancer-facing certs in `certificateManager`.","private":true,"min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateAuthorityService.caPool":{"id":"gcp.project.certificateAuthorityService.caPool","name":"gcp.project.certificateAuthorityService.caPool","fields":{"certificateAuthorities":{"name":"certificateAuthorities","type":"\u0019\u001bgcp.project.certificateAuthorityService.certificateAuthority","title":"Certificate authorities in this pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificates":{"name":"certificates","type":"\u0019\u001bgcp.project.certificateAuthorityService.certificate","title":"Certificates in this pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"issuancePolicy":{"name":"issuancePolicy","type":"\n","is_mandatory":true,"title":"Issuance policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key that encrypts the Subject, Subject Alternative Names, and PEM-encoded certificate of issued certificates at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"GCP region or multi-region the resource is hosted in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"CA pool name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publishCaCert":{"name":"publishCaCert","type":"\u0004","is_mandatory":true,"title":"Whether each CA's certificate is published and referenced in the Authority Information Access X.509 extension of issued certificates","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publishCrl":{"name":"publishCrl","type":"\u0004","is_mandatory":true,"title":"Whether each CA's certificate revocation list is published and referenced in the CRL Distribution Points X.509 extension of issued certificates","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publishingOptions":{"name":"publishingOptions","type":"\n","is_mandatory":true,"title":"Publishing options","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tier":{"name":"tier","type":"\u0007","is_mandatory":true,"title":"Tier (ENTERPRISE, DEVOPS)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Authority Service CA pool","desc":"Examine a CA pool within the Private CA Service — a logical grouping of certificate authorities that share an issuance policy and publishing options. Query the pool `tier` (`ENTERPRISE` for full-featured or `DEVOPS` for high-volume issuance), `issuancePolicy` (constraints on what the CAs may sign), `publishingOptions` (CRL/OCSP URLs), and labels. Drill into `certificateAuthorities` and `certificates` to review CA states and issued certificate details.","private":true,"min_provider_version":"11.5.1","defaults":"name tier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateAuthorityService.certificate":{"id":"gcp.project.certificateAuthorityService.certificate","name":"gcp.project.certificateAuthorityService.certificate","fields":{"caPool":{"name":"caPool","type":"\u0007","is_mandatory":true,"title":"CA pool name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certDescription":{"name":"certDescription","type":"\n","is_mandatory":true,"title":"Certificate description (config)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Time created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"issuerCertificateAuthority":{"name":"issuerCertificateAuthority","type":"\u0007","is_mandatory":true,"title":"Issuer certificate authority name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lifetime":{"name":"lifetime","type":"\u0007","is_mandatory":true,"title":"Certificate lifetime","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"GCP region or multi-region the resource is hosted in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Certificate name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pemCertificate":{"name":"pemCertificate","type":"\u0007","is_mandatory":true,"title":"PEM-encoded certificate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pemCertificateChain":{"name":"pemCertificateChain","type":"\u0019\u0007","is_mandatory":true,"title":"PEM-encoded certificate chain","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"requestedNotBeforeTime":{"name":"requestedNotBeforeTime","type":"\t","is_mandatory":true,"title":"Requester-pinned start of the validity period, before which the issued certificate is not valid","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"revocationDetails":{"name":"revocationDetails","type":"\n","is_mandatory":true,"title":"Revocation details","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subjectDescription":{"name":"subjectDescription","type":"\n","is_mandatory":true,"title":"Subject description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Time last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Authority Service certificate","desc":"Examine a certificate issued by the Private CA Service within a CA pool. Query the `subjectDescription` (common name, SAN, validity period), `certDescription` (key usage, extended key usage, subject key identifier), PEM-encoded certificate and chain, and revocation details. `issuerCertificateAuthority` identifies which CA within the pool signed this certificate.","private":true,"min_provider_version":"11.5.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateAuthorityService.certificateAuthority":{"id":"gcp.project.certificateAuthorityService.certificateAuthority","name":"gcp.project.certificateAuthorityService.certificateAuthority","fields":{"accessUrls":{"name":"accessUrls","type":"\n","is_mandatory":true,"title":"Access URLs (CA certificate and CRL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"caPool":{"name":"caPool","type":"\u0007","is_mandatory":true,"title":"CA pool name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"config":{"name":"config","type":"\n","is_mandatory":true,"title":"Certificate authority configuration (subject, subject alt name, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Time created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deletedAt":{"name":"deletedAt","type":"\t","is_mandatory":true,"title":"Time deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Expiry time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcsBucket":{"name":"gcsBucket","type":"\u0007","is_mandatory":true,"title":"GCS bucket for published CRL and CA certificates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keySpec":{"name":"keySpec","type":"\n","is_mandatory":true,"title":"Key specification","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lifetime":{"name":"lifetime","type":"\u0007","is_mandatory":true,"title":"Lifetime of certificates issued by this CA","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"GCP region or multi-region the resource is hosted in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Certificate authority name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pemCaCertificates":{"name":"pemCaCertificates","type":"\u0019\u0007","is_mandatory":true,"title":"PEM-encoded CA certificate chains","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state (ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, DELETION_REQUESTED, PURGED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subordinateConfig":{"name":"subordinateConfig","type":"\n","is_mandatory":true,"title":"Subordinate configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type (SELF_SIGNED, SUBORDINATE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Time last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Authority","desc":"Examine a certificate authority managed by the Private CA Service. Query its `type` (`SELF_SIGNED` for root CAs or `SUBORDINATE` for intermediate CAs), `state` (`ENABLED`, `DISABLED`, `STAGED`, `AWAITING_USER_ACTIVATION`, `DELETION_REQUESTED`), key specification, certificate configuration (subject, subject alternative names), certificate lifetime, PEM-encoded CA certificate chains, GCS bucket for published CRL and CA certs, and access URLs. `expireTime` is when the CA certificate itself expires.","private":true,"min_provider_version":"11.5.1","defaults":"name state type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateManagerService":{"id":"gcp.project.certificateManagerService","name":"gcp.project.certificateManagerService","fields":{"certificate":{"name":"certificate","type":"\u001bgcp.project.certificateManagerService.certificate","title":"Google Cloud (GCP) Certificate Manager certificate","desc":"Examine a single TLS certificate served by Google Cloud Load Balancing. `type` is the discriminator: `managed` certificates are issued by Google (or by the private CA referenced by `managedIssuanceConfig`) and surface `managedDomains`, `managedDnsAuthorizations`, `managedState`, `managedProvisioningIssue`, and `managedAuthorizationAttemptInfo`; `selfManaged` certificates are uploaded by the user and only the output-only `pemCertificate` is visible. `sanDnsnames` lists the SAN dnsName entries on the issued certificate (or the requested domains for a not-yet-provisioned managed cert), `expireTime` is the certificate's expiry, and `scope` controls where the cert can be served (`DEFAULT`, `EDGE_CACHE`, `ALL_REGIONS`). The audit hot spots are managed certs stuck in `PROVISIONING`/`FAILED`, near-expiry leaf certs, and certs with broad SAN coverage.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"certificateIssuanceConfig":{"name":"certificateIssuanceConfig","type":"\u001bgcp.project.certificateManagerService.certificateIssuanceConfig","title":"Google Cloud (GCP) Certificate Manager certificate issuance config","desc":"Examine an issuance config — the binding between Certificate Manager and a private CA pool that mints managed certificates. `certificateAuthorityConfig` names the CA pool and (if applicable) the workload service account used to authenticate to it. `lifetime` is the requested workload-cert validity, `rotationWindowPercentage` is the percentage of `lifetime` after which Certificate Manager begins renewing, and `keyAlgorithm` constrains the generated private key (`RSA_2048` or `ECDSA_P256`).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"certificateIssuanceConfigs":{"name":"certificateIssuanceConfigs","type":"\u0019\u001bgcp.project.certificateManagerService.certificateIssuanceConfig","title":"Issuance configurations backing private-CA-issued managed certificates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificateMap":{"name":"certificateMap","type":"\u001bgcp.project.certificateManagerService.certificateMap","title":"Google Cloud (GCP) Certificate Manager certificate map","desc":"Examine a certificate map — the host-to-certificate routing table attached to one or more Google Cloud Load Balancing target proxies. `gclbTargets` lists the target proxies (and per-IP/port serving configs) the map is bound to; an empty list means the map is provisioned but not yet routing traffic. Drill into `entries` for the per-hostname certificate assignments.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"certificateMapEntry":{"name":"certificateMapEntry","type":"\u001bgcp.project.certificateManagerService.certificateMapEntry","title":"Google Cloud (GCP) Certificate Manager certificate map entry","desc":"Examine a single host-to-certificate binding within a certificate map. Exactly one of `hostname` (a literal SNI hostname) or `matcher` (currently only `PRIMARY`, used as the default fallback) is set. `certificates` lists the resource names of up to four certificates assigned to this entry; load balancers pick the best match by signature algorithm. `state` is the serving state — `ACTIVE` once the entry is live, `PENDING` while propagating.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"certificateMaps":{"name":"certificateMaps","type":"\u0019\u001bgcp.project.certificateManagerService.certificateMap","title":"Certificate maps defined in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificates":{"name":"certificates","type":"\u0019\u001bgcp.project.certificateManagerService.certificate","title":"Certificates (Google-managed and self-managed) defined in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsAuthorization":{"name":"dnsAuthorization","type":"\u001bgcp.project.certificateManagerService.dnsAuthorization","title":"Google Cloud (GCP) Certificate Manager DNS authorization","desc":"Examine a DNS authorization used to prove domain ownership when issuing Google-managed certificates. Each authorization covers a single `domain` and its wildcard. `dnsResourceRecord` is the CNAME the operator must publish under the domain's DNS zone — once that record resolves, Google can mint managed certs for the domain. `type` distinguishes `FIXED_RECORD` (a stable per-authorization CNAME target) from `PER_PROJECT_RECORD` (a shared per-project CNAME target, available only in regional locations).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dnsAuthorizations":{"name":"dnsAuthorizations","type":"\u0019\u001bgcp.project.certificateManagerService.dnsAuthorization","title":"DNS authorizations used to issue Google-managed certificates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trustConfig":{"name":"trustConfig","type":"\u001bgcp.project.certificateManagerService.trustConfig","title":"Google Cloud (GCP) Certificate Manager trust config","desc":"Examine a trust config — the mTLS trust anchor set used by Google Cloud Load Balancing to authenticate client certificates. `trustStores` lists the trust stores attached to the config; each store carries `trustAnchors` (root CAs) and `intermediateCas` (intermediate CAs) as PEM-encoded certificate bundles. Currently only one trust store per trust config is allowed, and trust configs are only consumed by load balancers (not by SPIFFE workload validation).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"trustConfigs":{"name":"trustConfigs","type":"\u0019\u001bgcp.project.certificateManagerService.trustConfig","title":"Trust configurations (mTLS trust anchors) defined in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Manager","desc":"Use this resource as the entry point for the Certificate Manager service in the project. It hosts the load-balancer-facing TLS certificate surface: `certificates` (Google-managed and self-managed leaf certs), `certificateMaps` and their `certificateMapEntries` (the host→cert routing attached to GCLB target proxies), `dnsAuthorizations` (the DNS challenge records used to issue managed certs), `certificateIssuanceConfigs` (private-CA-backed issuance settings), and `trustConfigs` (mTLS trust anchors). Certificate Manager is distinct from `certificateAuthority` — that resource models the Private CA Service, while this one models the front-door certs Google's load balancers serve.","private":true,"min_provider_version":"13.13.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateManagerService.certificate":{"id":"gcp.project.certificateManagerService.certificate","name":"gcp.project.certificateManagerService.certificate","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Time the certificate was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the certificate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Time the certificate expires","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"GCP location the certificate is hosted in (e.g., `global`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedAuthorizationAttemptInfo":{"name":"managedAuthorizationAttemptInfo","type":"\u0019\n","is_mandatory":true,"title":"For managed certs: per-domain authorization attempt info. Each entry is shaped {domain, state, failureReason, details}","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedDnsAuthorizations":{"name":"managedDnsAuthorizations","type":"\u0019\u001bgcp.project.certificateManagerService.dnsAuthorization","title":"For managed certs: DNS authorizations used to validate domain ownership","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedDomains":{"name":"managedDomains","type":"\u0019\u0007","is_mandatory":true,"title":"For managed certs: domains for which the cert is/was issued","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedIssuanceConfig":{"name":"managedIssuanceConfig","type":"\u001bgcp.project.certificateManagerService.certificateIssuanceConfig","title":"For managed certs: certificateIssuanceConfig that mints this cert (null for publicly signed Google-managed certs)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedProvisioningIssue":{"name":"managedProvisioningIssue","type":"\n","is_mandatory":true,"title":"For managed certs: details about issues that prevented provisioning. Shape: {reason, details}","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedState":{"name":"managedState","type":"\u0007","is_mandatory":true,"title":"For managed certs: provisioning state (STATE_UNSPECIFIED, PROVISIONING, FAILED, ACTIVE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short certificate name (the last segment of `resourcePath`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pemCertificate":{"name":"pemCertificate","type":"\u0007","is_mandatory":true,"title":"Output-only PEM-encoded certificate chain","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/certificates/{cert})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sanDnsnames":{"name":"sanDnsnames","type":"\u0019\u0007","is_mandatory":true,"title":"Subject Alternative Name dnsName entries on the issued cert (or requested domains for a not-yet-provisioned managed cert)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scope":{"name":"scope","type":"\u0007","is_mandatory":true,"title":"Where the certificate can be served (DEFAULT, EDGE_CACHE, ALL_REGIONS)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Discriminator for the certificate kind: `managed` (Google-managed or private-CA-issued) or `selfManaged` (user-uploaded)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the certificate was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Manager certificate","desc":"Examine a single TLS certificate served by Google Cloud Load Balancing. `type` is the discriminator: `managed` certificates are issued by Google (or by the private CA referenced by `managedIssuanceConfig`) and surface `managedDomains`, `managedDnsAuthorizations`, `managedState`, `managedProvisioningIssue`, and `managedAuthorizationAttemptInfo`; `selfManaged` certificates are uploaded by the user and only the output-only `pemCertificate` is visible. `sanDnsnames` lists the SAN dnsName entries on the issued certificate (or the requested domains for a not-yet-provisioned managed cert), `expireTime` is the certificate's expiry, and `scope` controls where the cert can be served (`DEFAULT`, `EDGE_CACHE`, `ALL_REGIONS`). The audit hot spots are managed certs stuck in `PROVISIONING`/`FAILED`, near-expiry leaf certs, and certs with broad SAN coverage.","private":true,"min_provider_version":"13.13.4","defaults":"name type managedState expireTime","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateManagerService.certificateIssuanceConfig":{"id":"gcp.project.certificateManagerService.certificateIssuanceConfig","name":"gcp.project.certificateManagerService.certificateIssuanceConfig","fields":{"certificateAuthorityConfig":{"name":"certificateAuthorityConfig","type":"\n","is_mandatory":true,"title":"CA backing this issuance config. Shape: {certificateAuthorityServiceConfig:{caPool}}","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Time the config was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the issuance config","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyAlgorithm":{"name":"keyAlgorithm","type":"\u0007","is_mandatory":true,"title":"Key algorithm for issued certificates (KEY_ALGORITHM_UNSPECIFIED, RSA_2048, ECDSA_P256)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lifetime":{"name":"lifetime","type":"\u0007","is_mandatory":true,"title":"Requested lifetime of certificates issued through this config (e.g., `2592000s`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"GCP location the issuance config is hosted in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short issuance config name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/certificateIssuanceConfigs/{config})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rotationWindowPercentage":{"name":"rotationWindowPercentage","type":"\u0005","is_mandatory":true,"title":"Percentage of `lifetime` elapsed before renewal begins (1–99)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the config was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Manager certificate issuance config","desc":"Examine an issuance config — the binding between Certificate Manager and a private CA pool that mints managed certificates. `certificateAuthorityConfig` names the CA pool and (if applicable) the workload service account used to authenticate to it. `lifetime` is the requested workload-cert validity, `rotationWindowPercentage` is the percentage of `lifetime` after which Certificate Manager begins renewing, and `keyAlgorithm` constrains the generated private key (`RSA_2048` or `ECDSA_P256`).","private":true,"min_provider_version":"13.13.4","defaults":"name keyAlgorithm","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateManagerService.certificateMap":{"id":"gcp.project.certificateManagerService.certificateMap","name":"gcp.project.certificateManagerService.certificateMap","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Time the map was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the map","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"entries":{"name":"entries","type":"\u0019\u001bgcp.project.certificateManagerService.certificateMapEntry","title":"Map entries (per-hostname certificate assignments)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gclbTargets":{"name":"gclbTargets","type":"\u0019\n","is_mandatory":true,"title":"Output-only list of GCLB target proxies this map is attached to","desc":"Each entry is shaped {targetHttpsProxy|targetSslProxy, ipConfigs:[{ipv4Address|ipv6Address, ports:[]}]}.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"GCP location the map is hosted in (typically `global`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short certificate map name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/certificateMaps/{map})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the map was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Manager certificate map","desc":"Examine a certificate map — the host-to-certificate routing table attached to one or more Google Cloud Load Balancing target proxies. `gclbTargets` lists the target proxies (and per-IP/port serving configs) the map is bound to; an empty list means the map is provisioned but not yet routing traffic. Drill into `entries` for the per-hostname certificate assignments.","private":true,"min_provider_version":"13.13.4","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateManagerService.certificateMapEntry":{"id":"gcp.project.certificateManagerService.certificateMapEntry","name":"gcp.project.certificateManagerService.certificateMapEntry","fields":{"certificateMap":{"name":"certificateMap","type":"\u0007","is_mandatory":true,"title":"Short name of the parent certificate map","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificates":{"name":"certificates","type":"\u0019\u001bgcp.project.certificateManagerService.certificate","title":"Certificates assigned to this entry (up to four; load balancer picks the best match by signature algorithm)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Time the entry was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the entry","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hostname":{"name":"hostname","type":"\u0007","is_mandatory":true,"title":"SNI hostname this entry matches (empty if `matcher` is set instead)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"GCP location the entry is hosted in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"matcher":{"name":"matcher","type":"\u0007","is_mandatory":true,"title":"Match-mode discriminator (currently only `PRIMARY` for the default fallback entry; empty when `hostname` is set)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short entry name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/certificateMaps/{map}/certificateMapEntries/{entry})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Serving state (SERVING_STATE_UNSPECIFIED, ACTIVE, PENDING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the entry was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Manager certificate map entry","desc":"Examine a single host-to-certificate binding within a certificate map. Exactly one of `hostname` (a literal SNI hostname) or `matcher` (currently only `PRIMARY`, used as the default fallback) is set. `certificates` lists the resource names of up to four certificates assigned to this entry; load balancers pick the best match by signature algorithm. `state` is the serving state — `ACTIVE` once the entry is live, `PENDING` while propagating.","private":true,"min_provider_version":"13.13.4","defaults":"name hostname matcher state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateManagerService.dnsAuthorization":{"id":"gcp.project.certificateManagerService.dnsAuthorization","name":"gcp.project.certificateManagerService.dnsAuthorization","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Time the authorization was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the authorization","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsResourceRecord":{"name":"dnsResourceRecord","type":"\n","is_mandatory":true,"title":"CNAME record the operator must publish to satisfy this authorization. Shape: {name, type, data}","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"domain":{"name":"domain","type":"\u0007","is_mandatory":true,"title":"Domain being authorized (covers `\u003cdomain\u003e` and `*.\u003cdomain\u003e`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"GCP location the authorization is hosted in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short DNS authorization name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/dnsAuthorizations/{auth})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Authorization type (TYPE_UNSPECIFIED, FIXED_RECORD, PER_PROJECT_RECORD)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the authorization was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Manager DNS authorization","desc":"Examine a DNS authorization used to prove domain ownership when issuing Google-managed certificates. Each authorization covers a single `domain` and its wildcard. `dnsResourceRecord` is the CNAME the operator must publish under the domain's DNS zone — once that record resolves, Google can mint managed certs for the domain. `type` distinguishes `FIXED_RECORD` (a stable per-authorization CNAME target) from `PER_PROJECT_RECORD` (a shared per-project CNAME target, available only in regional locations).","private":true,"min_provider_version":"13.13.4","defaults":"name domain type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.certificateManagerService.trustConfig":{"id":"gcp.project.certificateManagerService.trustConfig","name":"gcp.project.certificateManagerService.trustConfig","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Time the config was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the trust config","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Optimistic-concurrency etag","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"GCP location the trust config is hosted in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short trust config name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/trustConfigs/{config})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trustStores":{"name":"trustStores","type":"\u0019\n","is_mandatory":true,"title":"Attached trust stores. Each entry is shaped {trustAnchors:[{pemCertificate}], intermediateCas:[{pemCertificate}]}","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the config was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Certificate Manager trust config","desc":"Examine a trust config — the mTLS trust anchor set used by Google Cloud Load Balancing to authenticate client certificates. `trustStores` lists the trust stores attached to the config; each store carries `trustAnchors` (root CAs) and `intermediateCas` (intermediate CAs) as PEM-encoded certificate bundles. Currently only one trust store per trust config is allowed, and trust configs are only consumed by load balancers (not by SPIFFE workload validation).","private":true,"min_provider_version":"13.13.4","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudBuildService":{"id":"gcp.project.cloudBuildService","name":"gcp.project.cloudBuildService","fields":{"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trigger":{"name":"trigger","type":"\u001bgcp.project.cloudBuildService.trigger","title":"Google Cloud (GCP) Cloud Build trigger","desc":"Examine a Cloud Build trigger and its event configuration. Inspect `disabled` to verify whether the trigger is active; `serviceAccount` (and `iamServiceAccount`) for the identity builds run under; `substitutions` for variable overrides passed to the build; and the event source — `github`, `pubsubConfig`, `webhookConfig`, or `repositoryEventConfig` — that fires the trigger.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"triggers":{"name":"triggers","type":"\u0019\u001bgcp.project.cloudBuildService.trigger","title":"List of Cloud Build triggers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workerPool":{"name":"workerPool","type":"\u001bgcp.project.cloudBuildService.workerPool","title":"Google Cloud (GCP) Cloud Build worker pool","desc":"Examine a Cloud Build private worker pool. Inspect `workerConfig` for the machine type and disk size of individual build workers; `networkConfig` for the peered VPC network and egress option that isolate builds from the public internet; and `state` for the pool's operational lifecycle (CREATING, RUNNING, DELETING, UPDATING).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"workerPools":{"name":"workerPools","type":"\u0019\u001bgcp.project.cloudBuildService.workerPool","title":"List of Cloud Build worker pools","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Build","desc":"Use this resource as the entry point for Cloud Build in the project. It hosts the build `triggers` (with their source repositories and build configuration) and the private `workerPools` that builds run on.","private":true,"min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudBuildService.trigger":{"id":"gcp.project.cloudBuildService.trigger","name":"gcp.project.cloudBuildService.trigger","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the trigger is disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filename":{"name":"filename","type":"\u0007","is_mandatory":true,"title":"Path to the build configuration file (e.g. cloudbuild.yaml)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"CEL filter expression for the trigger","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"github":{"name":"github","type":"\u001bgcp.project.cloudBuildService.trigger.githubEventsConfig","is_mandatory":true,"title":"GitHub event configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"githubEventsConfig":{"name":"githubEventsConfig","type":"\u001bgcp.project.cloudBuildService.trigger.githubEventsConfig","title":"Google Cloud (GCP) Cloud Build trigger GitHub events configuration","desc":"Examine the GitHub event configuration for a Cloud Build trigger. Inspect `owner` and `name` to identify the GitHub repository; `push` for the branch or tag regex that fires on push events; and `pullRequest` for the branch filter and comment-control setting that govern pull-request builds.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"iamServiceAccount":{"name":"iamServiceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"IAM service account used for builds from this trigger","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsubConfig":{"name":"pubsubConfig","type":"\u001bgcp.project.cloudBuildService.trigger.pubsubConfig","is_mandatory":true,"title":"Pub/Sub event configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"repositoryEventConfig":{"name":"repositoryEventConfig","type":"\u001bgcp.project.cloudBuildService.trigger.repositoryEventConfig","is_mandatory":true,"title":"Repository event configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u0007","is_mandatory":true,"title":"Service account resource name used for builds from this trigger","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"substitutions":{"name":"substitutions","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Variable substitutions (key-value pairs)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Tags for organizing triggers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"triggerId":{"name":"triggerId","type":"\u0007","is_mandatory":true,"title":"Trigger ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"webhookConfig":{"name":"webhookConfig","type":"\u001bgcp.project.cloudBuildService.trigger.webhookConfig","is_mandatory":true,"title":"Webhook event configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Build trigger","desc":"Examine a Cloud Build trigger and its event configuration. Inspect `disabled` to verify whether the trigger is active; `serviceAccount` (and `iamServiceAccount`) for the identity builds run under; `substitutions` for variable overrides passed to the build; and the event source — `github`, `pubsubConfig`, `webhookConfig`, or `repositoryEventConfig` — that fires the trigger.","private":true,"min_provider_version":"13.7.2","defaults":"name description disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudBuildService.trigger.githubEventsConfig":{"id":"gcp.project.cloudBuildService.trigger.githubEventsConfig","name":"gcp.project.cloudBuildService.trigger.githubEventsConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"installationId":{"name":"installationId","type":"\u0005","is_mandatory":true,"title":"GitHub App installation ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"GitHub repository name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"GitHub repository owner","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pullRequest":{"name":"pullRequest","type":"\n","is_mandatory":true,"title":"Pull request event filter configuration (branch regex, comment control)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"push":{"name":"push","type":"\n","is_mandatory":true,"title":"Push event filter configuration (branch/tag regex)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Build trigger GitHub events configuration","desc":"Examine the GitHub event configuration for a Cloud Build trigger. Inspect `owner` and `name` to identify the GitHub repository; `push` for the branch or tag regex that fires on push events; and `pullRequest` for the branch filter and comment-control setting that govern pull-request builds.","private":true,"min_provider_version":"13.7.2","defaults":"owner name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudBuildService.trigger.pubsubConfig":{"id":"gcp.project.cloudBuildService.trigger.pubsubConfig","name":"gcp.project.cloudBuildService.trigger.pubsubConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsubTopic":{"name":"pubsubTopic","type":"\u001bgcp.project.pubsubService.topic","title":"Pub/Sub topic resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"IAM service account used for Pub/Sub","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmail":{"name":"serviceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Service account email for Pub/Sub","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Pub/Sub config state (OK, TOPIC_DELETED, SUBSCRIPTION_DELETED, SUBSCRIPTION_MISCONFIGURED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subscription":{"name":"subscription","type":"\u0007","is_mandatory":true,"title":"Subscription name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"topic":{"name":"topic","type":"\u0007","is_mandatory":true,"title":"Pub/Sub topic name (projects/{project}/topics/{topic})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Build trigger Pub/Sub configuration","desc":"Examine the Pub/Sub event configuration for a Cloud Build trigger. Inspect `topic` (and `pubsubTopic`) for the Pub/Sub topic that fires the trigger; `serviceAccountEmail` for the identity used to create the subscription; and `state` for connectivity health (OK, TOPIC_DELETED, SUBSCRIPTION_DELETED, SUBSCRIPTION_MISCONFIGURED).","private":true,"min_provider_version":"13.7.2","defaults":"topic state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudBuildService.trigger.repositoryEventConfig":{"id":"gcp.project.cloudBuildService.trigger.repositoryEventConfig","name":"gcp.project.cloudBuildService.trigger.repositoryEventConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pullRequest":{"name":"pullRequest","type":"\n","is_mandatory":true,"title":"Pull request event filter configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"push":{"name":"push","type":"\n","is_mandatory":true,"title":"Push event filter configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"repository":{"name":"repository","type":"\u0007","is_mandatory":true,"title":"Repository resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"repositoryType":{"name":"repositoryType","type":"\u0007","is_mandatory":true,"title":"Repository type (GITHUB, GITHUB_ENTERPRISE, GITLAB_ENTERPRISE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Build trigger repository event configuration","desc":"Examine the repository event configuration for a Cloud Build trigger connected to a 2nd-gen Cloud Build repository. Inspect `repository` for the connected repository resource name; `repositoryType` for the hosting platform (GITHUB, GITHUB_ENTERPRISE, GITLAB_ENTERPRISE); `push` for the branch or tag filter; and `pullRequest` for the pull-request branch filter and comment-control policy.","private":true,"min_provider_version":"13.7.2","defaults":"repository repositoryType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudBuildService.trigger.webhookConfig":{"id":"gcp.project.cloudBuildService.trigger.webhookConfig","name":"gcp.project.cloudBuildService.trigger.webhookConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Webhook state (OK, SECRET_DELETED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Build trigger webhook configuration","desc":"Examine the webhook event configuration for a Cloud Build trigger. Inspect `state` for the health of the webhook secret binding — OK indicates the Secret Manager secret is accessible; SECRET_DELETED indicates the secret has been removed and the trigger can no longer authenticate incoming webhook requests.","private":true,"min_provider_version":"13.7.2","defaults":"state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudBuildService.workerPool":{"id":"gcp.project.cloudBuildService.workerPool","name":"gcp.project.cloudBuildService.workerPool","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined annotations (key-value pairs)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Human-readable display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkConfig":{"name":"networkConfig","type":"\u001bgcp.project.cloudBuildService.workerPool.networkConfig","is_mandatory":true,"title":"Network configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Worker pool state (CREATING, RUNNING, DELETING, UPDATING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workerConfig":{"name":"workerConfig","type":"\u001bgcp.project.cloudBuildService.workerPool.workerConfig","is_mandatory":true,"title":"Worker machine configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Build worker pool","desc":"Examine a Cloud Build private worker pool. Inspect `workerConfig` for the machine type and disk size of individual build workers; `networkConfig` for the peered VPC network and egress option that isolate builds from the public internet; and `state` for the pool's operational lifecycle (CREATING, RUNNING, DELETING, UPDATING).","private":true,"min_provider_version":"13.7.2","defaults":"name displayName state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudBuildService.workerPool.networkConfig":{"id":"gcp.project.cloudBuildService.workerPool.networkConfig","name":"gcp.project.cloudBuildService.workerPool.networkConfig","fields":{"egressOption":{"name":"egressOption","type":"\u0007","is_mandatory":true,"title":"Egress option (NO_PUBLIC_EGRESS, PUBLIC_EGRESS)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"peeredNetwork":{"name":"peeredNetwork","type":"\u0007","is_mandatory":true,"title":"Peered VPC network name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"peeredNetworkIpRange":{"name":"peeredNetworkIpRange","type":"\u0007","is_mandatory":true,"title":"Peered network IP range","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Build worker pool network configuration","desc":"Examine the network configuration for a Cloud Build private worker pool. Inspect `peeredNetwork` for the VPC network that workers are peered into; `peeredNetworkIpRange` for the secondary IP range used for workers; and `egressOption` to verify whether outbound internet access is blocked (NO_PUBLIC_EGRESS) or permitted (PUBLIC_EGRESS) for builds.","private":true,"min_provider_version":"13.7.2","defaults":"egressOption","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudBuildService.workerPool.workerConfig":{"id":"gcp.project.cloudBuildService.workerPool.workerConfig","name":"gcp.project.cloudBuildService.workerPool.workerConfig","fields":{"diskSizeGb":{"name":"diskSizeGb","type":"\u0005","is_mandatory":true,"title":"Disk size in GB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableNestedVirtualization":{"name":"enableNestedVirtualization","type":"\u0004","is_mandatory":true,"title":"Whether nested virtualization is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineType":{"name":"machineType","type":"\u0007","is_mandatory":true,"title":"Machine type (e.g. e2-standard-2)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Build worker pool worker configuration","desc":"Examine the machine configuration for workers in a Cloud Build private worker pool. Inspect `machineType` for the Compute Engine machine family (e.g. e2-standard-2); `diskSizeGb` for the boot disk size; and `enableNestedVirtualization` to verify whether nested VM support is active for builds that require it.","private":true,"min_provider_version":"13.7.2","defaults":"machineType diskSizeGb","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudDeployService":{"id":"gcp.project.cloudDeployService","name":"gcp.project.cloudDeployService","fields":{"deliveryPipeline":{"name":"deliveryPipeline","type":"\u001bgcp.project.cloudDeployService.deliveryPipeline","title":"Google Cloud (GCP) Cloud Deploy delivery pipeline","desc":"Examine a Cloud Deploy delivery pipeline: its serial pipeline stage configuration, whether the pipeline is suspended, pipeline conditions (readiness and pipeline readiness state), resource labels, annotations, and the releases created from this pipeline.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"deliveryPipelines":{"name":"deliveryPipelines","type":"\u0019\u001bgcp.project.cloudDeployService.deliveryPipeline","title":"Delivery pipelines","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"release":{"name":"release","type":"\u001bgcp.project.cloudDeployService.release","title":"Google Cloud (GCP) Cloud Deploy release","desc":"Examine a Cloud Deploy release: its Skaffold configuration URI and version, overall render state (SUCCEEDED, FAILED, IN_PROGRESS), whether the release was abandoned, render start and end timestamps, pipeline and release readiness conditions, resource labels, and annotations.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"target":{"name":"target","type":"\u001bgcp.project.cloudDeployService.target","title":"Google Cloud (GCP) Cloud Deploy target","desc":"Examine a Cloud Deploy deployment target: whether approval is required before a release is promoted to this target, the target type (GKE cluster, Cloud Run service, or custom target), execution configuration, resource labels, and annotations.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targets":{"name":"targets","type":"\u0019\u001bgcp.project.cloudDeployService.target","title":"Targets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Deploy","desc":"Use this resource as the entry point for Cloud Deploy in the project. It hosts the `deliveryPipelines` (the promotion sequences for releases) and the `targets` they deploy to — exposing execution configuration and per-target settings for continuous-delivery audits.","private":true,"min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudDeployService.deliveryPipeline":{"id":"gcp.project.cloudDeployService.deliveryPipeline","name":"gcp.project.cloudDeployService.deliveryPipeline","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource annotations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"condition":{"name":"condition","type":"\n","is_mandatory":true,"title":"Pipeline conditions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"releases":{"name":"releases","type":"\u0019\u001bgcp.project.cloudDeployService.release","title":"Releases created from this pipeline","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serialPipeline":{"name":"serialPipeline","type":"\n","is_mandatory":true,"title":"Serial pipeline configuration (stages)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"suspended":{"name":"suspended","type":"\u0004","is_mandatory":true,"title":"Whether the pipeline is suspended","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"User-assigned unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Deploy delivery pipeline","desc":"Examine a Cloud Deploy delivery pipeline: its serial pipeline stage configuration, whether the pipeline is suspended, pipeline conditions (readiness and pipeline readiness state), resource labels, annotations, and the releases created from this pipeline.","private":true,"min_provider_version":"11.6.6","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudDeployService.release":{"id":"gcp.project.cloudDeployService.release","name":"gcp.project.cloudDeployService.release","fields":{"abandoned":{"name":"abandoned","type":"\u0004","is_mandatory":true,"title":"Whether the release was abandoned","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource annotations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"condition":{"name":"condition","type":"\n","is_mandatory":true,"title":"Condition (pipeline readiness, release readiness, Skaffold support state)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"renderEndTime":{"name":"renderEndTime","type":"\t","is_mandatory":true,"title":"Render end time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"renderStartTime":{"name":"renderStartTime","type":"\t","is_mandatory":true,"title":"Render start time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"renderState":{"name":"renderState","type":"\u0007","is_mandatory":true,"title":"Render state (SUCCEEDED, FAILED, IN_PROGRESS)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"skaffoldConfigUri":{"name":"skaffoldConfigUri","type":"\u0007","is_mandatory":true,"title":"Skaffold config URI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"skaffoldVersion":{"name":"skaffoldVersion","type":"\u0007","is_mandatory":true,"title":"Skaffold version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Deploy release","desc":"Examine a Cloud Deploy release: its Skaffold configuration URI and version, overall render state (SUCCEEDED, FAILED, IN_PROGRESS), whether the release was abandoned, render start and end timestamps, pipeline and release readiness conditions, resource labels, and annotations.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudDeployService.target":{"id":"gcp.project.cloudDeployService.target","name":"gcp.project.cloudDeployService.target","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource annotations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customTarget":{"name":"customTarget","type":"\n","is_mandatory":true,"title":"Custom target type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"executionConfigs":{"name":"executionConfigs","type":"\u0019\n","is_mandatory":true,"title":"Execution configs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gke":{"name":"gke","type":"\n","is_mandatory":true,"title":"GKE cluster target","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"requireApproval":{"name":"requireApproval","type":"\u0004","is_mandatory":true,"title":"Whether approval is required for this target","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"run":{"name":"run","type":"\n","is_mandatory":true,"title":"Cloud Run target","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"User-assigned unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Deploy target","desc":"Examine a Cloud Deploy deployment target: whether approval is required before a release is promoted to this target, the target type (GKE cluster, Cloud Run service, or custom target), execution configuration, resource labels, and annotations.","private":true,"min_provider_version":"11.6.6","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudDomainsService":{"id":"gcp.project.cloudDomainsService","name":"gcp.project.cloudDomainsService","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the Cloud Domains API is enabled for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"registration":{"name":"registration","type":"\u001bgcp.project.cloudDomainsService.registration","title":"Google Cloud Domains registration","desc":"Examine a domain registered through Cloud Domains. Surfaces the `domainName`, lifecycle `state`, `expireTime`, and the configuration that matters for domain security: the `transferLockState` (protection against unauthorized transfers), the authoritative `nameServers` and which `dnsProvider` serves them, the DNSSEC `dnssecState` and signing `dsRecords`, the `renewalMethod`, the WHOIS `contactPrivacy` level, and any open `issues`. Selected by its full resource name, for example `projects/my-project/locations/global/registrations/example-com`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"registrations":{"name":"registrations","type":"\u0019\u001bgcp.project.cloudDomainsService.registration","title":"Domain registrations in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Domains","desc":"Use this resource as the entry point for Cloud Domains in the project. It hosts the `registrations` — the domain names registered through Cloud Domains — and `enabled` reports whether the Cloud Domains API is turned on for the project.","private":true,"min_provider_version":"13.18.1","defaults":"projectId","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudDomainsService.registration":{"id":"gcp.project.cloudDomainsService.registration","name":"gcp.project.cloudDomainsService.registration","fields":{"contactPrivacy":{"name":"contactPrivacy","type":"\u0007","is_mandatory":true,"title":"WHOIS contact privacy level","desc":"One of PUBLIC_CONTACT_DATA, PRIVATE_CONTACT_DATA, or REDACTED_CONTACT_DATA.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsProvider":{"name":"dnsProvider","type":"\u0007","is_mandatory":true,"title":"DNS provider serving the domain","desc":"Either `customDns` (the registrant's own name servers) or `googleDomainsDns` (name servers provisioned by Cloud Domains).","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnssecState":{"name":"dnssecState","type":"\u0007","is_mandatory":true,"title":"DNSSEC state of the domain","desc":"For Google-managed DNS, one of DS_RECORDS_PUBLISHED, DS_RECORDS_UNPUBLISHED, or DS_STATE_UNSPECIFIED. Empty when the domain uses custom DNS without DNSSEC.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"domainName":{"name":"domainName","type":"\u0007","is_mandatory":true,"title":"Registered domain name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"domainProperties":{"name":"domainProperties","type":"\u0019\u0007","is_mandatory":true,"title":"Properties of the registered domain (for example a TRANSFER_LOCKED hint)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dsRecords":{"name":"dsRecords","type":"\u0019\n","is_mandatory":true,"title":"DNSSEC delegation-signer records published for the domain","desc":"Each entry exposes `keyTag`, `algorithm`, `digestType`, and `digest`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"effectiveTransferLockState":{"name":"effectiveTransferLockState","type":"\u0007","is_mandatory":true,"title":"Transfer-lock state currently in effect at the registry","desc":"One of LOCKED or UNLOCKED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Time at which the registration expires","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Full resource name of the registration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"issues":{"name":"issues","type":"\u0019\u0007","is_mandatory":true,"title":"Open issues affecting the registration","desc":"May include CONTACT_SUPPORT, UNVERIFIED_EMAIL, or other registry-level problems that require attention.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location of the registration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nameServers":{"name":"nameServers","type":"\u0019\u0007","is_mandatory":true,"title":"Authoritative name servers for the domain","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"preferredRenewalMethod":{"name":"preferredRenewalMethod","type":"\u0007","is_mandatory":true,"title":"Renewal behavior the registrant prefers","desc":"One of AUTOMATIC_RENEWAL, MANUAL_RENEWAL, or RENEWAL_DISABLED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"renewalMethod":{"name":"renewalMethod","type":"\u0007","is_mandatory":true,"title":"Configured renewal behavior","desc":"One of AUTOMATIC_RENEWAL, MANUAL_RENEWAL, or RENEWAL_DISABLED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Registration lifecycle state","desc":"One of REGISTRATION_PENDING, REGISTRATION_FAILED, TRANSFER_PENDING, TRANSFER_FAILED, ACTIVE, SUSPENDED, EXPORTED, or EXPIRED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"transferLockState":{"name":"transferLockState","type":"\u0007","is_mandatory":true,"title":"Configured transfer-lock state guarding against unauthorized transfers","desc":"One of LOCKED, UNLOCKED, or TRANSFER_LOCK_STATE_UNSPECIFIED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Domains registration","desc":"Examine a domain registered through Cloud Domains. Surfaces the `domainName`, lifecycle `state`, `expireTime`, and the configuration that matters for domain security: the `transferLockState` (protection against unauthorized transfers), the authoritative `nameServers` and which `dnsProvider` serves them, the DNSSEC `dnssecState` and signing `dsRecords`, the `renewalMethod`, the WHOIS `contactPrivacy` level, and any open `issues`. Selected by its full resource name, for example `projects/my-project/locations/global/registrations/example-com`.","private":true,"min_provider_version":"13.18.1","defaults":"domainName state expireTime","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudFunction":{"id":"gcp.project.cloudFunction","name":"gcp.project.cloudFunction","fields":{"allowsUnauthenticated":{"name":"allowsUnauthenticated","type":"\u0004","title":"Whether the IAM policy grants an invoker role to allUsers or allAuthenticatedUsers, making the function callable without authentication","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"availableMemoryMb":{"name":"availableMemoryMb","type":"\u0005","is_mandatory":true,"title":"Amount of memory in MB available for a function","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"buildEnvVars":{"name":"buildEnvVars","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Build environment variables that are available during build time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"buildId":{"name":"buildId","type":"\u0007","is_mandatory":true,"title":"Cloud Build ID of the latest successful deployment of the function","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"buildName":{"name":"buildName","type":"\u0007","is_mandatory":true,"title":"Cloud Build name of the function deployment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"buildWorkerPool":{"name":"buildWorkerPool","type":"\u0007","is_mandatory":true,"title":"Name of the Cloud Build custom WorkerPool that should be used to build the function","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Cloud function description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dockerRegistry":{"name":"dockerRegistry","type":"\u0007","is_mandatory":true,"title":"Docker registry to use for this deployment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dockerRepository":{"name":"dockerRepository","type":"\u0007","is_mandatory":true,"title":"User-managed repository created in Artifact Registry","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"egressSettings":{"name":"egressSettings","type":"\u0007","is_mandatory":true,"title":"Egress settings for the connector controlling what traffic is diverted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"entryPoint":{"name":"entryPoint","type":"\u0007","is_mandatory":true,"title":"Name of the function (as defined in source code) that is executed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"envVars":{"name":"envVars","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Environment variables that are available during function execution","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventTrigger":{"name":"eventTrigger","type":"\n","is_mandatory":true,"title":"Source that fires events in response to a condition in another service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"httpsTrigger":{"name":"httpsTrigger","type":"\n","is_mandatory":true,"title":"HTTPS endpoint of source that can be triggered via URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings controlling who can invoke and manage the function","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ingressSettings":{"name":"ingressSettings","type":"\u0007","is_mandatory":true,"title":"Ingress settings for the function controlling what traffic can reach","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Cloud KMS key used to encrypt/decrypt function resources","min_provider_version":"13.2.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKeyName":{"name":"kmsKeyName","type":"\u0007","is_mandatory":true,"title":"Resource name of a KMS crypto key used to encrypt/decrypt function resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels associated with this cloud function","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location where the function is deployed","min_provider_version":"11.2.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxInstances":{"name":"maxInstances","type":"\u0005","is_mandatory":true,"title":"Maximum number of function instances that may coexist at a given time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minInstances":{"name":"minInstances","type":"\u0005","is_mandatory":true,"title":"Lower bound for the number of function instances that may coexist at a given time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Cloud function name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"VPC network that this cloud function can connect to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"runtime":{"name":"runtime","type":"\u0007","is_mandatory":true,"title":"Runtime in which to run the function","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secretEnvVars":{"name":"secretEnvVars","type":"\u001a\u0007\n","is_mandatory":true,"title":"Secret environment variables","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secretVolumes":{"name":"secretVolumes","type":"\u0019\n","is_mandatory":true,"title":"Secret volumes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"IAM service account used by the function","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmail":{"name":"serviceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Email of the function's service account","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceArchiveUrl":{"name":"sourceArchiveUrl","type":"\u0007","is_mandatory":true,"title":"Location of the archive with the function's source code","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceRepository":{"name":"sourceRepository","type":"\n","is_mandatory":true,"title":"Repository reference for the function's source code","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceUploadUrl":{"name":"sourceUploadUrl","type":"\u0007","is_mandatory":true,"title":"Location of the upload with the function's source code","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the function deployment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeout":{"name":"timeout","type":"\t","is_mandatory":true,"title":"Function execution timeout","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versionId":{"name":"versionId","type":"\u0005","is_mandatory":true,"title":"Version identifier of the cloud function","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpcConnector":{"name":"vpcConnector","type":"\u0007","is_mandatory":true,"title":"VPC network connector that this cloud function can connect to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Function (1st gen)","desc":"Examine a first-generation Cloud Function deployed to a project. Covers the trigger configuration (HTTP or event), runtime, service account, networking (VPC connector, ingress and egress settings), memory and timeout limits, environment variables, secret bindings, KMS encryption key, and build settings including the Artifact Registry repository and custom worker pool.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudFunctionV2":{"id":"gcp.project.cloudFunctionV2","name":"gcp.project.cloudFunctionV2","fields":{"allowsUnauthenticated":{"name":"allowsUnauthenticated","type":"\u0004","title":"Whether the IAM policy grants an invoker role to allUsers or allAuthenticatedUsers, making the function callable without authentication","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"buildConfig":{"name":"buildConfig","type":"\u001bgcp.project.cloudFunctionV2.buildConfig","is_mandatory":true,"title":"Build configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the function","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"environment":{"name":"environment","type":"\u0007","is_mandatory":true,"title":"Function environment (GEN_1, GEN_2)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventTrigger":{"name":"eventTrigger","type":"\u001bgcp.project.cloudFunctionV2.eventTrigger","is_mandatory":true,"title":"Event trigger configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings controlling who can invoke and manage the function","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Cloud KMS key used to encrypt/decrypt function resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKeyName":{"name":"kmsKeyName","type":"\u0007","is_mandatory":true,"title":"Resource name of a KMS crypto key used to encrypt/decrypt function resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels associated with this function","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/functions/{function})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceConfig":{"name":"serviceConfig","type":"\u001bgcp.project.cloudFunctionV2.serviceConfig","is_mandatory":true,"title":"Service (Cloud Run) configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Function state (ACTIVE, FAILED, DEPLOYING, DELETING, UNKNOWN)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"url":{"name":"url","type":"\u0007","is_mandatory":true,"title":"Deployed HTTPS URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Function (v2 / 2nd gen)","desc":"Examine a second-generation Cloud Function backed by Cloud Run. Covers function state and environment generation (GEN_1, GEN_2), the deployed HTTPS URL, KMS encryption key, build configuration (runtime, entry point, Artifact Registry repository, worker pool), service configuration (scaling limits, VPC connector, ingress settings, service account, secret bindings), and the Eventarc event trigger.","private":true,"min_provider_version":"13.7.2","defaults":"name state environment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudFunctionV2.buildConfig":{"id":"gcp.project.cloudFunctionV2.buildConfig","name":"gcp.project.cloudFunctionV2.buildConfig","fields":{"buildWorkerPool":{"name":"buildWorkerPool","type":"\u0007","is_mandatory":true,"title":"Name of the Cloud Build custom worker pool to use","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dockerRepository":{"name":"dockerRepository","type":"\u0007","is_mandatory":true,"title":"User-managed repository in Artifact Registry for storing built images","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"entryPoint":{"name":"entryPoint","type":"\u0007","is_mandatory":true,"title":"Name of the function (as defined in source code) that is executed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"environmentVariables":{"name":"environmentVariables","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Build environment variables","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"runtime":{"name":"runtime","type":"\u0007","is_mandatory":true,"title":"Runtime in which to run the function (e.g. nodejs20, python312, go122)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u0007","is_mandatory":true,"title":"Service account to use for the build","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"source":{"name":"source","type":"\n","is_mandatory":true,"title":"Source location (storage or repository)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Function v2 build configuration","private":true,"min_provider_version":"13.7.2","defaults":"runtime entryPoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudFunctionV2.eventTrigger":{"id":"gcp.project.cloudFunctionV2.eventTrigger","name":"gcp.project.cloudFunctionV2.eventTrigger","fields":{"channel":{"name":"channel","type":"\u0007","is_mandatory":true,"title":"Eventarc channel name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventFilters":{"name":"eventFilters","type":"\u0019\n","is_mandatory":true,"title":"Event filter criteria","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventType":{"name":"eventType","type":"\u0007","is_mandatory":true,"title":"Event type (e.g. google.cloud.pubsub.topic.v1.messagePublished)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsubTopic":{"name":"pubsubTopic","type":"\u0007","is_mandatory":true,"title":"Pub/Sub topic name for Pub/Sub triggers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retryPolicy":{"name":"retryPolicy","type":"\u0007","is_mandatory":true,"title":"Retry policy (RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"IAM service account used by the trigger","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmail":{"name":"serviceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Service account email for the trigger","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"topic":{"name":"topic","type":"\u001bgcp.project.pubsubService.topic","title":"Pub/Sub topic resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trigger":{"name":"trigger","type":"\u0007","is_mandatory":true,"title":"Eventarc trigger resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"triggerRegion":{"name":"triggerRegion","type":"\u0007","is_mandatory":true,"title":"Trigger region","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Function v2 event trigger","private":true,"min_provider_version":"13.7.2","defaults":"eventType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudFunctionV2.serviceConfig":{"id":"gcp.project.cloudFunctionV2.serviceConfig","name":"gcp.project.cloudFunctionV2.serviceConfig","fields":{"allTrafficOnLatestRevision":{"name":"allTrafficOnLatestRevision","type":"\u0004","is_mandatory":true,"title":"Whether all traffic is routed to the latest revision","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"availableCpu":{"name":"availableCpu","type":"\u0007","is_mandatory":true,"title":"Number of CPUs (e.g. \"1\", \"0.5\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"availableMemory":{"name":"availableMemory","type":"\u0007","is_mandatory":true,"title":"Amount of memory available (e.g. \"256M\", \"1Gi\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"environmentVariables":{"name":"environmentVariables","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Environment variables available during execution","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamServiceAccount":{"name":"iamServiceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"IAM service account for the function","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ingressSettings":{"name":"ingressSettings","type":"\u0007","is_mandatory":true,"title":"Ingress settings (ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxInstanceCount":{"name":"maxInstanceCount","type":"\u0005","is_mandatory":true,"title":"Maximum number of concurrent function instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minInstanceCount":{"name":"minInstanceCount","type":"\u0005","is_mandatory":true,"title":"Minimum number of idle function instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secretEnvironmentVariables":{"name":"secretEnvironmentVariables","type":"\u0019\n","is_mandatory":true,"title":"Secret environment variables","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secretVolumes":{"name":"secretVolumes","type":"\u0019\n","is_mandatory":true,"title":"Secret volume mounts","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"service":{"name":"service","type":"\u0007","is_mandatory":true,"title":"Cloud Run service resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmail":{"name":"serviceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Email of the function's service account","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeoutSeconds":{"name":"timeoutSeconds","type":"\u0005","is_mandatory":true,"title":"Function execution timeout in seconds","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpcConnector":{"name":"vpcConnector","type":"\u0007","is_mandatory":true,"title":"VPC network connector resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpcConnectorEgressSettings":{"name":"vpcConnectorEgressSettings","type":"\u0007","is_mandatory":true,"title":"VPC connector egress settings (PRIVATE_RANGES_ONLY, ALL_TRAFFIC)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Function v2 service (Cloud Run) configuration","private":true,"min_provider_version":"13.7.2","defaults":"service timeoutSeconds","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService":{"id":"gcp.project.cloudRunService","name":"gcp.project.cloudRunService","fields":{"condition":{"name":"condition","type":"\u001bgcp.project.cloudRunService.condition","title":"Google Cloud (GCP) Run condition","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"container":{"name":"container","type":"\u001bgcp.project.cloudRunService.container","title":"Google Cloud (GCP) Run service revision template container","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"job":{"name":"job","type":"\u001bgcp.project.cloudRunService.job","title":"Google Cloud (GCP) Cloud Run job","desc":"Examine a Cloud Run job and its execution configuration. Covers labels, annotations, launch stage, the execution template (container images, parallelism, task count, VPC access, service account, secret bindings, encryption key, retry limit), terminal and sub-resource conditions, reconciliation state, and the IAM policy governing who can trigger or manage the job.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"jobs":{"name":"jobs","type":"\u0019\u001bgcp.project.cloudRunService.job","title":"List of jobs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"operation":{"name":"operation","type":"\u001bgcp.project.cloudRunService.operation","title":"Google Cloud (GCP) Cloud Run long-running operation","desc":"Examine the status of a Cloud Run long-running operation. Covers the operation name and its completion state. Useful for auditing in-progress or recently completed deployments and configuration changes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"operations":{"name":"operations","type":"\u0019\u001bgcp.project.cloudRunService.operation","title":"List of operations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regions":{"name":"regions","type":"\u0019\u0007","title":"List of available regions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"service":{"name":"service","type":"\u001bgcp.project.cloudRunService.service","title":"Google Cloud (GCP) Cloud Run service","desc":"Examine a Cloud Run service's configuration and security posture. Covers ingress settings, IAM policy, binary authorization configuration, the revision template (container images, scaling limits, VPC access, service account, secret bindings, encryption key), traffic distribution across revisions, terminal and sub-resource conditions, and whether the service is publicly invocable (internet-reachable with unauthenticated access).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"services":{"name":"services","type":"\u0019\u001bgcp.project.cloudRunService.service","title":"List of services","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpcAccessConfig":{"name":"vpcAccessConfig","type":"\u001bgcp.project.cloudRunService.vpcAccessConfig","title":"Google Cloud (GCP) Cloud Run VPC access configuration","desc":"Examine how a Cloud Run revision or job task reaches private networks. Surfaces the Serverless VPC `connector` (when traffic flows through a connector), the direct-VPC `networkInterfaces` (when the task is attached to a VPC subnet), and the `egress` policy that decides which outbound traffic is sent through the VPC: `PRIVATE_RANGES_ONLY` keeps RFC1918 traffic on the VPC and sends public-IP traffic over the default internet path, while `ALL_TRAFFIC` forces every egress packet through the VPC — the stronger control for data-exfiltration audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud (GCP) Cloud Run","desc":"Use this resource as the entry point for Cloud Run in the project. It hosts the deployed `services` and `jobs` — each exposing its container image, revision configuration, ingress and IAM settings, and execution environment — along with the `operations` history and the `regions` where Cloud Run resources can run.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.condition":{"id":"gcp.project.cloudRunService.condition","name":"gcp.project.cloudRunService.condition","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastTransitionTime":{"name":"lastTransitionTime","type":"\t","is_mandatory":true,"title":"Last time the condition transitioned from one status to another","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"message":{"name":"message","type":"\u0007","is_mandatory":true,"title":"Human-readable message indicating details about the current status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"severity":{"name":"severity","type":"\u0007","is_mandatory":true,"title":"How to interpret failures of this condition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Condition state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Status of the reconciliation process","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Run condition","private":true,"min_provider_version":"9.0.0","defaults":"type state message","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.container":{"id":"gcp.project.cloudRunService.container","name":"gcp.project.cloudRunService.container","fields":{"args":{"name":"args","type":"\u0019\u0007","is_mandatory":true,"title":"Arguments to the entrypoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"command":{"name":"command","type":"\u0019\u0007","is_mandatory":true,"title":"Entrypoint array","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"env":{"name":"env","type":"\u0019\n","is_mandatory":true,"title":"Environment variables","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"image":{"name":"image","type":"\u0007","is_mandatory":true,"title":"URL of the container image in Google Container Registry or Google Artifact Registry","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"livenessProbe":{"name":"livenessProbe","type":"\u001bgcp.project.cloudRunService.container.probe","is_mandatory":true,"title":"Periodic probe of container liveness","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Container name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ports":{"name":"ports","type":"\u0019\n","is_mandatory":true,"title":"List of ports to expose from the container","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"probe":{"name":"probe","type":"\u001bgcp.project.cloudRunService.container.probe","title":"Google Cloud (GCP) Run service revision template container probe","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"resources":{"name":"resources","type":"\n","is_mandatory":true,"title":"Compute resource requirements by the container","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"startupProbe":{"name":"startupProbe","type":"\u001bgcp.project.cloudRunService.container.probe","is_mandatory":true,"title":"Startup probe of application within the container","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"volumeMounts":{"name":"volumeMounts","type":"\u0019\n","is_mandatory":true,"title":"Volumes to mount into the container's file system","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workingDir":{"name":"workingDir","type":"\u0007","is_mandatory":true,"title":"Container's working directory","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Run service revision template container","private":true,"min_provider_version":"9.0.0","defaults":"name image","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.container.probe":{"id":"gcp.project.cloudRunService.container.probe","name":"gcp.project.cloudRunService.container.probe","fields":{"failureThreshold":{"name":"failureThreshold","type":"\u0005","is_mandatory":true,"title":"Minimum consecutive successes for the probe to be considered failed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"httpGet":{"name":"httpGet","type":"\n","is_mandatory":true,"title":"HTTP GET probe configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"initialDelaySeconds":{"name":"initialDelaySeconds","type":"\u0005","is_mandatory":true,"title":"Number of seconds after the container has started before the probe is initiated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"periodSeconds":{"name":"periodSeconds","type":"\u0005","is_mandatory":true,"title":"Number of seconds indicating how often to perform the probe","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tcpSocket":{"name":"tcpSocket","type":"\n","is_mandatory":true,"title":"TCP socket probe configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeoutSeconds":{"name":"timeoutSeconds","type":"\u0005","is_mandatory":true,"title":"Number of seconds after which the probe times out","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Run service revision template container probe","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.job":{"id":"gcp.project.cloudRunService.job","name":"gcp.project.cloudRunService.job","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Unstructured key-value map that may be set by external tools to store an arbitrary metadata","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"client":{"name":"client","type":"\u0007","is_mandatory":true,"title":"Arbitrary identifier for the API client","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clientVersion":{"name":"clientVersion","type":"\u0007","is_mandatory":true,"title":"Arbitrary version identifier for the API client","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"conditions":{"name":"conditions","type":"\u0019\u001bgcp.project.cloudRunService.condition","is_mandatory":true,"title":"Conditions of all other associated sub-resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"creator":{"name":"creator","type":"\u0007","is_mandatory":true,"title":"Email address of the authenticated creator","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deleted":{"name":"deleted","type":"\t","is_mandatory":true,"title":"Deletion timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic locking","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"executionCount":{"name":"executionCount","type":"\u0005","is_mandatory":true,"title":"Number of executions created for this job","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"executionTemplate":{"name":"executionTemplate","type":"\u001bgcp.project.cloudRunService.job.executionTemplate","title":"Google Cloud (GCP) Run job execution template","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"expired":{"name":"expired","type":"\t","is_mandatory":true,"title":"Timestamp after which a deleted service will be permanently deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"generation":{"name":"generation","type":"\u0005","is_mandatory":true,"title":"Number that monotonically increases every time the user modifies the desired state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings for this Cloud Run job","min_provider_version":"13.9.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Job identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastModifier":{"name":"lastModifier","type":"\u0007","is_mandatory":true,"title":"Email address of the last authenticated modifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"launchStage":{"name":"launchStage","type":"\u0007","is_mandatory":true,"title":"Launch stage","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Job name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"observedGeneration":{"name":"observedGeneration","type":"\u0005","is_mandatory":true,"title":"Generation of this service currently serving traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconciling":{"name":"reconciling","type":"\u0004","is_mandatory":true,"title":"Whether the service is currently being acted upon by the system to bring it into the desired state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u0007","is_mandatory":true,"title":"GCP region of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the job satisfies Google's Protected Zone Separation requirements","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"template":{"name":"template","type":"\u001bgcp.project.cloudRunService.job.executionTemplate","is_mandatory":true,"title":"Template used to create executions for this job","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"terminalCondition":{"name":"terminalCondition","type":"\u001bgcp.project.cloudRunService.condition","is_mandatory":true,"title":"Conditions of this service, containing its readiness status and detailed error information in case it did not reach a serving state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"Unique identifier","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Run job","desc":"Examine a Cloud Run job and its execution configuration. Covers labels, annotations, launch stage, the execution template (container images, parallelism, task count, VPC access, service account, secret bindings, encryption key, retry limit), terminal and sub-resource conditions, reconciliation state, and the IAM policy governing who can trigger or manage the job.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.job.executionTemplate":{"id":"gcp.project.cloudRunService.job.executionTemplate","name":"gcp.project.cloudRunService.job.executionTemplate","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Unstructured key-value map that may be set by external tools to store an arbitrary metadata","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parallelism":{"name":"parallelism","type":"\u0005","is_mandatory":true,"title":"Specifies the maximum desired number of tasks the execution should run at a given time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"taskCount":{"name":"taskCount","type":"\u0005","is_mandatory":true,"title":"Specifies the desired number of tasks the execution should run","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"taskTemplate":{"name":"taskTemplate","type":"\u001bgcp.project.cloudRunService.job.executionTemplate.taskTemplate","title":"Google Cloud (GCP) Run job execution template task template","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"template":{"name":"template","type":"\u001bgcp.project.cloudRunService.job.executionTemplate.taskTemplate","is_mandatory":true,"title":"Describes the task that will be create when executing an execution","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Run job execution template","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.job.executionTemplate.taskTemplate":{"id":"gcp.project.cloudRunService.job.executionTemplate.taskTemplate","name":"gcp.project.cloudRunService.job.executionTemplate.taskTemplate","fields":{"containers":{"name":"containers","type":"\u0019\u001bgcp.project.cloudRunService.container","is_mandatory":true,"title":"Containers for this revision","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionKey":{"name":"encryptionKey","type":"\u0007","is_mandatory":true,"title":"Reference to a customer-managed encryption key to use to encrypt this container image","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"executionEnvironment":{"name":"executionEnvironment","type":"\u0007","is_mandatory":true,"title":"Sandbox environment to host the revision","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxRetries":{"name":"maxRetries","type":"\u0005","is_mandatory":true,"title":"Number of retries allowed per task","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"IAM service account associated with the revision of the service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmail":{"name":"serviceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Email address of the IAM service account associated with the revision of the service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeout":{"name":"timeout","type":"\t","is_mandatory":true,"title":"Maximum allowed time for an instance to respond to a request","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"volumes":{"name":"volumes","type":"\u0019\n","is_mandatory":true,"title":"List of volumes to make available to containers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpcAccess":{"name":"vpcAccess","type":"\n","is_mandatory":true,"title":"Raw VPC access dict","desc":"Deprecated in favor of `vpcAccessConfig`, which exposes the same fields (connector, egress, networkInterfaces) as a typed sub-resource.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"vpcAccessConfig":{"name":"vpcAccessConfig","type":"\u001bgcp.project.cloudRunService.vpcAccessConfig","is_mandatory":true,"title":"VPC access configuration (Serverless VPC connector and egress policy)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Run job execution template task template","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.operation":{"id":"gcp.project.cloudRunService.operation","name":"gcp.project.cloudRunService.operation","fields":{"done":{"name":"done","type":"\u0004","is_mandatory":true,"title":"Whether the operation is completed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Operation name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Run long-running operation","desc":"Examine the status of a Cloud Run long-running operation. Covers the operation name and its completion state. Useful for auditing in-progress or recently completed deployments and configuration changes.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.service":{"id":"gcp.project.cloudRunService.service","name":"gcp.project.cloudRunService.service","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Unstructured key-value map that may be set by external tools to store an arbitrary metadata","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"binaryAuthorization":{"name":"binaryAuthorization","type":"\n","is_mandatory":true,"title":"Binary authorization configuration (useDefault, policy, breakglassJustification)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"binaryAuthorizationBreakglassJustification":{"name":"binaryAuthorizationBreakglassJustification","type":"\u0007","is_mandatory":true,"title":"Breakglass justification recorded for Binary Authorization","desc":"When set, indicates the service was deployed bypassing Binary Authorization enforcement with this justification text. An empty value means no breakglass override is in effect.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"binaryAuthorizationUseDefault":{"name":"binaryAuthorizationUseDefault","type":"\u0004","is_mandatory":true,"title":"Whether the service uses the project's default Binary Authorization policy","desc":"True when the service inherits the project-singleton Binary Authorization policy rather than a service-specific policy reference.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"conditions":{"name":"conditions","type":"\u0019\u001bgcp.project.cloudRunService.condition","is_mandatory":true,"title":"Conditions of all other associated sub-resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"creator":{"name":"creator","type":"\u0007","is_mandatory":true,"title":"Email address of the authenticated creator","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customAudiences":{"name":"customAudiences","type":"\u0019\u0007","is_mandatory":true,"title":"Custom audiences for authentication","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultUriDisabled":{"name":"defaultUriDisabled","type":"\u0004","is_mandatory":true,"title":"Whether the default URI is disabled","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deleted":{"name":"deleted","type":"\t","is_mandatory":true,"title":"Deletion timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Service description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic locking","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expired":{"name":"expired","type":"\t","is_mandatory":true,"title":"Timestamp after which a deleted service will be permanently deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"generation":{"name":"generation","type":"\u0005","is_mandatory":true,"title":"Number that monotonically increases every time the user modifies the desired state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings for this Cloud Run service","min_provider_version":"13.9.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Service identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ingress":{"name":"ingress","type":"\u0007","is_mandatory":true,"title":"Ingress settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastModifier":{"name":"lastModifier","type":"\u0007","is_mandatory":true,"title":"Email address of the last authenticated modifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"latestCreatedRevision":{"name":"latestCreatedRevision","type":"\u0007","is_mandatory":true,"title":"Name of the last created revision","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"latestReadyRevision":{"name":"latestReadyRevision","type":"\u0007","is_mandatory":true,"title":"Name of the latest revision that is serving traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"launchStage":{"name":"launchStage","type":"\u0007","is_mandatory":true,"title":"Launch stage","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Service name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"observedGeneration":{"name":"observedGeneration","type":"\u0005","is_mandatory":true,"title":"Generation of this service currently serving traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicInvocable":{"name":"publicInvocable","type":"\u0004","title":"Whether the service is reachable from the public internet: ingress allows all traffic AND IAM grants invoke to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconciling":{"name":"reconciling","type":"\u0004","is_mandatory":true,"title":"Whether the service is currently being acted upon by the system to bring it into the desired state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u0007","is_mandatory":true,"title":"GCP region of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"revisionTemplate":{"name":"revisionTemplate","type":"\u001bgcp.project.cloudRunService.service.revisionTemplate","title":"Google Cloud (GCP) Run service revision template","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the service satisfies Google's Protected Zone Separation requirements","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"template":{"name":"template","type":"\u001bgcp.project.cloudRunService.service.revisionTemplate","is_mandatory":true,"title":"Template used to create revisions for the service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"terminalCondition":{"name":"terminalCondition","type":"\u001bgcp.project.cloudRunService.condition","is_mandatory":true,"title":"Conditions of this service, containing its readiness status and detailed error information in case it did not reach a serving state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"traffic":{"name":"traffic","type":"\u0019\n","is_mandatory":true,"title":"Specifies how to distribute traffic over a collection of revisions belonging to the service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trafficStatuses":{"name":"trafficStatuses","type":"\u0019\n","is_mandatory":true,"title":"Detailed status information for corresponding traffic targets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"Unique identifier","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uri":{"name":"uri","type":"\u0007","is_mandatory":true,"title":"Main URI in which this service is serving traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Run service","desc":"Examine a Cloud Run service's configuration and security posture. Covers ingress settings, IAM policy, binary authorization configuration, the revision template (container images, scaling limits, VPC access, service account, secret bindings, encryption key), traffic distribution across revisions, terminal and sub-resource conditions, and whether the service is publicly invocable (internet-reachable with unauthenticated access).","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.service.revisionTemplate":{"id":"gcp.project.cloudRunService.service.revisionTemplate","name":"gcp.project.cloudRunService.service.revisionTemplate","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Unstructured key-value map that may be set by external tools to store an arbitrary metadata","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"containers":{"name":"containers","type":"\u0019\u001bgcp.project.cloudRunService.container","is_mandatory":true,"title":"Containers for this revision","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionKey":{"name":"encryptionKey","type":"\u0007","is_mandatory":true,"title":"Reference to a customer-managed encryption key to use to encrypt this container image","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"executionEnvironment":{"name":"executionEnvironment","type":"\u0007","is_mandatory":true,"title":"Sandbox environment to host the revision","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxInstanceRequestConcurrency":{"name":"maxInstanceRequestConcurrency","type":"\u0005","is_mandatory":true,"title":"Maximum number of requests that each serving instance can receive","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Revision name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scaling":{"name":"scaling","type":"\n","is_mandatory":true,"title":"Scaling settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"IAM service account associated with the revision of the service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmail":{"name":"serviceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Email address of the IAM service account associated with the revision of the service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeout":{"name":"timeout","type":"\t","is_mandatory":true,"title":"Maximum allowed time for an instance to respond to a request","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"volumes":{"name":"volumes","type":"\u0019\n","is_mandatory":true,"title":"List of volumes to make available to containers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpcAccess":{"name":"vpcAccess","type":"\n","is_mandatory":true,"title":"Raw VPC access dict","desc":"Deprecated in favor of `vpcAccessConfig`, which exposes the same fields (connector, egress, networkInterfaces) as a typed sub-resource.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"vpcAccessConfig":{"name":"vpcAccessConfig","type":"\u001bgcp.project.cloudRunService.vpcAccessConfig","is_mandatory":true,"title":"VPC access configuration (Serverless VPC connector and egress policy)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Run service revision template","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudRunService.vpcAccessConfig":{"id":"gcp.project.cloudRunService.vpcAccessConfig","name":"gcp.project.cloudRunService.vpcAccessConfig","fields":{"connector":{"name":"connector","type":"\u0007","is_mandatory":true,"title":"Serverless VPC Access connector (full resource name `projects/{p}/locations/{l}/connectors/{c}`); empty when direct-VPC `networkInterfaces` is used","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"egress":{"name":"egress","type":"\u0007","is_mandatory":true,"title":"Outbound traffic routing through the VPC","desc":"One of ALL_TRAFFIC (every packet egresses via the VPC), PRIVATE_RANGES_ONLY (only RFC1918 destinations), or VPC_EGRESS_UNSPECIFIED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkInterfaces":{"name":"networkInterfaces","type":"\u0019\n","is_mandatory":true,"title":"Direct-VPC network interfaces the revision or task is attached to","desc":"Each entry exposes `network` (the VPC network resource name), `subnetwork` (the subnet resource name), and `tags` (the network tags the workload presents). Populated when the workload uses direct VPC egress instead of a Serverless VPC Access connector.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Run VPC access configuration","desc":"Examine how a Cloud Run revision or job task reaches private networks. Surfaces the Serverless VPC `connector` (when traffic flows through a connector), the direct-VPC `networkInterfaces` (when the task is attached to a VPC subnet), and the `egress` policy that decides which outbound traffic is sent through the VPC: `PRIVATE_RANGES_ONLY` keeps RFC1918 traffic on the VPC and sends public-IP traffic over the default internet path, while `ALL_TRAFFIC` forces every egress packet through the VPC — the stronger control for data-exfiltration audits.","private":true,"min_provider_version":"13.16.3","defaults":"connector egress","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudSchedulerService":{"id":"gcp.project.cloudSchedulerService","name":"gcp.project.cloudSchedulerService","fields":{"job":{"name":"job","type":"\u001bgcp.project.cloudSchedulerService.job","title":"Google Cloud (GCP) Cloud Scheduler job","desc":"Examine a Cloud Scheduler job: its cron schedule expression, time zone, current state (ENABLED, PAUSED, DISABLED, UPDATE_FAILED), target type (HTTP, Pub/Sub, or App Engine HTTP), retry configuration, and timestamps for the last attempted run and the next scheduled run.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"jobs":{"name":"jobs","type":"\u0019\u001bgcp.project.cloudSchedulerService.job","title":"List of Cloud Scheduler jobs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Scheduler","desc":"Use this resource as the entry point for Cloud Scheduler in the project. It hosts the project's `jobs` — each exposing its cron schedule, target (HTTP, Pub/Sub, or App Engine), retry configuration, and last-run state.","private":true,"min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudSchedulerService.job":{"id":"gcp.project.cloudSchedulerService.job","name":"gcp.project.cloudSchedulerService.job","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the job","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastAttemptTime":{"name":"lastAttemptTime","type":"\t","is_mandatory":true,"title":"The time the job was last scheduled to run","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oauthServiceAccountEmail":{"name":"oauthServiceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Service account email used to mint the OAuth token for HTTP target authentication (empty if not configured)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oidcServiceAccountEmail":{"name":"oidcServiceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Service account email used to mint the OIDC token for HTTP target authentication (empty if not configured)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retryConfig":{"name":"retryConfig","type":"\u001bgcp.retryConfig","is_mandatory":true,"title":"Retry configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"schedule":{"name":"schedule","type":"\u0007","is_mandatory":true,"title":"Cron-style schedule specification (e.g. \"0 5 * * *\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scheduleTime":{"name":"scheduleTime","type":"\t","is_mandatory":true,"title":"The next time the job is scheduled to run","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"The current state of the job (ENABLED, PAUSED, DISABLED, UPDATE_FAILED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetType":{"name":"targetType","type":"\u0007","is_mandatory":true,"title":"Target type: \"httpTarget\", \"pubsubTarget\", or \"appEngineHttpTarget\"","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeZone":{"name":"timeZone","type":"\u0007","is_mandatory":true,"title":"Time zone for the schedule (e.g. \"America/New_York\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userUpdateTime":{"name":"userUpdateTime","type":"\t","is_mandatory":true,"title":"User-updated time for the job","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Scheduler job","desc":"Examine a Cloud Scheduler job: its cron schedule expression, time zone, current state (ENABLED, PAUSED, DISABLED, UPDATE_FAILED), target type (HTTP, Pub/Sub, or App Engine HTTP), retry configuration, and timestamps for the last attempted run and the next scheduled run.","private":true,"min_provider_version":"11.6.6","defaults":"name state schedule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudTasksService":{"id":"gcp.project.cloudTasksService","name":"gcp.project.cloudTasksService","fields":{"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"queue":{"name":"queue","type":"\u001bgcp.project.cloudTasksService.queue","title":"Google Cloud (GCP) Cloud Tasks queue","desc":"Examine a Cloud Tasks queue: its current state (RUNNING, PAUSED, DISABLED), dispatch rate limits, retry configuration (max attempts, backoff, max retry duration), and any App Engine routing overrides that apply to tasks dispatched from this queue.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"queues":{"name":"queues","type":"\u0019\u001bgcp.project.cloudTasksService.queue","title":"List of Cloud Tasks queues","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Tasks","desc":"Use this resource as the entry point for Cloud Tasks in the project. It hosts the project's `queues` — each exposing its rate limits, retry configuration, and processing state for task-queue audits.","private":true,"min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.cloudTasksService.queue":{"id":"gcp.project.cloudTasksService.queue","name":"gcp.project.cloudTasksService.queue","fields":{"appEngineRoutingOverride":{"name":"appEngineRoutingOverride","type":"\n","is_mandatory":true,"title":"Overrides for task-level app_engine_routing (App Engine queues only)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings on the queue (who can enqueue, lease, or manage tasks)","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rateLimits":{"name":"rateLimits","type":"\n","is_mandatory":true,"title":"Rate limits for task dispatches","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retryConfig":{"name":"retryConfig","type":"\u001bgcp.retryConfig","is_mandatory":true,"title":"Retry configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"The current state of the queue (RUNNING, PAUSED, DISABLED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Tasks queue","desc":"Examine a Cloud Tasks queue: its current state (RUNNING, PAUSED, DISABLED), dispatch rate limits, retry configuration (max attempts, backoff, max retry duration), and any App Engine routing overrides that apply to tasks dispatched from this queue.","private":true,"min_provider_version":"11.6.6","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.composerService":{"id":"gcp.project.composerService","name":"gcp.project.composerService","fields":{"environment":{"name":"environment","type":"\u001bgcp.project.composerService.environment","title":"Google Cloud (GCP) Cloud Composer environment","desc":"Examine a managed Apache Airflow environment running on Cloud Composer: its lifecycle state, the Composer image version it runs, user-defined labels, creation and update timestamps, and the full environment configuration covering node config, software config, encryption config, and web server access control.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"environments":{"name":"environments","type":"\u0019\u001bgcp.project.composerService.environment","title":"List of Cloud Composer environments","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Composer","desc":"Use this resource as the entry point for Cloud Composer in the project. It hosts the managed Apache Airflow `environments` — each exposing its lifecycle state, image version, labels, and environment configuration covering node config, software config, encryption, and web server access control.","private":true,"min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.composerService.environment":{"id":"gcp.project.composerService.environment","name":"gcp.project.composerService.environment","fields":{"config":{"name":"config","type":"\n","is_mandatory":true,"title":"Environment configuration (node config, software config, encryption config, web server access control)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the environment was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"imageVersion":{"name":"imageVersion","type":"\u0007","is_mandatory":true,"title":"Composer image version running in the environment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt the environment at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels for the environment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/environments/{environment})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateEnvironmentEnabled":{"name":"privateEnvironmentEnabled","type":"\u0004","is_mandatory":true,"title":"Whether the environment uses a Private IP Cloud Composer setup","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the environment (CREATING, RUNNING, UPDATING, DELETING, ERROR)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"The time the environment was last modified","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uuid":{"name":"uuid","type":"\u0007","is_mandatory":true,"title":"UUID associated with the environment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"webServerAllowedIpRanges":{"name":"webServerAllowedIpRanges","type":"\u0019\u0007","is_mandatory":true,"title":"IP ranges (CIDR) allowed to access the Airflow web server (empty means open to all)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Composer environment","desc":"Examine a managed Apache Airflow environment running on Cloud Composer: its lifecycle state, the Composer image version it runs, user-defined labels, creation and update timestamps, and the full environment configuration covering node config, software config, encryption config, and web server access control.","private":true,"min_provider_version":"13.15.1","defaults":"name state imageVersion","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService":{"id":"gcp.project.computeService","name":"gcp.project.computeService","fields":{"address":{"name":"address","type":"\u001bgcp.project.computeService.address","title":"Google Cloud (GCP) Compute Engine static IP address","desc":"Examine a reserved static IP address (external or internal). Surfaces the `address` value, `addressType`, `ipVersion`, `purpose` (EXTERNAL, GCE_ENDPOINT, SHARED_LOADBALANCER_VIP, etc.), `networkTier`, `status`, and `prefixLength` for IP-range reservations. The typed `network()` and `subnetwork()` accessors link to the VPC resources the address is scoped to, and `resourceUrls` lists the compute resources currently using the address.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"addresses":{"name":"addresses","type":"\u0019\u001bgcp.project.computeService.address","title":"List of IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"attachedDisk":{"name":"attachedDisk","type":"\u001bgcp.project.computeService.attachedDisk","title":"Google Cloud (GCP) Compute attached disk","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backendBucket":{"name":"backendBucket","type":"\u001bgcp.project.computeService.backendBucket","title":"Google Cloud (GCP) Compute backend bucket","desc":"Examine a Compute Engine backend bucket: the backing Cloud Storage bucket name, whether Cloud CDN is enabled, the CDN policy configuration, compression mode (AUTOMATIC, DISABLED), custom response headers, and the edge security policy URL.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backendBuckets":{"name":"backendBuckets","type":"\u0019\u001bgcp.project.computeService.backendBucket","title":"Cloud Storage backend buckets for CDN/load balancing","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backendService":{"name":"backendService","type":"\u001bgcp.project.computeService.backendService","title":"Google Compute Engine backend service","desc":"Examine a load-balancer backend service's configuration and security posture. Surfaces the `loadBalancingScheme`, `protocol`, `backends()` (instance groups or NEGs), `healthChecks`, session-affinity settings, Cloud CDN policy (`cdnPolicy`), Identity-Aware Proxy configuration (`iap`), and the attached Cloud Armor `securityPolicy()`. Derived predicates `cloudArmorEnabled()` and `iapEnabled()` provide quick posture checks. The `network()` reference links to the VPC the service is deployed in.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backendServices":{"name":"backendServices","type":"\u0019\u001bgcp.project.computeService.backendService","title":"List of backend services","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disk":{"name":"disk","type":"\u001bgcp.project.computeService.disk","title":"Google Cloud (GCP) Compute Engine persistent disk","desc":"Examine a Compute Engine persistent disk and its security configuration. Surfaces the disk `type` (pd-standard, pd-ssd, pd-balanced, etc.), `sizeGb`, `status`, attached instance `users`, and the `zone` or `region` of the disk. Audit encryption posture via `diskEncryptionKey` and the typed `kmsKey()` accessor for customer-managed keys, and `enableConfidentialCompute` for Confidential VM disks. The `sourceImage()` and `sourceSnapshot()` accessors identify what the disk was created from, and `storagePool()` links to the provisioned storage pool when applicable.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"disks":{"name":"disks","type":"\u0019\u001bgcp.project.computeService.disk","title":"Google Compute Engine disks in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabled":{"name":"enabled","type":"\u0004","title":"Whether the service is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalVpnGateway":{"name":"externalVpnGateway","type":"\u001bgcp.project.computeService.externalVpnGateway","title":"Google Cloud (GCP) Compute external VPN gateway (peer/customer-side)","desc":"Examine the peer-side VPN gateway used in a Cloud VPN configuration: its redundancy type (SINGLE_IP_INTERNALLY_REDUNDANT, TWO_IPS_REDUNDANCY, FOUR_IPS_REDUNDANCY), the IP addresses of the peer gateway's interfaces, and resource labels.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"externalVpnGateways":{"name":"externalVpnGateways","type":"\u0019\u001bgcp.project.computeService.externalVpnGateway","title":"External (peer/customer-side) VPN gateways","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firewall":{"name":"firewall","type":"\u001bgcp.project.computeService.firewall","title":"Google Compute Engine VPC firewall rule","desc":"Examine a Compute Engine firewall rule's traffic-filtering configuration. Surfaces the rule `direction` (INGRESS / EGRESS), `priority`, `disabled` state, `sourceRanges`, `destinationRanges`, target and source tags and service accounts, `allowed` and `denied` protocol/port lists, and log configuration. Derived predicates — `openToInternet()`, `allowsSshFromInternet()`, and `allowsRdpFromInternet()` — flag the most common exposure patterns. The `network()` reference links to the VPC the rule belongs to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firewallPolicies":{"name":"firewallPolicies","type":"\u0019\u001bgcp.project.computeService.firewallPolicy","title":"Network firewall policies","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firewallPolicy":{"name":"firewallPolicy","type":"\u001bgcp.project.computeService.firewallPolicy","title":"Google Cloud (GCP) Compute network firewall policy","desc":"Examine a Compute Engine network firewall policy — a hierarchical or global/regional policy containing an ordered set of firewall rules that can be associated with multiple VPC networks. Query its `ruleTupleCount` (total rule tuples consumed toward the quota), `associations` (the networks and scopes the policy is attached to), and `regionUrl` (empty for global policies). Drill into `rules` for the ordered allow, deny, and goto-next rules.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"firewalls":{"name":"firewalls","type":"\u0019\u001bgcp.project.computeService.firewall","title":"Google Compute Engine firewalls in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"forwardingRule":{"name":"forwardingRule","type":"\u001bgcp.project.computeService.forwardingRule","title":"Google Cloud (GCP) Compute Engine forwarding rule","desc":"Examine a load-balancer forwarding rule that routes incoming traffic to a backend. Surfaces the `ipAddress`, `ipProtocol`, `portRange`, `ports`, `loadBalancingScheme`, `networkTier`, and `targetUrl` describing where traffic is sent. The typed `network()` and `subnetwork()` accessors link to the VPC resources the rule is scoped to. Audit Private Service Connect posture via `pscConnectionStatus` and `allowPscGlobalAccess`, and packet mirroring eligibility via `isMirroringCollector`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"forwardingRules":{"name":"forwardingRules","type":"\u0019\u001bgcp.project.computeService.forwardingRule","title":"List of forwarding rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasDefaultNetwork":{"name":"hasDefaultNetwork","type":"\u0004","title":"Whether the project still has the auto-created `default` VPC network — true when a network named \"default\" exists","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthCheck":{"name":"healthCheck","type":"\u001bgcp.project.computeService.healthCheck","title":"Google Cloud (GCP) Compute health check","desc":"Examine a Compute Engine health check: its protocol type (HTTP, HTTPS, TCP, SSL, HTTP2, GRPC), check interval and timeout, healthy and unhealthy thresholds, protocol-specific configuration (httpHealthCheck, httpsHealthCheck, tcpHealthCheck, sslHealthCheck, http2HealthCheck, grpcHealthCheck), logging configuration, and whether the check is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"healthChecks":{"name":"healthChecks","type":"\u0019\u001bgcp.project.computeService.healthCheck","title":"Health checks","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"image":{"name":"image","type":"\u001bgcp.project.computeService.image","title":"Google Compute Engine custom or public machine image","desc":"Examine a Compute Engine image's configuration, encryption posture, and access controls. Surfaces the image `family`, `architecture`, disk and archive sizes, `status`, confidential-compute flag, Protected Zone attributes, Cloud Storage `storageLocations`, source provenance (`sourceDisk()`, `sourceImage()`, `sourceSnapshot()`), the CMEK key protecting the image, the IAM policy — including any `allUsers` / `allAuthenticatedUsers` grants that make the image `public()` — and user-defined `labels`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"images":{"name":"images","type":"\u0019\u001bgcp.project.computeService.image","title":"Google Compute Engine images in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcloud.compute.instance","title":"Google Cloud Compute Engine instance","desc":"Examine a Compute Engine VM instance and the security-relevant configuration around it. Surfaces the machine type and CPU platform, the instance status and lifecycle, attached `disks` and `networkInterfaces`, the boot image, applied `labels` and `metadata`, the `serviceAccounts` bound to the instance, the `shieldedInstanceConfig` (Secure Boot, vTPM, integrity monitoring), the `confidentialInstanceConfig`, OS Config patch posture, and the scheduling and reservation affinity settings. The CIS-aligned predicates (`hasPublicIp`, `usesDefaultServiceAccount`, `hasFullCloudPlatformScope`, `blockProjectSshKeysEnabled`, `osLoginEnabled`, `serialPortEnabled`) collapse common posture checks into a single boolean field per audit.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceGroup":{"name":"instanceGroup","type":"\u001bgcp.project.computeService.instanceGroup","title":"Google Cloud (GCP) Compute instance group","desc":"Examine a Compute Engine instance group — a collection of VM instances that can be managed together for load balancing and autoscaling. Query its `size` (current instance count), `namedPorts` (protocol/port pairs registered for load balancing), attached `network` and `subnetwork`, and zone. Instance groups are either managed (backed by an `instanceGroupManager`) or unmanaged.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceGroupManager":{"name":"instanceGroupManager","type":"\u001bgcp.project.computeService.instanceGroupManager","title":"Google Cloud (GCP) Compute instance group manager (managed instance group)","desc":"Examine a Compute Engine managed instance group (MIG) — a group manager that maintains a fleet of identical VM instances from a single instance template. Query its `targetSize`, `currentActions` (creatingInstances, deletingInstances, recreatingInstances), `autoHealingPolicies` (health checks and initial delay), `statefulPolicy` (preserved disks and metadata), and group `status`. `instanceTemplateUrl` identifies the template used to create instances.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceGroupManagers":{"name":"instanceGroupManagers","type":"\u0019\u001bgcp.project.computeService.instanceGroupManager","title":"Instance group managers (managed instance groups)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceGroups":{"name":"instanceGroups","type":"\u0019\u001bgcp.project.computeService.instanceGroup","title":"Instance groups","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceTemplate":{"name":"instanceTemplate","type":"\u001bgcp.project.computeService.instanceTemplate","title":"Google Cloud (GCP) Compute instance template","desc":"Examine a Compute Engine instance template: the instance properties it defines (machine type, boot and data disks, network interfaces, service account, metadata, and scheduling options), whether it was derived from an existing instance, and its creation timestamp.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceTemplates":{"name":"instanceTemplates","type":"\u0019\u001bgcp.project.computeService.instanceTemplate","title":"Instance templates","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.computeService.instance","title":"Google Compute Engine instances in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnect":{"name":"interconnect","type":"\u001bgcp.project.computeService.interconnect","title":"Google Cloud (GCP) Compute Interconnect connection","desc":"Examine a Dedicated or Partner Interconnect connection: its type (DEDICATED, PARTNER), link type (10G_LR, 100G_LR), requested and provisioned link counts, administrative status, operational status, connection state (ACTIVE, UNPROVISIONED), Google and peer IP addresses for ping testing, NOC contact email, physical location, remote location for Cross-Cloud Interconnect, MACsec feature availability, attached VLAN attachment URLs, circuit information, expected outages, zone separation compliance, and resource labels.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"interconnectAttachment":{"name":"interconnectAttachment","type":"\u001bgcp.project.computeService.interconnectAttachment","title":"Google Cloud (GCP) Compute Interconnect Attachment (VLAN)","desc":"Examine a Dedicated or Partner Interconnect VLAN attachment: its type (DEDICATED, PARTNER, PARTNER_PROVIDER), state (ACTIVE, UNPROVISIONED, PENDING_PARTNER, DEFUNCT, PENDING_CUSTOMER), edge availability domain, bandwidth, VLAN tag (802.1Q), encryption mode (NONE, IPSEC), IPv4 and IPv6 addresses for the Cloud Router and customer router sides, stack type (IPV4_ONLY, IPV4_IPV6), the associated Interconnect connection and Cloud Router resources, and partner metadata.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"interconnectAttachments":{"name":"interconnectAttachments","type":"\u0019\u001bgcp.project.computeService.interconnectAttachment","title":"VLAN attachments over Interconnects","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnects":{"name":"interconnects","type":"\u0019\u001bgcp.project.computeService.interconnect","title":"Dedicated/Partner Interconnect connections","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineType":{"name":"machineType","type":"\u001bgcp.project.computeService.machineType","title":"Google Cloud (GCP) Compute Engine machine type","desc":"Examine a Compute Engine machine type and its hardware specification. Surfaces the `name`, `guestCpus`, `memoryMb`, `isSharedCpu`, maximum persistent-disk count and total size, and the `zone` it belongs to. Used for auditing instance right-sizing and validating that workloads run on approved machine families.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"machineTypes":{"name":"machineTypes","type":"\u0019\u001bgcp.project.computeService.machineType","title":"Google Compute Engine machine types in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Google Cloud VPC network","desc":"Examine a Compute Engine VPC network and the structural posture around it. Surfaces the network `mode` (legacy, custom, or auto), the `legacy` predicate, the `autoCreateSubnetworks` flag, the routing mode, MTU, IPv6/ULA settings, the network-firewall enforcement order, the attached firewall policy, peering configurations, and the `subnetworks()` defined in the network.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkEndpointGroup":{"name":"networkEndpointGroup","type":"\u001bgcp.project.computeService.networkEndpointGroup","title":"Google Cloud (GCP) Compute network endpoint group","desc":"Examine a Compute Engine Network Endpoint Group (NEG): its endpoint type (GCE_VM_IP, GCE_VM_IP_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT), default port, number of endpoints, the network and subnetwork it belongs to, serverless backend configuration (Cloud Run, App Engine, or Cloud Functions), PSC target service, and zone or region placement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networkEndpointGroups":{"name":"networkEndpointGroups","type":"\u0019\u001bgcp.project.computeService.networkEndpointGroup","title":"Network endpoint groups","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networks":{"name":"networks","type":"\u0019\u001bgcp.project.computeService.network","title":"Google Compute Engine VPC network in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packetMirroring":{"name":"packetMirroring","type":"\u001bgcp.project.computeService.packetMirroring","title":"Google Cloud (GCP) Compute packet mirroring policy","desc":"Examine a Compute Engine packet mirroring policy: whether mirroring is enabled, its priority, the collector internal load balancer, the mirrored resources (specific instances, subnetworks, or tags), traffic filter configuration, and the network it applies to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"packetMirrorings":{"name":"packetMirrorings","type":"\u0019\u001bgcp.project.computeService.packetMirroring","title":"Packet mirroring policies","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectBlockProjectSshKeys":{"name":"projectBlockProjectSshKeys","type":"\u0004","title":"Whether project-wide SSH keys are blocked — project commonInstanceMetadata item 'block-project-ssh-keys' is TRUE","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectOsLoginEnabled":{"name":"projectOsLoginEnabled","type":"\u0004","title":"Whether OS Login is enabled project-wide — project commonInstanceMetadata item 'enable-oslogin' is TRUE","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectSerialPortEnabled":{"name":"projectSerialPortEnabled","type":"\u0004","title":"Whether serial port access is enabled project-wide — project commonInstanceMetadata item 'serial-port-enable' is TRUE","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicAdvertisedPrefix":{"name":"publicAdvertisedPrefix","type":"\u001bgcp.project.computeService.publicAdvertisedPrefix","title":"Google Cloud (GCP) Compute public advertised prefix (BYOIP)","desc":"Examine a Bring Your Own IP (BYOIP) public advertised prefix: the IP CIDR range being advertised, its validation status (INITIAL, PTR_CONFIGURED, VALIDATED, PREFIX_CONFIGURATION_COMPLETE, PREFIX_CONFIGURATION_IN_PROGRESS, PREFIX_REMOVAL_IN_PROGRESS, READY_TO_USE), the DNS verification IP, BYOIP API version, PDP scope (REGIONAL, GLOBAL), and any public delegated sub-prefixes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"publicAdvertisedPrefixes":{"name":"publicAdvertisedPrefixes","type":"\u0019\u001bgcp.project.computeService.publicAdvertisedPrefix","title":"BYOIP public advertised prefixes","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Google Cloud (GCP) Compute Engine region","desc":"Examine a Compute Engine region and its capacity posture. Surfaces the region `name`, `status`, creation timestamp, per-resource `quotas` (CPU, disk, instances, etc.) as a name-to-float map, deprecation status, and whether the region supports Protected Zone Separation (`supportsPzs`).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"regions":{"name":"regions","type":"\u0019\u001bgcp.project.computeService.region","title":"Project regions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"route":{"name":"route","type":"\u001bgcp.project.computeService.route","title":"Google Cloud (GCP) Compute static route","desc":"Examine a Compute Engine route: its destination IP range, priority (0-65535), the network it belongs to, the next hop (gateway, instance, IP address, VPN tunnel, ILB forwarding rule, or NCC hub), the instance tags that scope the route, route type (STATIC, BGP, SUBNET, TRANSIT), route status (ACTIVE, INACTIVE, PENDING, DROPPED), and any configuration warnings reported by the API.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"router":{"name":"router","type":"\u001bgcp.project.computeService.router","title":"Google Compute Engine Cloud Router","desc":"Examine a Cloud Router's BGP configuration and NAT services. Surfaces `bgp` session settings, `bgpPeers` for dynamic route exchange, `encryptedInterconnectRouter` for HA VPN / Dedicated Interconnect encryption enforcement, and the `natServices()` defining Cloud NAT gateway configuration within the router. The `network()` reference links to the VPC the router is attached to.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"routers":{"name":"routers","type":"\u0019\u001bgcp.project.computeService.router","title":"Cloud Routers in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routes":{"name":"routes","type":"\u0019\u001bgcp.project.computeService.route","title":"Static routes in VPC networks","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityPolicies":{"name":"securityPolicies","type":"\u0019\u001bgcp.project.computeService.securityPolicy","title":"Cloud Armor security policies","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityPolicy":{"name":"securityPolicy","type":"\u001bgcp.project.computeService.securityPolicy","title":"Google Cloud (GCP) Compute Cloud Armor security policy","desc":"Examine a Cloud Armor security policy that protects Google Cloud load balancers from DDoS attacks, web application threats, and unwanted traffic. Query its `type` (`CLOUD_ARMOR`, `CLOUD_ARMOR_EDGE`, or `CLOUD_ARMOR_NETWORK`), adaptive protection configuration, advanced options (request body inspection, JSON parsing), DDoS protection settings, and reCAPTCHA options. Drill into `rules` for the ordered list of allow, deny, rate-limit, and redirect rules.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"serviceAttachment":{"name":"serviceAttachment","type":"\u001bgcp.project.computeService.serviceAttachment","title":"Google Cloud (GCP) Compute Private Service Connect service attachment","desc":"Examine a Private Service Connect service attachment: its connection preference (ACCEPT_AUTOMATIC, ACCEPT_MANUAL), the connected consumer endpoints, consumer accept and reject lists, whether proxy protocol is enabled, DNS domain names for service discovery, NAT subnets, the producer forwarding rule, and the target service URL.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"serviceAttachments":{"name":"serviceAttachments","type":"\u0019\u001bgcp.project.computeService.serviceAttachment","title":"Private Service Connect service attachments","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceaccount":{"name":"serviceaccount","type":"\u001bgcloud.compute.serviceaccount","title":"Google Cloud (GCP) Compute service account","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"snapshot":{"name":"snapshot","type":"\u001bgcp.project.computeService.snapshot","title":"Google Cloud (GCP) Compute Engine persistent disk snapshot","desc":"Examine a Compute Engine disk snapshot and its security posture. Surfaces the snapshot `name`, `status`, `snapshotType`, `diskSizeGb`, storage consumption (`storageBytes`, `storageLocations`), and `labels`. Audit access exposure via `iamPolicy()` and the `public()` predicate that returns true when the snapshot is shared with `allUsers` or `allAuthenticatedUsers`. The typed `kmsKey()` accessor links to the customer-managed encryption key when CMEK is used, and `sourceDisk` identifies the disk the snapshot was taken from.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"snapshots":{"name":"snapshots","type":"\u0019\u001bgcp.project.computeService.snapshot","title":"Google Compute Engine snapshots in a project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslCertificate":{"name":"sslCertificate","type":"\u001bgcp.project.computeService.sslCertificate","title":"Google Cloud (GCP) Compute SSL certificate","desc":"Examine a Compute Engine SSL certificate attached to HTTPS or SSL proxy load balancers. Query its `type` (`SELF_MANAGED` for user-uploaded certificates or `MANAGED` for Google-managed certificates), subject alternative names, managed certificate configuration and provisioning status, expiration time, and the region it belongs to (empty for global certificates).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sslCertificates":{"name":"sslCertificates","type":"\u0019\u001bgcp.project.computeService.sslCertificate","title":"SSL/TLS certificates","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicies":{"name":"sslPolicies","type":"\u0019\u001bgcp.project.computeService.sslPolicy","title":"SSL/TLS policies for load balancers","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicy":{"name":"sslPolicy","type":"\u001bgcp.project.computeService.sslPolicy","title":"Google Cloud (GCP) Compute SSL policy","desc":"Examine a Compute Engine SSL policy that governs the TLS protocol version and cipher suites negotiated by HTTPS and SSL proxy load balancers. Query its `profile` (`COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`), `minTlsVersion`, enabled features, and custom features (when profile is `CUSTOM`). The `weakTls` field evaluates to `true` when the policy permits cipher suites or protocol versions considered cryptographically weak. `warnings` surfaces any API-reported configuration issues.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"storagePool":{"name":"storagePool","type":"\u001bgcp.project.computeService.storagePool","title":"Google Cloud (GCP) Compute storage pool","desc":"Examine a Compute Engine storage pool — a pre-provisioned block storage capacity container that disks are created from. Query its `state`, capacity provisioning type (`ADVANCED` or `STANDARD`), performance provisioning type, provisioned capacity in GiB, IOPS, and throughput. `storagePoolType` identifies the underlying disk technology, and `zone` names the zone where the pool resides.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"storagePools":{"name":"storagePools","type":"\u0019\u001bgcp.project.computeService.storagePool","title":"Storage pools","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u001bgcp.project.computeService.subnetwork","title":"Google Cloud VPC subnetwork","desc":"Examine a regional VPC subnetwork inside a Compute Engine network. Surfaces the subnetwork's IPv4 and IPv6 CIDR ranges, the `purpose` and `role` (private, regional-managed-proxy, internal-load-balancer, global-managed-proxy, etc.), the `enableFlowLogs` flag and matching `logConfig`, the `privateIpGoogleAccess` and `privateIpv6GoogleAccess` settings that control reachability of Google APIs from instances without external IPs, and typed references to the `network()` and the `region()` the subnet is bound to.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"subnetworks":{"name":"subnetworks","type":"\u0019\u001bgcp.project.computeService.subnetwork","title":"Logical partition of a VPC network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetHttpProxies":{"name":"targetHttpProxies","type":"\u0019\u001bgcp.project.computeService.targetHttpProxy","title":"Target HTTP proxies","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetHttpProxy":{"name":"targetHttpProxy","type":"\u001bgcp.project.computeService.targetHttpProxy","title":"Google Cloud (GCP) Compute target HTTP proxy","desc":"Examine a Compute Engine target HTTP proxy: the URL map it routes traffic through, whether proxy bind is enabled for Cloud Armor, and whether the proxy is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetHttpsProxies":{"name":"targetHttpsProxies","type":"\u0019\u001bgcp.project.computeService.targetHttpsProxy","title":"Target HTTPS proxies","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetHttpsProxy":{"name":"targetHttpsProxy","type":"\u001bgcp.project.computeService.targetHttpsProxy","title":"Google Cloud (GCP) Compute target HTTPS proxy","desc":"Examine a Compute Engine target HTTPS proxy: the URL map it routes traffic through, the SSL certificates it presents, the SSL policy governing TLS version and cipher requirements, the QUIC override setting (NONE, ENABLE, DISABLE), whether proxy bind is enabled for Cloud Armor, and whether the proxy is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetPool":{"name":"targetPool","type":"\u001bgcp.project.computeService.targetPool","title":"Google Cloud (GCP) Compute target pool (legacy network load balancing)","desc":"Examine a legacy network load balancing target pool: its session affinity mode (NONE, CLIENT_IP, CLIENT_IP_PROTO, CLIENT_IP_PORT_PROTO), failover ratio, backup pool URL, associated health check URLs, the instance URLs of members in the pool, and the security policy applied.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetPools":{"name":"targetPools","type":"\u0019\u001bgcp.project.computeService.targetPool","title":"Legacy target pools for network load balancing","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetSslProxies":{"name":"targetSslProxies","type":"\u0019\u001bgcp.project.computeService.targetSslProxy","title":"Target SSL proxies","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetSslProxy":{"name":"targetSslProxy","type":"\u001bgcp.project.computeService.targetSslProxy","title":"Google Cloud (GCP) Compute target SSL proxy","desc":"Examine a Compute Engine target SSL proxy: the backend service it forwards traffic to, the proxy header mode (NONE, PROXY_V1), the SSL certificates it presents, the SSL policy governing TLS version and cipher requirements, and the certificate map URL.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"targetTcpProxies":{"name":"targetTcpProxies","type":"\u0019\u001bgcp.project.computeService.targetTcpProxy","title":"Target TCP proxies","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetTcpProxy":{"name":"targetTcpProxy","type":"\u001bgcp.project.computeService.targetTcpProxy","title":"Google Cloud (GCP) Compute target TCP proxy","desc":"Examine a Compute Engine target TCP proxy: the backend service it forwards traffic to, the proxy header mode (NONE, PROXY_V1), whether proxy bind is enabled, and whether the proxy is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"urlMap":{"name":"urlMap","type":"\u001bgcp.project.computeService.urlMap","title":"Google Cloud (GCP) Compute URL map","desc":"Examine a Compute Engine URL map: its default backend service, host rules that match incoming hostnames, path matchers that route requests to backend services or buckets, URL map tests, and whether the map is regional or global.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"urlMaps":{"name":"urlMaps","type":"\u0019\u001bgcp.project.computeService.urlMap","title":"URL maps (load balancer routing rules)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnGateway":{"name":"vpnGateway","type":"\u001bgcp.project.computeService.vpnGateway","title":"Google Cloud (GCP) Compute HA VPN gateway","desc":"Examine a High Availability (HA) VPN gateway that provides redundant Site-to-Site VPN connectivity. Query its attached `network`, IP family (`gatewayIpVersion`), stack type (`IPV4_ONLY`, `IPV4_IPV6`, or `IPV6_ONLY`), `vpnInterfaces` (each with an IP address and optional interconnect attachment), and resource manager tags. HA VPN gateways always provide two interfaces for 99.99% availability.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vpnGateways":{"name":"vpnGateways","type":"\u0019\u001bgcp.project.computeService.vpnGateway","title":"HA VPN gateways","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnTunnel":{"name":"vpnTunnel","type":"\u001bgcp.project.computeService.vpnTunnel","title":"Google Cloud (GCP) Compute VPN tunnel","desc":"Examine a Cloud VPN tunnel carrying encrypted traffic between a GCP network and a peer gateway. Query its `status`, `ikeVersion`, `localTrafficSelector` and `remoteTrafficSelector` CIDRs, and the `sharedSecretHash`. Resolve the peer via `peerExternalVpnGateway` or `peerGcpVpnGateway`, the owning HA VPN gateway via `vpnGateway`, and the dynamic routing Cloud Router via `router`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vpnTunnels":{"name":"vpnTunnels","type":"\u0019\u001bgcp.project.computeService.vpnTunnel","title":"VPN tunnels","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","title":"Google Cloud (GCP) Compute zone","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"zones":{"name":"zones","type":"\u0019\u001bgcp.project.computeService.zone","title":"Project zones","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Engine","desc":"Use this resource as the entry point for Compute Engine in the project. It hosts the compute surface (`instances`, `disks`, `snapshots`, `images`, `instanceTemplates`, `instanceGroups`, `instanceGroupManagers`, `machineTypes`, `storagePools`), the VPC networking layer (`networks`, `subnetworks`, `routers`, `routes`, `firewalls`, `firewallPolicies`, `addresses`), load balancing (`backendServices`, `backendBuckets`, `urlMaps`, the `target*Proxies`, `forwardingRules`, `healthChecks`, `targetPools`, `networkEndpointGroups`), hybrid connectivity (`vpnGateways`, `vpnTunnels`, `externalVpnGateways`, `interconnects`, `interconnectAttachments`), and security controls (`securityPolicies` for Cloud Armor, `sslPolicies`, `sslCertificates`, `packetMirrorings`). `hasDefaultNetwork` audits whether the auto-created `default` VPC network still exists.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.address":{"id":"gcp.project.computeService.address","name":"gcp.project.computeService.address","fields":{"address":{"name":"address","type":"\u0007","is_mandatory":true,"title":"Static IP address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"addressType":{"name":"addressType","type":"\u0007","is_mandatory":true,"title":"Address type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Address description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipVersion":{"name":"ipVersion","type":"\u0007","is_mandatory":true,"title":"IP version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipv6EndpointType":{"name":"ipv6EndpointType","type":"\u0007","is_mandatory":true,"title":"Endpoint type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels applied to this resource","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Address name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network in which to reserve the address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkTier":{"name":"networkTier","type":"\u0007","is_mandatory":true,"title":"Network tier used for configuring this address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrl":{"name":"networkUrl","type":"\u0007","is_mandatory":true,"title":"Raw network self-link URL","desc":"Deprecated in favor of `network`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"prefixLength":{"name":"prefixLength","type":"\u0005","is_mandatory":true,"title":"Prefix length if the resource represents an IP range","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"purpose":{"name":"purpose","type":"\u0007","is_mandatory":true,"title":"Address purpose","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region where this address is reserved","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"resourceUrls":{"name":"resourceUrls","type":"\u0019\u0007","is_mandatory":true,"title":"URLs of the resources that are using this address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Address status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u001bgcp.project.computeService.subnetwork","title":"Subnetwork in which to reserve the address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetworkUrl":{"name":"subnetworkUrl","type":"\u0007","is_mandatory":true,"title":"Raw subnetwork self-link URL","desc":"Deprecated in favor of `subnetwork`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"}},"title":"Google Cloud (GCP) Compute Engine static IP address","desc":"Examine a reserved static IP address (external or internal). Surfaces the `address` value, `addressType`, `ipVersion`, `purpose` (EXTERNAL, GCE_ENDPOINT, SHARED_LOADBALANCER_VIP, etc.), `networkTier`, `status`, and `prefixLength` for IP-range reservations. The typed `network()` and `subnetwork()` accessors link to the VPC resources the address is scoped to, and `resourceUrls` lists the compute resources currently using the address.","private":true,"min_provider_version":"9.0.0","defaults":"name address addressType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.attachedDisk":{"id":"gcp.project.computeService.attachedDisk","name":"gcp.project.computeService.attachedDisk","fields":{"architecture":{"name":"architecture","type":"\u0007","is_mandatory":true,"title":"Architecture of the attached disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"autoDelete":{"name":"autoDelete","type":"\u0004","is_mandatory":true,"title":"Whether the disk will be auto-deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"boot":{"name":"boot","type":"\u0004","is_mandatory":true,"title":"Whether this is a boot disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deviceName":{"name":"deviceName","type":"\u0007","is_mandatory":true,"title":"Unique device name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskEncryptionKey":{"name":"diskEncryptionKey","type":"\n","is_mandatory":true,"title":"Encryption key protecting this attached disk","desc":"Distinguishes customer-managed (kmsKeyName), customer-supplied (rawKey / rsaEncryptedKey), and Google-managed (empty) encryption.","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskSizeGb":{"name":"diskSizeGb","type":"\u0005","is_mandatory":true,"title":"Size of the disk in GB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"forceAttach":{"name":"forceAttach","type":"\u0004","is_mandatory":true,"title":"Whether to force attach the regional disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"guestOsFeatures":{"name":"guestOsFeatures","type":"\u0019\u0007","is_mandatory":true,"title":"Features to enable on the guest operating system","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Attached Disk ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"index":{"name":"index","type":"\u0005","is_mandatory":true,"title":"Index to this disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interface":{"name":"interface","type":"\u0007","is_mandatory":true,"title":"Disk interface","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"licenses":{"name":"licenses","type":"\u0019\u0007","is_mandatory":true,"title":"Publicly visible licenses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Mode in which the disk is attached","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"source":{"name":"source","type":"\u001bgcp.project.computeService.disk","title":"Attached Persistent Disk resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Disk type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute attached disk","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.backendBucket":{"id":"gcp.project.computeService.backendBucket","name":"gcp.project.computeService.backendBucket","fields":{"bucketName":{"name":"bucketName","type":"\u0007","is_mandatory":true,"title":"Cloud Storage bucket name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cdnPolicy":{"name":"cdnPolicy","type":"\n","is_mandatory":true,"title":"CDN policy configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"compressionMode":{"name":"compressionMode","type":"\u0007","is_mandatory":true,"title":"Compression mode (AUTOMATIC, DISABLED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customResponseHeaders":{"name":"customResponseHeaders","type":"\u0019\u0007","is_mandatory":true,"title":"Custom response headers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"edgeSecurityPolicy":{"name":"edgeSecurityPolicy","type":"\u0007","is_mandatory":true,"title":"Edge security policy URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableCdn":{"name":"enableCdn","type":"\u0004","is_mandatory":true,"title":"Whether Cloud CDN is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Backend bucket name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute backend bucket","desc":"Examine a Compute Engine backend bucket: the backing Cloud Storage bucket name, whether Cloud CDN is enabled, the CDN policy configuration, compression mode (AUTOMATIC, DISABLED), custom response headers, and the edge security policy URL.","private":true,"min_provider_version":"13.6.1","defaults":"name enableCdn","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.backendService":{"id":"gcp.project.computeService.backendService","name":"gcp.project.computeService.backendService","fields":{"affinityCookieTtlSec":{"name":"affinityCookieTtlSec","type":"\u0005","is_mandatory":true,"title":"Lifetime of cookies in seconds","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backend":{"name":"backend","type":"\u001bgcp.project.computeService.backendService.backend","title":"Google Cloud (GCP) Compute backend service backend","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backends":{"name":"backends","type":"\u0019\u001bgcp.project.computeService.backendService.backend","is_mandatory":true,"title":"List of backends that serve this backend service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cdnPolicy":{"name":"cdnPolicy","type":"\u001bgcp.project.computeService.backendService.cdnPolicy","is_mandatory":true,"title":"Cloud CDN configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"circuitBreakers":{"name":"circuitBreakers","type":"\n","is_mandatory":true,"title":"Circuit breakers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudArmorEnabled":{"name":"cloudArmorEnabled","type":"\u0004","title":"Whether the backend service has a Cloud Armor security policy attached","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"compressionMode":{"name":"compressionMode","type":"\u0007","is_mandatory":true,"title":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionDraining":{"name":"connectionDraining","type":"\n","is_mandatory":true,"title":"Connection draining configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionTrackingPolicy":{"name":"connectionTrackingPolicy","type":"\n","is_mandatory":true,"title":"Connection tracking configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"consistentHash":{"name":"consistentHash","type":"\n","is_mandatory":true,"title":"Consistent hash-based load balancing used to provide soft session affinity based on HTTP headers, cookies or other properties","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customRequestHeaders":{"name":"customRequestHeaders","type":"\u0019\u0007","is_mandatory":true,"title":"Headers that the load balancer adds to proxied requests","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customResponseHeaders":{"name":"customResponseHeaders","type":"\u0019\u0007","is_mandatory":true,"title":"Headers that the load balancer adds to proxied responses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Backend service description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"edgeSecurityPolicy":{"name":"edgeSecurityPolicy","type":"\u0007","is_mandatory":true,"title":"Resource URL for the edge security policy associated with this backend service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableCDN":{"name":"enableCDN","type":"\u0004","is_mandatory":true,"title":"Whether to enable Cloud CDN","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"failoverPolicy":{"name":"failoverPolicy","type":"\n","is_mandatory":true,"title":"Failover policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Fingerprint for optimistic locking","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthChecks":{"name":"healthChecks","type":"\u0019\u0007","is_mandatory":true,"title":"List of URLs to the health checks","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iap":{"name":"iap","type":"\n","is_mandatory":true,"title":"Identity-aware proxy configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iapEnabled":{"name":"iapEnabled","type":"\u0004","title":"Whether Identity-Aware Proxy is enabled for the backend service (iap.enabled is true)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipAddressSelectionPolicy":{"name":"ipAddressSelectionPolicy","type":"\u0007","is_mandatory":true,"title":"Specifies the IP address selection policy for the backend service (IPV4_ONLY, PREFER_IPV6, IPV6_ONLY)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loadBalancingScheme":{"name":"loadBalancingScheme","type":"\u0007","is_mandatory":true,"title":"Load balancer type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"localityLbPolicies":{"name":"localityLbPolicies","type":"\u0019\n","is_mandatory":true,"title":"List of locality load balancing policies to be used in order of preference","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"localityLbPolicy":{"name":"localityLbPolicy","type":"\u0007","is_mandatory":true,"title":"Load balancing algorithm used within the scope of the locality","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logConfig":{"name":"logConfig","type":"\n","is_mandatory":true,"title":"Log configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxStreamDuration":{"name":"maxStreamDuration","type":"\t","is_mandatory":true,"title":"Default maximum duration (timeout) for streams to this service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Backend service name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network to which this backend service belongs","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrl":{"name":"networkUrl","type":"\u0007","is_mandatory":true,"title":"Raw network self-link URL","desc":"Deprecated in favor of `network`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"title":"Backend service port","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"portName":{"name":"portName","type":"\u0007","is_mandatory":true,"title":"Named port on a backend instance group representing the port for communication to the backend VMs in that group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"protocol":{"name":"protocol","type":"\u0007","is_mandatory":true,"title":"Protocol used for communication","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the backend service lives in (empty for global services)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"securityPolicy":{"name":"securityPolicy","type":"\u001bgcp.project.computeService.securityPolicy","title":"Cloud Armor security policy","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityPolicyUrl":{"name":"securityPolicyUrl","type":"\u0007","is_mandatory":true,"title":"Raw security policy self-link URL","desc":"Deprecated in favor of `securityPolicy`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"securitySettings":{"name":"securitySettings","type":"\n","is_mandatory":true,"title":"Client TLS policy and subject alternative names for the backend service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securitySettingsClientTlsPolicy":{"name":"securitySettingsClientTlsPolicy","type":"\u0007","is_mandatory":true,"title":"URL of the networksecurity ClientTlsPolicy that describes how clients authenticate with the backends","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securitySettingsSubjectAltNames":{"name":"securitySettingsSubjectAltNames","type":"\u0019\u0007","is_mandatory":true,"title":"Subject Alternative Names the client verifies during a mutual TLS handshake with the backends","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceBindingUrls":{"name":"serviceBindingUrls","type":"\u0019\u0007","is_mandatory":true,"title":"Service binding URLs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceLbPolicy":{"name":"serviceLbPolicy","type":"\u0007","is_mandatory":true,"title":"URL of the service load balancing policy resource","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sessionAffinity":{"name":"sessionAffinity","type":"\u0007","is_mandatory":true,"title":"Session affinity type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeoutSec":{"name":"timeoutSec","type":"\u0005","is_mandatory":true,"title":"Backend service timeout in settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Compute Engine backend service","desc":"Examine a load-balancer backend service's configuration and security posture. Surfaces the `loadBalancingScheme`, `protocol`, `backends()` (instance groups or NEGs), `healthChecks`, session-affinity settings, Cloud CDN policy (`cdnPolicy`), Identity-Aware Proxy configuration (`iap`), and the attached Cloud Armor `securityPolicy()`. Derived predicates `cloudArmorEnabled()` and `iapEnabled()` provide quick posture checks. The `network()` reference links to the VPC the service is deployed in.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.backendService.backend":{"id":"gcp.project.computeService.backendService.backend","name":"gcp.project.computeService.backendService.backend","fields":{"balancingMode":{"name":"balancingMode","type":"\u0007","is_mandatory":true,"title":"How to determine whether the backend of a load balancer can handle additional traffic or is fully loaded","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"capacityScaler":{"name":"capacityScaler","type":"\u0006","is_mandatory":true,"title":"Multiplier applied to the backend's target capacity of its balancing mode","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Backend description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"failover":{"name":"failover","type":"\u0004","is_mandatory":true,"title":"Whether this is a failover backend","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"groupUrl":{"name":"groupUrl","type":"\u0007","is_mandatory":true,"title":"Fully-qualified URL of an instance group or network endpoint group determining what types of backends a load balancer supports","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxConnections":{"name":"maxConnections","type":"\u0005","is_mandatory":true,"title":"Maximum number of simultaneous connections","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxConnectionsPerEndpoint":{"name":"maxConnectionsPerEndpoint","type":"\u0005","is_mandatory":true,"title":"Maximum number of simultaneous connections per endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxConnectionsPerInstance":{"name":"maxConnectionsPerInstance","type":"\u0005","is_mandatory":true,"title":"Maximum number of simultaneous connections per instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxRate":{"name":"maxRate","type":"\u0005","is_mandatory":true,"title":"Maximum number of HTTP requests per second","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxRatePerEndpoint":{"name":"maxRatePerEndpoint","type":"\u0006","is_mandatory":true,"title":"Maximum number for requests per second per endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxRatePerInstance":{"name":"maxRatePerInstance","type":"\u0006","is_mandatory":true,"title":"Maximum number for requests per second per instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxUtilization":{"name":"maxUtilization","type":"\u0006","is_mandatory":true,"title":"Target capacity for the utilization balancing mode","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute backend service backend","private":true,"min_provider_version":"9.0.0","defaults":"description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.backendService.cdnPolicy":{"id":"gcp.project.computeService.backendService.cdnPolicy","name":"gcp.project.computeService.backendService.cdnPolicy","fields":{"bypassCacheOnRequestHeaders":{"name":"bypassCacheOnRequestHeaders","type":"\u0019\n","is_mandatory":true,"title":"Bypass the cache when the specified request headers are matched","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cacheKeyPolicy":{"name":"cacheKeyPolicy","type":"\n","is_mandatory":true,"title":"Cache key policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cacheMode":{"name":"cacheMode","type":"\u0007","is_mandatory":true,"title":"Cache mode for all responses from this backend","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clientTtl":{"name":"clientTtl","type":"\u0005","is_mandatory":true,"title":"Client maximum TTL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultTtl":{"name":"defaultTtl","type":"\u0005","is_mandatory":true,"title":"Default TTL for cached content","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxTtl":{"name":"maxTtl","type":"\u0005","is_mandatory":true,"title":"Maximum allowed TTL for cached content","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"negativeCaching":{"name":"negativeCaching","type":"\u0004","is_mandatory":true,"title":"Whether negative caching allows per-status code TTLs to be set in order to apply fine-grained caching for common errors or redirects","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"negativeCachingPolicy":{"name":"negativeCachingPolicy","type":"\u0019\n","is_mandatory":true,"title":"Negative caching policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"requestCoalescing":{"name":"requestCoalescing","type":"\u0004","is_mandatory":true,"title":"Whether Cloud CDN combines multiple concurrent cache fill requests into a small number of requests to the origin","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serveWhileStale":{"name":"serveWhileStale","type":"\u0005","is_mandatory":true,"title":"Serve existing content from the cache when revalidating content with the origin","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"signedUrlCacheMaxAgeSec":{"name":"signedUrlCacheMaxAgeSec","type":"\u0005","is_mandatory":true,"title":"Maximum number of seconds the response to a signed URL request is considered fresh","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"signedUrlKeyNames":{"name":"signedUrlKeyNames","type":"\u0019\u0007","is_mandatory":true,"title":"Names of the keys for signing request URLs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute backend service CDN policy","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.disk":{"id":"gcp.project.computeService.disk","name":"gcp.project.computeService.disk","fields":{"accessMode":{"name":"accessMode","type":"\u0007","is_mandatory":true,"title":"Access mode of the disk (READ_WRITE_SINGLE, READ_WRITE_MANY, READ_ONLY_MANY)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"architecture":{"name":"architecture","type":"\u0007","is_mandatory":true,"title":"The architecture of the disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"asyncPrimaryDisk":{"name":"asyncPrimaryDisk","type":"\n","is_mandatory":true,"title":"Primary of the async replication pair when this disk is a secondary","desc":"Surfaces the replication primary for an asynchronously replicated disk: `disk` (the URL of the primary disk that replicates into this one), `consistencyGroupPolicy` (the disk consistency group policy URL when replication started as part of a group), and `consistencyGroupPolicyId`. Null when this disk is not an async replication secondary.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"asyncSecondaryDisks":{"name":"asyncSecondaryDisks","type":"\n","is_mandatory":true,"title":"Secondaries that this disk asynchronously replicates to, keyed by zone or region","desc":"Map keyed by the destination scope (for example a zone URL); each value carries an `asyncReplicationDisk` entry with `disk`, `consistencyGroupPolicy`, and `consistencyGroupPolicyId`.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskEncryptionKey":{"name":"diskEncryptionKey","type":"\n","is_mandatory":true,"title":"Disk encryption key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableConfidentialCompute":{"name":"enableConfidentialCompute","type":"\u0004","is_mandatory":true,"title":"Whether the disk uses confidential compute mode encryption","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"guestOsFeatures":{"name":"guestOsFeatures","type":"\u0019\u0007","is_mandatory":true,"title":"Features to enable on the guest operating system","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier for the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used for disk encryption (null when Google-managed or customer-supplied)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels to apply to this disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastAttachTimestamp":{"name":"lastAttachTimestamp","type":"\t","is_mandatory":true,"title":"Last attach timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastDetachTimestamp":{"name":"lastDetachTimestamp","type":"\t","is_mandatory":true,"title":"Last detach timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"licenses":{"name":"licenses","type":"\u0019\u0007","is_mandatory":true,"title":"Publicly visible licenses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locationHint":{"name":"locationHint","type":"\u0007","is_mandatory":true,"title":"An opaque location hint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-friendly name for this disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"physicalBlockSizeBytes":{"name":"physicalBlockSizeBytes","type":"\u0005","is_mandatory":true,"title":"Physical block size of the persistent disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"provisionedIops":{"name":"provisionedIops","type":"\u0005","is_mandatory":true,"title":"How many IOPS to provision for the disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"provisionedThroughput":{"name":"provisionedThroughput","type":"\u0005","is_mandatory":true,"title":"Provisioned throughput of the disk in MB/s","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u0007","is_mandatory":true,"title":"Region of the disk (for regional persistent disks)","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaZones":{"name":"replicaZones","type":"\u0019\u0007","is_mandatory":true,"title":"Replica zones for regional persistent disks","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePolicies":{"name":"resourcePolicies","type":"\u0019\u0007","is_mandatory":true,"title":"Resource policies applied to this disk","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the disk satisfies Google's Protected Zone Integration requirements","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the disk satisfies Google's Protected Zone Separation requirements","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sizeGb":{"name":"sizeGb","type":"\u0005","is_mandatory":true,"title":"Size, in GB, of the persistent disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceDisk":{"name":"sourceDisk","type":"\u001bgcp.project.computeService.disk","title":"Source disk used to create this disk","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceImage":{"name":"sourceImage","type":"\u001bgcp.project.computeService.image","title":"Source image used to create the disk","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceImageEncryptionKey":{"name":"sourceImageEncryptionKey","type":"\n","is_mandatory":true,"title":"Encryption key used to decrypt the source image when the disk was created from one","desc":"Same shape as `diskEncryptionKey`: `kmsKeyName`, `kmsKeyServiceAccount`, `rawKey`, `rsaEncryptedKey`, `sha256`. Useful for auditing encryption lineage from the source image into the disk.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceSnapshot":{"name":"sourceSnapshot","type":"\u001bgcp.project.computeService.snapshot","title":"Source snapshot used to create the disk","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceSnapshotEncryptionKey":{"name":"sourceSnapshotEncryptionKey","type":"\n","is_mandatory":true,"title":"Encryption key used to decrypt the source snapshot when the disk was created from one","desc":"Same shape as `diskEncryptionKey`: `kmsKeyName`, `kmsKeyServiceAccount`, `rawKey`, `rsaEncryptedKey`, `sha256`. Useful for auditing encryption lineage from the source snapshot into the disk.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"The status of disk creation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storagePool":{"name":"storagePool","type":"\u001bgcp.project.computeService.storagePool","title":"Storage pool where the disk resides","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"URL of the disk type resource (e.g., pd-standard, pd-ssd, pd-balanced)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"users":{"name":"users","type":"\u0019\u0007","is_mandatory":true,"title":"Links to the instances the disk is attached to","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","is_mandatory":true,"title":"Disk zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Engine persistent disk","desc":"Examine a Compute Engine persistent disk and its security configuration. Surfaces the disk `type` (pd-standard, pd-ssd, pd-balanced, etc.), `sizeGb`, `status`, attached instance `users`, and the `zone` or `region` of the disk. Audit encryption posture via `diskEncryptionKey` and the typed `kmsKey()` accessor for customer-managed keys, and `enableConfidentialCompute` for Confidential VM disks. The `sourceImage()` and `sourceSnapshot()` accessors identify what the disk was created from, and `storagePool()` links to the provisioned storage pool when applicable.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.externalVpnGateway":{"id":"gcp.project.computeService.externalVpnGateway","name":"gcp.project.computeService.externalVpnGateway","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interfaces":{"name":"interfaces","type":"\u0019\n","is_mandatory":true,"title":"Interfaces (IP addresses of the peer gateway)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Gateway name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"redundancyType":{"name":"redundancyType","type":"\u0007","is_mandatory":true,"title":"Redundancy type (SINGLE_IP_INTERNALLY_REDUNDANT, TWO_IPS_REDUNDANCY, FOUR_IPS_REDUNDANCY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute external VPN gateway (peer/customer-side)","desc":"Examine the peer-side VPN gateway used in a Cloud VPN configuration: its redundancy type (SINGLE_IP_INTERNALLY_REDUNDANT, TWO_IPS_REDUNDANCY, FOUR_IPS_REDUNDANCY), the IP addresses of the peer gateway's interfaces, and resource labels.","private":true,"min_provider_version":"13.6.1","defaults":"name redundancyType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.firewall":{"id":"gcp.project.computeService.firewall","name":"gcp.project.computeService.firewall","fields":{"allowed":{"name":"allowed","type":"\u0019\n","is_mandatory":true,"title":"List of ALLOW rules specified by this firewall","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"allowsRdpFromInternet":{"name":"allowsRdpFromInternet","type":"\u0004","title":"Whether this rule permits RDP (tcp/3389) from the public internet — narrower form of openToInternet for the RDP-specific port check","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"allowsSshFromInternet":{"name":"allowsSshFromInternet","type":"\u0004","title":"Whether this rule permits SSH (tcp/22) from the public internet — narrower form of openToInternet for the SSH-specific port check","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"denied":{"name":"denied","type":"\u0019\n","is_mandatory":true,"title":"List of DENY rules specified by this firewall","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"An optional description of this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destinationRanges":{"name":"destinationRanges","type":"\u0019\u0007","is_mandatory":true,"title":"Range of destination IP addresses for which the rule applies to traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"direction":{"name":"direction","type":"\u0007","is_mandatory":true,"title":"Direction of traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the firewall rule is disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logConfig":{"name":"logConfig","type":"\n","is_mandatory":true,"title":"Full firewall log configuration (enable, metadata)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logConfigMetadata":{"name":"logConfigMetadata","type":"\u0007","is_mandatory":true,"title":"Firewall log metadata level (INCLUDE_ALL_METADATA, EXCLUDE_ALL_METADATA)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingEnabled":{"name":"loggingEnabled","type":"\u0004","is_mandatory":true,"title":"Whether firewall logging is enabled for this rule","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-provided name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network resource for this firewall rule","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"openToInternet":{"name":"openToInternet","type":"\u0004","title":"Whether this rule allows ingress traffic from the public internet (INGRESS, enabled, has allow rules, sourceRanges contains 0.0.0.0/0 or ::/0)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Priority for this rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceRanges":{"name":"sourceRanges","type":"\u0019\u0007","is_mandatory":true,"title":"Source ranges","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceServiceAccounts":{"name":"sourceServiceAccounts","type":"\u0019\u0007","is_mandatory":true,"title":"Source service accounts","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceTags":{"name":"sourceTags","type":"\u0019\u0007","is_mandatory":true,"title":"Source tags","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetServiceAccounts":{"name":"targetServiceAccounts","type":"\u0019\u0007","is_mandatory":true,"title":"List of service accounts","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetTags":{"name":"targetTags","type":"\u0019\u0007","is_mandatory":true,"title":"Instance tags that the firewall rule applies to","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Compute Engine VPC firewall rule","desc":"Examine a Compute Engine firewall rule's traffic-filtering configuration. Surfaces the rule `direction` (INGRESS / EGRESS), `priority`, `disabled` state, `sourceRanges`, `destinationRanges`, target and source tags and service accounts, `allowed` and `denied` protocol/port lists, and log configuration. Derived predicates — `openToInternet()`, `allowsSshFromInternet()`, and `allowsRdpFromInternet()` — flag the most common exposure patterns. The `network()` reference links to the VPC the rule belongs to.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.firewallPolicy":{"id":"gcp.project.computeService.firewallPolicy","name":"gcp.project.computeService.firewallPolicy","fields":{"associations":{"name":"associations","type":"\u0019\n","is_mandatory":true,"title":"Associations of this policy with networks","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short name of the firewall policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the firewall policy lives in (empty for global policies)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"rule":{"name":"rule","type":"\u001bgcp.project.computeService.firewallPolicy.rule","title":"Google Cloud (GCP) Compute network firewall policy rule","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"ruleTupleCount":{"name":"ruleTupleCount","type":"\u0005","is_mandatory":true,"title":"Total count of all firewall policy rule tuples","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rules":{"name":"rules","type":"\u0019\u001bgcp.project.computeService.firewallPolicy.rule","title":"Rules associated with this firewall policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Server-defined URL for the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute network firewall policy","desc":"Examine a Compute Engine network firewall policy — a hierarchical or global/regional policy containing an ordered set of firewall rules that can be associated with multiple VPC networks. Query its `ruleTupleCount` (total rule tuples consumed toward the quota), `associations` (the networks and scopes the policy is attached to), and `regionUrl` (empty for global policies). Drill into `rules` for the ordered allow, deny, and goto-next rules.","private":true,"min_provider_version":"11.6.6","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.firewallPolicy.rule":{"id":"gcp.project.computeService.firewallPolicy.rule","name":"gcp.project.computeService.firewallPolicy.rule","fields":{"action":{"name":"action","type":"\u0007","is_mandatory":true,"title":"Action to take (allow, deny, goto_next, apply_security_profile_group)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destAddressGroups":{"name":"destAddressGroups","type":"\u0019\u0007","is_mandatory":true,"title":"Destination address groups the rule matches","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destIpRanges":{"name":"destIpRanges","type":"\u0019\u0007","is_mandatory":true,"title":"Destination IPv4/IPv6 CIDR ranges the rule matches","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"direction":{"name":"direction","type":"\u0007","is_mandatory":true,"title":"Direction of traffic (INGRESS, EGRESS)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the rule is disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableLogging":{"name":"enableLogging","type":"\u0004","is_mandatory":true,"title":"Whether this is a logging-enabled rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"layer4Configs":{"name":"layer4Configs","type":"\u0019\n","is_mandatory":true,"title":"Protocol/port combinations the rule matches (each entry: {ipProtocol, ports[]})","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"match":{"name":"match","type":"\n","is_mandatory":true,"title":"Match conditions for the rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Priority of the rule (lower is higher priority)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ruleName":{"name":"ruleName","type":"\u0007","is_mandatory":true,"title":"Rule name (optional)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityProfileGroup":{"name":"securityProfileGroup","type":"\u0007","is_mandatory":true,"title":"Security profile group URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"srcAddressGroups":{"name":"srcAddressGroups","type":"\u0019\u0007","is_mandatory":true,"title":"Source address groups the rule matches","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"srcIpRanges":{"name":"srcIpRanges","type":"\u0019\u0007","is_mandatory":true,"title":"Source IPv4/IPv6 CIDR ranges the rule matches","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"srcSecureTags":{"name":"srcSecureTags","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Source secure tag values the rule matches (tag name -\u003e state, e.g. EFFECTIVE / INEFFECTIVE)","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetResources":{"name":"targetResources","type":"\u0019\u0007","is_mandatory":true,"title":"Target resources for the rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetSecureTags":{"name":"targetSecureTags","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Target secure tag values (tag name -\u003e state); the modern replacement for instance targetTags on hierarchical policies","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetServiceAccounts":{"name":"targetServiceAccounts","type":"\u0019\u0007","is_mandatory":true,"title":"Target service accounts for the rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute network firewall policy rule","private":true,"min_provider_version":"11.6.6","defaults":"priority action direction","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.forwardingRule":{"id":"gcp.project.computeService.forwardingRule","name":"gcp.project.computeService.forwardingRule","fields":{"allPorts":{"name":"allPorts","type":"\u0004","is_mandatory":true,"title":"Whether to use all ports for forwarding traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"allowGlobalAccess":{"name":"allowGlobalAccess","type":"\u0004","is_mandatory":true,"title":"Whether to allow access to the load balancer from all regions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"allowPscGlobalAccess":{"name":"allowPscGlobalAccess","type":"\u0004","is_mandatory":true,"title":"Whether PSC global access is allowed for the forwarding rule","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backendService":{"name":"backendService","type":"\u0007","is_mandatory":true,"title":"Backend service to which the forwarding rule sends traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional resource description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Fingerprint for optimistic locking","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipAddress":{"name":"ipAddress","type":"\u0007","is_mandatory":true,"title":"IP address for which this forwarding rule accepts traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipCollection":{"name":"ipCollection","type":"\u0007","is_mandatory":true,"title":"IP address collection resource","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipProtocol":{"name":"ipProtocol","type":"\u0007","is_mandatory":true,"title":"IP protocol to which this rule applies","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipVersion":{"name":"ipVersion","type":"\u0007","is_mandatory":true,"title":"IP version that this forwarding rule uses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isMirroringCollector":{"name":"isMirroringCollector","type":"\u0004","is_mandatory":true,"title":"Whether this load balancer can be used as a collector for packet mirroring","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loadBalancingScheme":{"name":"loadBalancingScheme","type":"\u0007","is_mandatory":true,"title":"Forwarding rule type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadataFilters":{"name":"metadataFilters","type":"\u0019\n","is_mandatory":true,"title":"Opaque filter criteria used by the load balancer to restrict routing configuration to a limited set of xDS-compliant clients","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Forwarding rule name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network used for internal load balancing","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkTier":{"name":"networkTier","type":"\u0007","is_mandatory":true,"title":"Network tier used for configuring this load balancer","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrl":{"name":"networkUrl","type":"\u0007","is_mandatory":true,"title":"Raw network self-link URL","desc":"Deprecated in favor of `network`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"noAutomateDnsZone":{"name":"noAutomateDnsZone","type":"\u0004","is_mandatory":true,"title":"Whether the forwarding rule should try to auto-generate a DNS zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"portRange":{"name":"portRange","type":"\u0007","is_mandatory":true,"title":"Port range to forward","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ports":{"name":"ports","type":"\u0019\u0007","is_mandatory":true,"title":"Ports to forward","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscConnectionStatus":{"name":"pscConnectionStatus","type":"\u0007","is_mandatory":true,"title":"The PSC connection status of this forwarding rule (ACCEPTED, CLOSED, NEEDS_ATTENTION, PENDING, REJECTED, STATUS_UNSPECIFIED)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the forwarding rule lives in (empty for global forwarding rules)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"serviceDirectoryRegistrations":{"name":"serviceDirectoryRegistrations","type":"\u0019\n","is_mandatory":true,"title":"Service Directory resources with which to register this forwarding rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceLabel":{"name":"serviceLabel","type":"\u0007","is_mandatory":true,"title":"Optional prefix to the service name for this forwarding rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceName":{"name":"serviceName","type":"\u0007","is_mandatory":true,"title":"Internal fully qualified service name for this forwarding rule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceIpRanges":{"name":"sourceIpRanges","type":"\u0019\u0007","is_mandatory":true,"title":"If this load balancer can be used for packet mirroring, the source IP ranges to mirror","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u001bgcp.project.computeService.subnetwork","title":"Subnetwork to which the load balanced IP belongs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetworkUrl":{"name":"subnetworkUrl","type":"\u0007","is_mandatory":true,"title":"Raw subnetwork self-link URL","desc":"Deprecated in favor of `subnetwork`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"targetUrl":{"name":"targetUrl","type":"\u0007","is_mandatory":true,"title":"URL of the target resource to receive the matched traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Engine forwarding rule","desc":"Examine a load-balancer forwarding rule that routes incoming traffic to a backend. Surfaces the `ipAddress`, `ipProtocol`, `portRange`, `ports`, `loadBalancingScheme`, `networkTier`, and `targetUrl` describing where traffic is sent. The typed `network()` and `subnetwork()` accessors link to the VPC resources the rule is scoped to. Audit Private Service Connect posture via `pscConnectionStatus` and `allowPscGlobalAccess`, and packet mirroring eligibility via `isMirroringCollector`.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.healthCheck":{"id":"gcp.project.computeService.healthCheck","name":"gcp.project.computeService.healthCheck","fields":{"checkIntervalSec":{"name":"checkIntervalSec","type":"\u0005","is_mandatory":true,"title":"How often (in seconds) to send a health check","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"grpcHealthCheck":{"name":"grpcHealthCheck","type":"\n","is_mandatory":true,"title":"Configuration for gRPC health check","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthyThreshold":{"name":"healthyThreshold","type":"\u0005","is_mandatory":true,"title":"Number of consecutive successes required","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"http2HealthCheck":{"name":"http2HealthCheck","type":"\n","is_mandatory":true,"title":"Configuration for HTTP2 health check","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"httpHealthCheck":{"name":"httpHealthCheck","type":"\n","is_mandatory":true,"title":"Configuration for HTTP health check","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"httpsHealthCheck":{"name":"httpsHealthCheck","type":"\n","is_mandatory":true,"title":"Configuration for HTTPS health check","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logConfig":{"name":"logConfig","type":"\n","is_mandatory":true,"title":"Whether to enable logging","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the health check","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the health check lives in (empty for global health checks)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Server-defined URL for the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslHealthCheck":{"name":"sslHealthCheck","type":"\n","is_mandatory":true,"title":"Configuration for SSL health check","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tcpHealthCheck":{"name":"tcpHealthCheck","type":"\n","is_mandatory":true,"title":"Configuration for TCP health check","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeoutSec":{"name":"timeoutSec","type":"\u0005","is_mandatory":true,"title":"How long (in seconds) to wait for a response","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of health check (HTTP, HTTPS, TCP, SSL, HTTP2, GRPC)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"unhealthyThreshold":{"name":"unhealthyThreshold","type":"\u0005","is_mandatory":true,"title":"Number of consecutive failures required","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute health check","desc":"Examine a Compute Engine health check: its protocol type (HTTP, HTTPS, TCP, SSL, HTTP2, GRPC), check interval and timeout, healthy and unhealthy thresholds, protocol-specific configuration (httpHealthCheck, httpsHealthCheck, tcpHealthCheck, sslHealthCheck, http2HealthCheck, grpcHealthCheck), logging configuration, and whether the check is regional or global.","private":true,"min_provider_version":"11.6.6","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.image":{"id":"gcp.project.computeService.image","name":"gcp.project.computeService.image","fields":{"architecture":{"name":"architecture","type":"\u0007","is_mandatory":true,"title":"Architecture of the image","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"archiveSizeBytes":{"name":"archiveSizeBytes","type":"\u0005","is_mandatory":true,"title":"Size of the image tar.gz archive stored in Google Cloud Storage (in bytes)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskSizeGb":{"name":"diskSizeGb","type":"\u0005","is_mandatory":true,"title":"Size of the image when restored onto a persistent disk (in GB)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableConfidentialCompute":{"name":"enableConfidentialCompute","type":"\u0004","is_mandatory":true,"title":"Whether the image uses confidential compute mode encryption","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"family":{"name":"family","type":"\u0007","is_mandatory":true,"title":"The name of the image family to which this image belongs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings for this image (includes allUsers / allAuthenticatedUsers grants when the image is publicly shared)","min_provider_version":"13.10.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"imageEncryptionKey":{"name":"imageEncryptionKey","type":"\n","is_mandatory":true,"title":"Encryption key protecting the image","desc":"Distinguishes customer-managed (kmsKeyName), customer-supplied (rawKey / rsaEncryptedKey), and Google-managed (empty) encryption.","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used for image encryption (null when Google-managed or customer-supplied)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Image labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"licenses":{"name":"licenses","type":"\u0019\u0007","is_mandatory":true,"title":"Publicly visible licenses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether the image's IAM policy grants any role to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the image satisfies Google's Protected Zone Integration requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the image satisfies Google's Protected Zone Separation requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shieldedInstanceInitialState":{"name":"shieldedInstanceInitialState","type":"\n","is_mandatory":true,"title":"Secure Boot trust anchors (PK, KEKs, db, dbx) that VMs booted from this image will trust","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceDisk":{"name":"sourceDisk","type":"\u001bgcp.project.computeService.disk","title":"Source disk used to create this image","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceImage":{"name":"sourceImage","type":"\u001bgcp.project.computeService.image","title":"Source image used to create this image","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceSnapshot":{"name":"sourceSnapshot","type":"\u001bgcp.project.computeService.snapshot","title":"Source snapshot used to create this image","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"The status of the image","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageLocations":{"name":"storageLocations","type":"\u0019\u0007","is_mandatory":true,"title":"Cloud Storage locations where the image is stored","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Compute Engine custom or public machine image","desc":"Examine a Compute Engine image's configuration, encryption posture, and access controls. Surfaces the image `family`, `architecture`, disk and archive sizes, `status`, confidential-compute flag, Protected Zone attributes, Cloud Storage `storageLocations`, source provenance (`sourceDisk()`, `sourceImage()`, `sourceSnapshot()`), the CMEK key protecting the image, the IAM policy — including any `allUsers` / `allAuthenticatedUsers` grants that make the image `public()` — and user-defined `labels`.","private":true,"min_provider_version":"9.0.0","defaults":"id name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instance":{"id":"gcp.project.computeService.instance","name":"gcp.project.computeService.instance","fields":{"advancedMachineFeatures":{"name":"advancedMachineFeatures","type":"\n","is_mandatory":true,"title":"Advanced machine features controlling BIOS-level behavior","desc":"Surfaces options usually configured in a BIOS: `enableNestedVirtualization`, `enableUefiNetworking`, `threadsPerCore` (set to 1 to disable SMT), `visibleCoreCount` (number of physical cores exposed), and `performanceMonitoringUnit` (one of ARCHITECTURAL, ENHANCED, STANDARD, or PERFORMANCE_MONITORING_UNIT_UNSPECIFIED).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"blockProjectSshKeysEnabled":{"name":"blockProjectSshKeysEnabled","type":"\u0004","title":"Whether instance metadata 'block-project-ssh-keys' is true","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"canIpForward":{"name":"canIpForward","type":"\u0004","is_mandatory":true,"title":"Whether the instance is allowed to send and receive packets with non-matching destination or source IPs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"confidentialCompute":{"name":"confidentialCompute","type":"\u001bgcp.project.computeService.instance.confidentialCompute","is_mandatory":true,"title":"Confidential Compute configuration for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"confidentialInstanceConfig":{"name":"confidentialInstanceConfig","type":"\n","is_mandatory":true,"title":"Raw confidential instance config dict","desc":"Deprecated in favor of `confidentialCompute`, which exposes the same fields as a typed sub-resource plus the confidential VM type.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"cpuPlatform":{"name":"cpuPlatform","type":"\u0007","is_mandatory":true,"title":"CPU platform used by this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deletionProtection":{"name":"deletionProtection","type":"\u0004","is_mandatory":true,"title":"Whether the instance is protected against deletion","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional description for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disks":{"name":"disks","type":"\u0019\u001bgcp.project.computeService.attachedDisk","is_mandatory":true,"title":"Disks associated with the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableDisplay":{"name":"enableDisplay","type":"\u0004","is_mandatory":true,"title":"Whether the instance has display enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableIntegrityMonitoring":{"name":"enableIntegrityMonitoring","type":"\u0004","is_mandatory":true,"title":"Whether Shielded VM integrity monitoring is enabled","desc":"Deprecated in favor of `shieldedInstanceConfig.enableIntegrityMonitoring`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"enableSecureBoot":{"name":"enableSecureBoot","type":"\u0004","is_mandatory":true,"title":"Whether Shielded VM secure boot is enabled","desc":"Deprecated in favor of `shieldedInstanceConfig.enableSecureBoot`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"enableVtpm":{"name":"enableVtpm","type":"\u0004","is_mandatory":true,"title":"Whether Shielded VM vTPM is enabled","desc":"Deprecated in favor of `shieldedInstanceConfig.enableVtpm`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Instance fingerprint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"guestAccelerators":{"name":"guestAccelerators","type":"\u0019\n","is_mandatory":true,"title":"Attached list of accelerator cards","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasFullCloudPlatformScope":{"name":"hasFullCloudPlatformScope","type":"\u0004","title":"Whether any attached service account has the broad cloud-platform OAuth scope","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasPublicIp":{"name":"hasPublicIp","type":"\u0004","title":"Whether the instance has at least one external IP attached via a network interface accessConfig","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hostname":{"name":"hostname","type":"\u0007","is_mandatory":true,"title":"Hostname of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceEncryptionKey":{"name":"instanceEncryptionKey","type":"\n","is_mandatory":true,"title":"Customer-supplied or KMS-backed encryption key for instance suspend state and Local SSDs","desc":"Examines the key material that protects suspended data and Local SSD storage attached to the instance: `kmsKeyName` for customer-managed KMS keys, `kmsKeyServiceAccount` for the service account used against the KMS key, `rawKey` / `rsaEncryptedKey` for customer-supplied encryption keys (CSEK), and `sha256` of the supplied key. Null when the instance has no instance-level encryption key configured (Google-managed encryption).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"inventory":{"name":"inventory","type":"\u001bgcp.project.computeService.instance.osInventory","title":"VM Manager OS inventory of installed packages and operating system details","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyRevocationActionType":{"name":"keyRevocationActionType","type":"\u0007","is_mandatory":true,"title":"KeyRevocationActionType of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastStartTimestamp":{"name":"lastStartTimestamp","type":"\t","is_mandatory":true,"title":"Last start timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastStopTimestamp":{"name":"lastStopTimestamp","type":"\t","is_mandatory":true,"title":"Last stop timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastSuspendedTimestamp":{"name":"lastSuspendedTimestamp","type":"\t","is_mandatory":true,"title":"Last suspended timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineType":{"name":"machineType","type":"\u001bgcp.project.computeService.machineType","title":"Machine type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadata":{"name":"metadata","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Custom key-value pairs assigned to the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minCpuPlatform":{"name":"minCpuPlatform","type":"\u0007","is_mandatory":true,"title":"Minimum CPU platform for the VM instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-friendly name for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkInterfaces":{"name":"networkInterfaces","type":"\u0019\n","is_mandatory":true,"title":"Network configurations for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkStackTypes":{"name":"networkStackTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Distinct network interface stack types across all interfaces (IPV4_ONLY, IPV4_IPV6)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osInventory":{"name":"osInventory","type":"\u001bgcp.project.computeService.instance.osInventory","title":"VM Manager OS inventory for a Compute Engine instance","desc":"Examine the operating system and software state that the VM Manager OS Config agent reports for a single instance: `osInfo` carries the detected OS name, version, and architecture, while `items` lists every installed package and every available package update. Use it to audit patch level and installed software without logging in to the VM.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"osLoginEnabled":{"name":"osLoginEnabled","type":"\u0004","title":"Whether OS Login is enabled on this instance — checks instance metadata 'enable-oslogin', then falls back to project commonInstanceMetadata when unset","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"physicalHostResourceStatus":{"name":"physicalHostResourceStatus","type":"\u0007","is_mandatory":true,"title":"Resource status for physical host","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateIpv6GoogleAccess":{"name":"privateIpv6GoogleAccess","type":"\u0007","is_mandatory":true,"title":"Private IPv6 google access type for the VM","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reservationAffinity":{"name":"reservationAffinity","type":"\n","is_mandatory":true,"title":"Reservations from which this instance can consume","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePolicies":{"name":"resourcePolicies","type":"\u0019\u0007","is_mandatory":true,"title":"Resource policies applied to this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies Google's Protected Zone Integration requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies Google's Protected Zone Separation requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scheduling":{"name":"scheduling","type":"\n","is_mandatory":true,"title":"Scheduling options including preemptibility, automatic restart, and maintenance behavior","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serialPortEnabled":{"name":"serialPortEnabled","type":"\u0004","title":"Whether instance metadata 'serial-port-enable' is set to true (interactive serial console)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccounts":{"name":"serviceAccounts","type":"\u0019\u001bgcp.project.computeService.serviceaccount","is_mandatory":true,"title":"Service accounts authorized for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shieldedInstanceConfig":{"name":"shieldedInstanceConfig","type":"\u001bgcp.project.computeService.instance.shieldedInstanceConfig","is_mandatory":true,"title":"Shielded Instance configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shieldedInstanceIntegrityPolicy":{"name":"shieldedInstanceIntegrityPolicy","type":"\n","is_mandatory":true,"title":"Shielded VM integrity monitoring auto-learn policy (updateAutoLearnPolicy)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceMachineImage":{"name":"sourceMachineImage","type":"\u0007","is_mandatory":true,"title":"Source machine image","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceMachineImageEncryptionKey":{"name":"sourceMachineImageEncryptionKey","type":"\n","is_mandatory":true,"title":"Encryption key used to decrypt the source machine image when the instance was created from one","desc":"Same shape as `instanceEncryptionKey`: `kmsKeyName`, `kmsKeyServiceAccount`, `rawKey`, `rsaEncryptedKey`, `sha256`. Useful for tracking encryption lineage from the source machine image into the instance.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"startRestricted":{"name":"startRestricted","type":"\u0004","is_mandatory":true,"title":"Whether VM has been restricted from starting because Compute Engine has detected suspicious activity","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Instance status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"statusMessage":{"name":"statusMessage","type":"\u0007","is_mandatory":true,"title":"Human-readable explanation of the status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Tags associated with this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalEgressBandwidthTier":{"name":"totalEgressBandwidthTier","type":"\u0007","is_mandatory":true,"title":"Network performance configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"usesDefaultServiceAccount":{"name":"usesDefaultServiceAccount","type":"\u0004","title":"Whether the instance runs as the default Compute Engine service account (\u003cprojectNumber\u003e-compute@developer.gserviceaccount.com)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilityReport":{"name":"vulnerabilityReport","type":"\u001bgcp.project.computeService.instance.vulnerabilityReport","title":"VM Manager vulnerability report for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workloadIdentityConfig":{"name":"workloadIdentityConfig","type":"\n","is_mandatory":true,"title":"Workload identity configuration for the instance","min_provider_version":"13.5.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","is_mandatory":true,"title":"Instance zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Compute Engine instance","desc":"Examine a Compute Engine VM instance and the security-relevant configuration around it. Surfaces the machine type and CPU platform, the instance status and lifecycle, attached `disks` and `networkInterfaces`, the boot image, applied `labels` and `metadata`, the `serviceAccounts` bound to the instance, the `shieldedInstanceConfig` (Secure Boot, vTPM, integrity monitoring), the `confidentialInstanceConfig`, OS Config patch posture, and the scheduling and reservation affinity settings. The CIS-aligned predicates (`hasPublicIp`, `usesDefaultServiceAccount`, `hasFullCloudPlatformScope`, `blockProjectSshKeysEnabled`, `osLoginEnabled`, `serialPortEnabled`) collapse common posture checks into a single boolean field per audit.","min_provider_version":"9.0.0","defaults":"name id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instance.confidentialCompute":{"id":"gcp.project.computeService.instance.confidentialCompute","name":"gcp.project.computeService.instance.confidentialCompute","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether confidential compute is enabled on this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceType":{"name":"instanceType","type":"\u0007","is_mandatory":true,"title":"Confidential VM technology","desc":"One of SEV, SEV_SNP, TDX, or CONFIDENTIAL_INSTANCE_TYPE_UNSPECIFIED. Empty when confidential compute is not enabled.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Engine confidential VM configuration","desc":"Examine the Confidential Compute settings on a VM instance — whether confidential compute is enabled and, when it is, the underlying technology used (AMD SEV, AMD SEV-SNP, or Intel TDX). Confidential VMs encrypt memory at the hardware level and are the GCP control surface for workloads that require runtime memory isolation.","private":true,"min_provider_version":"13.16.3","defaults":"enabled instanceType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instance.osInventory":{"id":"gcp.project.computeService.instance.osInventory","name":"gcp.project.computeService.instance.osInventory","fields":{"inventoryItems":{"name":"inventoryItems","type":"\u0019\u001bgcp.project.computeService.instance.osInventory.item","is_mandatory":true,"title":"Installed packages and available package updates on the instance","desc":"Each entry records the inventory item type, the package manager, and the package name, version, and architecture.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"item":{"name":"item","type":"\u001bgcp.project.computeService.instance.osInventory.item","title":"Inventory item on a Compute Engine instance","desc":"Examine a single piece of OS inventory reported by the OS Config agent — either an installed package or an available package update. The `type` field distinguishes the two, `packageType` records the package manager (apt, yum, zypper, googet, wua, qfe, cos, zypperPatch, or windowsApplication), and `packageName`, `packageVersion`, and `packageArchitecture` identify the package.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"items":{"name":"items","type":"\u0019\n","is_mandatory":true,"title":"Installed packages and available package updates, each keyed by its item id","desc":"Deprecated in favor of inventoryItems, which exposes each package as a resource with its type, package manager, name, version, and architecture. Retained for backward compatibility.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"kernelRelease":{"name":"kernelRelease","type":"\u0007","is_mandatory":true,"title":"Kernel release of the operating system","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kernelVersion":{"name":"kernelVersion","type":"\u0007","is_mandatory":true,"title":"Kernel version of the operating system","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the inventory","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osArchitecture":{"name":"osArchitecture","type":"\u0007","is_mandatory":true,"title":"System architecture of the operating system","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osConfigAgentVersion":{"name":"osConfigAgentVersion","type":"\u0007","is_mandatory":true,"title":"Version of the OS Config agent running on the VM","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osHostname":{"name":"osHostname","type":"\u0007","is_mandatory":true,"title":"VM hostname reported by the OS Config agent","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osInfo":{"name":"osInfo","type":"\n","is_mandatory":true,"title":"Operating system details reported by the OS Config agent","desc":"Deprecated in favor of the os* and kernel* fields, which expose the same operating system details as scalars. Retained for backward compatibility.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"osLongName":{"name":"osLongName","type":"\u0007","is_mandatory":true,"title":"Operating system long name (for example \"Debian GNU/Linux 9\")","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osShortName":{"name":"osShortName","type":"\u0007","is_mandatory":true,"title":"Operating system short name (for example \"debian\" or \"windows\")","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osVersion":{"name":"osVersion","type":"\u0007","is_mandatory":true,"title":"Operating system version","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the inventory was last refreshed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"VM Manager OS inventory for a Compute Engine instance","desc":"Examine the operating system and software state that the VM Manager OS Config agent reports for a single instance: `osInfo` carries the detected OS name, version, and architecture, while `items` lists every installed package and every available package update. Use it to audit patch level and installed software without logging in to the VM.","private":true,"min_provider_version":"13.15.1","defaults":"name updateTime","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instance.osInventory.item":{"id":"gcp.project.computeService.instance.osInventory.item","name":"gcp.project.computeService.instance.osInventory.item","fields":{"itemId":{"name":"itemId","type":"\u0007","is_mandatory":true,"title":"Identifier of the inventory item, unique across items for the VM","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packageArchitecture":{"name":"packageArchitecture","type":"\u0007","is_mandatory":true,"title":"System architecture the package is intended for","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packageName":{"name":"packageName","type":"\u0007","is_mandatory":true,"title":"Name of the package","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packageType":{"name":"packageType","type":"\u0007","is_mandatory":true,"title":"Package manager that provides the package (apt, yum, zypper, googet, wua, qfe, cos, zypperPatch, windowsApplication)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packageVersion":{"name":"packageVersion","type":"\u0007","is_mandatory":true,"title":"Version of the package","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Inventory item type (INSTALLED_PACKAGE or AVAILABLE_PACKAGE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the inventory item was last modified","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Inventory item on a Compute Engine instance","desc":"Examine a single piece of OS inventory reported by the OS Config agent — either an installed package or an available package update. The `type` field distinguishes the two, `packageType` records the package manager (apt, yum, zypper, googet, wua, qfe, cos, zypperPatch, or windowsApplication), and `packageName`, `packageVersion`, and `packageArchitecture` identify the package.","private":true,"min_provider_version":"13.18.1","defaults":"packageName packageVersion type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instance.shieldedInstanceConfig":{"id":"gcp.project.computeService.instance.shieldedInstanceConfig","name":"gcp.project.computeService.instance.shieldedInstanceConfig","fields":{"enableIntegrityMonitoring":{"name":"enableIntegrityMonitoring","type":"\u0004","is_mandatory":true,"title":"Whether integrity monitoring is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableSecureBoot":{"name":"enableSecureBoot","type":"\u0004","is_mandatory":true,"title":"Whether secure boot is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableVtpm":{"name":"enableVtpm","type":"\u0004","is_mandatory":true,"title":"Whether vTPM is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Shielded Instance configuration","private":true,"min_provider_version":"11.6.3","defaults":"enableSecureBoot enableVtpm","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instance.vulnerabilityReport":{"id":"gcp.project.computeService.instance.vulnerabilityReport","name":"gcp.project.computeService.instance.vulnerabilityReport","fields":{"highestUpgradableCveSeverity":{"name":"highestUpgradableCveSeverity","type":"\u0007","is_mandatory":true,"title":"Highest severity among upgradable vulnerabilities with an attached CVE (NONE, MINIMAL, LOW, MEDIUM, HIGH, CRITICAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the vulnerability report","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the report was last refreshed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilities":{"name":"vulnerabilities","type":"\u0019\n","is_mandatory":true,"title":"Vulnerabilities affecting installed packages on the instance","desc":"Deprecated in favor of vulnerabilityDetails, which exposes each vulnerability as a resource with its CVE, severity, score, and affected/fixed inventory items. Retained for backward compatibility.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"vulnerability":{"name":"vulnerability","type":"\u001bgcp.project.computeService.instance.vulnerabilityReport.vulnerability","title":"Vulnerability detected by VM Manager on a Compute Engine instance","desc":"Examine a single vulnerability that VM Manager correlated against the instance's OS inventory. The `cve` identifies the issue, `severity` and `cvssV3Score` rank it, and `installedInventoryItemIds` / `availableInventoryItemIds` link to the affected and fixing inventory items. `fixedCpeUris` and `upstreamFixes` list the recommended fixes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"vulnerabilityDetails":{"name":"vulnerabilityDetails","type":"\u0019\u001bgcp.project.computeService.instance.vulnerabilityReport.vulnerability","is_mandatory":true,"title":"Vulnerabilities affecting installed packages on the instance","desc":"Each entry records the CVE, the distro-assigned severity, the CVSS v3 base score, and the inventory items the vulnerability affects or that would fix it.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"VM Manager vulnerability report for a Compute Engine instance","desc":"Examine the vulnerabilities that VM Manager detects on a single instance by correlating its OS inventory against vulnerability feeds. Each entry in `vulnerabilities` records the affected packages and the CVE details, and `highestUpgradableCveSeverity` summarizes the most severe issue that an available package update would fix.","private":true,"min_provider_version":"13.15.1","defaults":"name highestUpgradableCveSeverity updateTime","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instance.vulnerabilityReport.vulnerability":{"id":"gcp.project.computeService.instance.vulnerabilityReport.vulnerability","name":"gcp.project.computeService.instance.vulnerabilityReport.vulnerability","fields":{"availableInventoryItemIds":{"name":"availableInventoryItemIds","type":"\u0019\u0007","is_mandatory":true,"title":"Inventory item ids of the available packages that fix this vulnerability","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cve":{"name":"cve","type":"\u0007","is_mandatory":true,"title":"CVE identifier of the vulnerability","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cvssV3Score":{"name":"cvssV3Score","type":"\u0006","is_mandatory":true,"title":"CVSS v3 base score from 0 (low) to 10 (high)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the vulnerability from the distro","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fixedCpeUris":{"name":"fixedCpeUris","type":"\u0019\u0007","is_mandatory":true,"title":"Recommended CPE URIs that contain a fix for this vulnerability","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"installedInventoryItemIds":{"name":"installedInventoryItemIds","type":"\u0019\u0007","is_mandatory":true,"title":"Inventory item ids of the installed packages affected by this vulnerability","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"references":{"name":"references","type":"\u0019\n","is_mandatory":true,"title":"References attached to the vulnerability details","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"severity":{"name":"severity","type":"\u0007","is_mandatory":true,"title":"Severity ranking assigned by the distro (NONE, MINIMAL, LOW, MEDIUM, HIGH, CRITICAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time the vulnerability was last modified","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"upstreamFixes":{"name":"upstreamFixes","type":"\u0019\u0007","is_mandatory":true,"title":"Upstream OS patches, packages, or KBs that fix this vulnerability","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Vulnerability detected by VM Manager on a Compute Engine instance","desc":"Examine a single vulnerability that VM Manager correlated against the instance's OS inventory. The `cve` identifies the issue, `severity` and `cvssV3Score` rank it, and `installedInventoryItemIds` / `availableInventoryItemIds` link to the affected and fixing inventory items. `fixedCpeUris` and `upstreamFixes` list the recommended fixes.","private":true,"min_provider_version":"13.18.1","defaults":"cve severity","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instanceGroup":{"id":"gcp.project.computeService.instanceGroup","name":"gcp.project.computeService.instanceGroup","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the instance group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"namedPorts":{"name":"namedPorts","type":"\u0019\n","is_mandatory":true,"title":"Named ports configured for the instance group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrl":{"name":"networkUrl","type":"\u0007","is_mandatory":true,"title":"Raw network self-link URL","desc":"Deprecated in favor of `network`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Server-defined URL for the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"size":{"name":"size","type":"\u0005","is_mandatory":true,"title":"Number of instances in the group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u001bgcp.project.computeService.subnetwork","title":"Subnetwork resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","title":"Zone the instance group lives in","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zoneUrl":{"name":"zoneUrl","type":"\u0007","is_mandatory":true,"title":"Raw zone self-link URL","desc":"Deprecated in favor of `zone`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"}},"title":"Google Cloud (GCP) Compute instance group","desc":"Examine a Compute Engine instance group — a collection of VM instances that can be managed together for load balancing and autoscaling. Query its `size` (current instance count), `namedPorts` (protocol/port pairs registered for load balancing), attached `network` and `subnetwork`, and zone. Instance groups are either managed (backed by an `instanceGroupManager`) or unmanaged.","private":true,"min_provider_version":"11.6.6","defaults":"name size","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instanceGroupManager":{"id":"gcp.project.computeService.instanceGroupManager","name":"gcp.project.computeService.instanceGroupManager","fields":{"autoHealingPolicies":{"name":"autoHealingPolicies","type":"\u0019\n","is_mandatory":true,"title":"Auto-healing policies","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"baseInstanceName":{"name":"baseInstanceName","type":"\u0007","is_mandatory":true,"title":"Base instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"currentActions":{"name":"currentActions","type":"\n","is_mandatory":true,"title":"Current actions being performed on instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceGroupUrl":{"name":"instanceGroupUrl","type":"\u0007","is_mandatory":true,"title":"Instance group URL managed by this manager","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceTemplateUrl":{"name":"instanceTemplateUrl","type":"\u0007","is_mandatory":true,"title":"Instance template URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the instance group manager","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the MIG lives in (empty for zonal MIGs)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Server-defined URL for the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"statefulPolicy":{"name":"statefulPolicy","type":"\n","is_mandatory":true,"title":"Stateful policy for the managed instance group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\n","is_mandatory":true,"title":"Status of the managed instance group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetSize":{"name":"targetSize","type":"\u0005","is_mandatory":true,"title":"Target number of running instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","title":"Zone the MIG lives in (empty for regional MIGs)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zoneUrl":{"name":"zoneUrl","type":"\u0007","is_mandatory":true,"title":"Raw zone self-link URL","desc":"Deprecated in favor of `zone`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"}},"title":"Google Cloud (GCP) Compute instance group manager (managed instance group)","desc":"Examine a Compute Engine managed instance group (MIG) — a group manager that maintains a fleet of identical VM instances from a single instance template. Query its `targetSize`, `currentActions` (creatingInstances, deletingInstances, recreatingInstances), `autoHealingPolicies` (health checks and initial delay), `statefulPolicy` (preserved disks and metadata), and group `status`. `instanceTemplateUrl` identifies the template used to create instances.","private":true,"min_provider_version":"11.6.6","defaults":"name targetSize","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.instanceTemplate":{"id":"gcp.project.computeService.instanceTemplate","name":"gcp.project.computeService.instanceTemplate","fields":{"creationTimestamp":{"name":"creationTimestamp","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Instance template name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Instance properties (machine type, disks, network interfaces, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceInstance":{"name":"sourceInstance","type":"\u0007","is_mandatory":true,"title":"Source instance URL (if created from an existing instance)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute instance template","desc":"Examine a Compute Engine instance template: the instance properties it defines (machine type, boot and data disks, network interfaces, service account, metadata, and scheduling options), whether it was derived from an existing instance, and its creation timestamp.","private":true,"min_provider_version":"13.7.2","defaults":"name description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.interconnect":{"id":"gcp.project.computeService.interconnect","name":"gcp.project.computeService.interconnect","fields":{"adminEnabled":{"name":"adminEnabled","type":"\u0004","is_mandatory":true,"title":"Whether administrative traffic is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"availableFeatures":{"name":"availableFeatures","type":"\u0019\u0007","is_mandatory":true,"title":"Available features (e.g., IF_MACSEC)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"circuitInfos":{"name":"circuitInfos","type":"\u0019\n","is_mandatory":true,"title":"Circuit information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customerName":{"name":"customerName","type":"\u0007","is_mandatory":true,"title":"Customer name (for Letter of Authorization)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expectedOutages":{"name":"expectedOutages","type":"\u0019\n","is_mandatory":true,"title":"Expected outages","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"googleIpAddress":{"name":"googleIpAddress","type":"\u0007","is_mandatory":true,"title":"Google IP address for ping tests","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"googleReferenceId":{"name":"googleReferenceId","type":"\u0007","is_mandatory":true,"title":"Google reference ID (for support)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnectAttachmentUrls":{"name":"interconnectAttachmentUrls","type":"\u0019\u0007","is_mandatory":true,"title":"Interconnect attachment URLs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnectType":{"name":"interconnectType","type":"\u0007","is_mandatory":true,"title":"Interconnect type (DEDICATED, PARTNER)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"linkType":{"name":"linkType","type":"\u0007","is_mandatory":true,"title":"Link type (LINK_TYPE_ETHERNET_10G_LR, LINK_TYPE_ETHERNET_100G_LR)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Interconnect name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nocContactEmail":{"name":"nocContactEmail","type":"\u0007","is_mandatory":true,"title":"NOC contact email","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"operationalStatus":{"name":"operationalStatus","type":"\u0007","is_mandatory":true,"title":"Operational status (OS_ACTIVE, OS_UNPROVISIONED, OS_UNDER_MAINTENANCE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"peerIpAddress":{"name":"peerIpAddress","type":"\u0007","is_mandatory":true,"title":"Peer IP address for ping tests","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"provisionedLinkCount":{"name":"provisionedLinkCount","type":"\u0005","is_mandatory":true,"title":"Provisioned link count","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"remoteLocation":{"name":"remoteLocation","type":"\u0007","is_mandatory":true,"title":"Remote location (for Cross-Cloud Interconnect)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"requestedFeatures":{"name":"requestedFeatures","type":"\u0019\u0007","is_mandatory":true,"title":"Requested features","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"requestedLinkCount":{"name":"requestedLinkCount","type":"\u0005","is_mandatory":true,"title":"Requested link count","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether this resource satisfies zone separation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State (ACTIVE, UNPROVISIONED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Interconnect connection","desc":"Examine a Dedicated or Partner Interconnect connection: its type (DEDICATED, PARTNER), link type (10G_LR, 100G_LR), requested and provisioned link counts, administrative status, operational status, connection state (ACTIVE, UNPROVISIONED), Google and peer IP addresses for ping testing, NOC contact email, physical location, remote location for Cross-Cloud Interconnect, MACsec feature availability, attached VLAN attachment URLs, circuit information, expected outages, zone separation compliance, and resource labels.","private":true,"min_provider_version":"13.6.1","defaults":"name interconnectType state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.interconnectAttachment":{"id":"gcp.project.computeService.interconnectAttachment","name":"gcp.project.computeService.interconnectAttachment","fields":{"adminEnabled":{"name":"adminEnabled","type":"\u0004","is_mandatory":true,"title":"Whether administrative traffic is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"bandwidth":{"name":"bandwidth","type":"\u0007","is_mandatory":true,"title":"Bandwidth (BPS_50M through BPS_50G)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudRouterIpAddress":{"name":"cloudRouterIpAddress","type":"\u0007","is_mandatory":true,"title":"Cloud Router IP address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudRouterIpv6Address":{"name":"cloudRouterIpv6Address","type":"\u0007","is_mandatory":true,"title":"Cloud Router IPv6 address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customerRouterIpAddress":{"name":"customerRouterIpAddress","type":"\u0007","is_mandatory":true,"title":"Customer Router IP address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customerRouterIpv6Address":{"name":"customerRouterIpv6Address","type":"\u0007","is_mandatory":true,"title":"Customer Router IPv6 address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataplaneVersion":{"name":"dataplaneVersion","type":"\u0005","is_mandatory":true,"title":"Dataplane version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"edgeAvailabilityDomain":{"name":"edgeAvailabilityDomain","type":"\u0007","is_mandatory":true,"title":"Edge availability domain","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryption":{"name":"encryption","type":"\u0007","is_mandatory":true,"title":"Encryption type (NONE, IPSEC)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnect":{"name":"interconnect","type":"\u001bgcp.project.computeService.interconnect","title":"Interconnect resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"interconnectUrl":{"name":"interconnectUrl","type":"\u0007","is_mandatory":true,"title":"Raw interconnect self-link URL","desc":"Deprecated in favor of `interconnect`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Attachment name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"partnerMetadata":{"name":"partnerMetadata","type":"\n","is_mandatory":true,"title":"Partner metadata","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateInterconnectInfo":{"name":"privateInterconnectInfo","type":"\n","is_mandatory":true,"title":"Private interconnect info","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the attachment lives in","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"router":{"name":"router","type":"\u001bgcp.project.computeService.router","title":"Cloud Router resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routerUrl":{"name":"routerUrl","type":"\u0007","is_mandatory":true,"title":"Raw Cloud Router self-link URL","desc":"Deprecated in favor of `router`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stackType":{"name":"stackType","type":"\u0007","is_mandatory":true,"title":"Stack type (IPV4_ONLY, IPV4_IPV6)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Attachment state (ACTIVE, UNPROVISIONED, PENDING_PARTNER, DEFUNCT, PENDING_CUSTOMER)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Attachment type (DEDICATED, PARTNER, PARTNER_PROVIDER)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vlanTag8021q":{"name":"vlanTag8021q","type":"\u0005","is_mandatory":true,"title":"VLAN tag (802.1Q)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Interconnect Attachment (VLAN)","desc":"Examine a Dedicated or Partner Interconnect VLAN attachment: its type (DEDICATED, PARTNER, PARTNER_PROVIDER), state (ACTIVE, UNPROVISIONED, PENDING_PARTNER, DEFUNCT, PENDING_CUSTOMER), edge availability domain, bandwidth, VLAN tag (802.1Q), encryption mode (NONE, IPSEC), IPv4 and IPv6 addresses for the Cloud Router and customer router sides, stack type (IPV4_ONLY, IPV4_IPV6), the associated Interconnect connection and Cloud Router resources, and partner metadata.","private":true,"min_provider_version":"13.6.1","defaults":"name type state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.machineType":{"id":"gcp.project.computeService.machineType","name":"gcp.project.computeService.machineType","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Resource description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"guestCpus":{"name":"guestCpus","type":"\u0005","is_mandatory":true,"title":"Number of virtual CPUs that are available to the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isSharedCpu":{"name":"isSharedCpu","type":"\u0004","is_mandatory":true,"title":"Whether the machine has a shared CPU","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maximumPersistentDisks":{"name":"maximumPersistentDisks","type":"\u0005","is_mandatory":true,"title":"Maximum persistent disks allowed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maximumPersistentDisksSizeGb":{"name":"maximumPersistentDisksSizeGb","type":"\u0005","is_mandatory":true,"title":"Maximum total persistent disks size (GB) allowed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memoryMb":{"name":"memoryMb","type":"\u0005","is_mandatory":true,"title":"Physical memory available to the instance (MB)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","is_mandatory":true,"title":"The zone where the machine type resides","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Engine machine type","desc":"Examine a Compute Engine machine type and its hardware specification. Surfaces the `name`, `guestCpus`, `memoryMb`, `isSharedCpu`, maximum persistent-disk count and total size, and the `zone` it belongs to. Used for auditing instance right-sizing and validating that workloads run on approved machine families.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.network":{"id":"gcp.project.computeService.network","name":"gcp.project.computeService.network","fields":{"autoCreateSubnetworks":{"name":"autoCreateSubnetworks","type":"\u0004","is_mandatory":true,"title":"If not set, indicates a legacy network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"An optional description of this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableUlaInternalIpv6":{"name":"enableUlaInternalIpv6","type":"\u0004","is_mandatory":true,"title":"Whether ULA internal IPv6 is enabled on this network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firewallPolicy":{"name":"firewallPolicy","type":"\u0007","is_mandatory":true,"title":"URL of the firewall policy applied to this network","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gatewayIPv4":{"name":"gatewayIPv4","type":"\u0007","is_mandatory":true,"title":"Gateway address for default routing","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"internalIpv6Range":{"name":"internalIpv6Range","type":"\u0007","is_mandatory":true,"title":"The range of internal IPv6 addresses owned by this network","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipv4Range":{"name":"ipv4Range","type":"\u0007","is_mandatory":true,"title":"Legacy single-region IPv4 range for non-subnetted networks","desc":"Deprecated in favor of subnet-mode VPC networks. Only present on legacy (pre-subnet-mode) networks; a non-empty value flags a legacy network kept around for backward compatibility.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"legacy":{"name":"legacy","type":"\u0004","title":"Whether the network is a legacy (single-region, non-subnetted) network — derived from mode == \"legacy\"","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Network mode: legacy, custom or auto","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mtu":{"name":"mtu","type":"\u0005","is_mandatory":true,"title":"Maximum transmission unit size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkFirewallPolicyEnforcementOrder":{"name":"networkFirewallPolicyEnforcementOrder","type":"\u0007","is_mandatory":true,"title":"Network firewall policy enforcement order","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkPeerings":{"name":"networkPeerings","type":"\u0019\u001bgcp.project.computeService.network.peering","title":"Network peerings for the resource","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkProfile":{"name":"networkProfile","type":"\u0007","is_mandatory":true,"title":"URL of the network profile applied to this network","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"peering":{"name":"peering","type":"\u001bgcp.project.computeService.network.peering","title":"Google Cloud (GCP) Compute network peering","desc":"Examine a VPC network peering connection: its state (ACTIVE, INACTIVE), the peer network resource, whether full-mesh routes are auto-created, whether subnet routes are exchanged, and the import/export settings for custom routes and public-IP subnet routes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"peerings":{"name":"peerings","type":"\u0019\n","is_mandatory":true,"title":"Raw network peering dicts","desc":"Deprecated in favor of `networkPeerings`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routingMode":{"name":"routingMode","type":"\u0007","is_mandatory":true,"title":"The network-wide routing mode to use","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetworkUrls":{"name":"subnetworkUrls","type":"\u0019\u0007","is_mandatory":true,"title":"List of URLs for the subnetwork in the network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetworks":{"name":"subnetworks","type":"\u0019\u001bgcp.project.computeService.subnetwork","title":"Subnetworks in the network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud VPC network","desc":"Examine a Compute Engine VPC network and the structural posture around it. Surfaces the network `mode` (legacy, custom, or auto), the `legacy` predicate, the `autoCreateSubnetworks` flag, the routing mode, MTU, IPv6/ULA settings, the network-firewall enforcement order, the attached firewall policy, peering configurations, and the `subnetworks()` defined in the network.","min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.network.peering":{"id":"gcp.project.computeService.network.peering","name":"gcp.project.computeService.network.peering","fields":{"autoCreateRoutes":{"name":"autoCreateRoutes","type":"\u0004","is_mandatory":true,"title":"Whether full mesh connectivity is created and managed automatically","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"exchangeSubnetRoutes":{"name":"exchangeSubnetRoutes","type":"\u0004","is_mandatory":true,"title":"Whether to exchange custom routes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"exportCustomRoutes":{"name":"exportCustomRoutes","type":"\u0004","is_mandatory":true,"title":"Whether to export custom routes to the peer","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"exportSubnetRoutesWithPublicIp":{"name":"exportSubnetRoutesWithPublicIp","type":"\u0004","is_mandatory":true,"title":"Whether to export subnet routes with public IP ranges","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"importCustomRoutes":{"name":"importCustomRoutes","type":"\u0004","is_mandatory":true,"title":"Whether to import custom routes from the peer","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"importSubnetRoutesWithPublicIp":{"name":"importSubnetRoutesWithPublicIp","type":"\u0004","is_mandatory":true,"title":"Whether to import subnet routes with public IP ranges","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the peering","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network resource of the peer","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrl":{"name":"networkUrl","type":"\u0007","is_mandatory":true,"title":"Raw network self-link URL","desc":"Deprecated in favor of `network`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the peering (ACTIVE, INACTIVE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stateDetails":{"name":"stateDetails","type":"\u0007","is_mandatory":true,"title":"Details about the current state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute network peering","desc":"Examine a VPC network peering connection: its state (ACTIVE, INACTIVE), the peer network resource, whether full-mesh routes are auto-created, whether subnet routes are exchanged, and the import/export settings for custom routes and public-IP subnet routes.","private":true,"min_provider_version":"11.6.6","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.networkEndpointGroup":{"id":"gcp.project.computeService.networkEndpointGroup","name":"gcp.project.computeService.networkEndpointGroup","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"System-managed annotation metadata on the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"appEngine":{"name":"appEngine","type":"\n","is_mandatory":true,"title":"App Engine configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudFunction":{"name":"cloudFunction","type":"\n","is_mandatory":true,"title":"Cloud Function configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cloudRun":{"name":"cloudRun","type":"\n","is_mandatory":true,"title":"Cloud Run configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultPort":{"name":"defaultPort","type":"\u0005","is_mandatory":true,"title":"Default port","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"NEG name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkEndpointType":{"name":"networkEndpointType","type":"\u0007","is_mandatory":true,"title":"Network endpoint type (GCE_VM_IP, GCE_VM_IP_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrl":{"name":"networkUrl","type":"\u0007","is_mandatory":true,"title":"Raw network self-link URL","desc":"Deprecated in favor of `network`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"pscData":{"name":"pscData","type":"\n","is_mandatory":true,"title":"PSC data","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscTargetService":{"name":"pscTargetService","type":"\u0007","is_mandatory":true,"title":"PSC target service URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the NEG lives in (empty for zonal NEGs)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"size":{"name":"size","type":"\u0005","is_mandatory":true,"title":"Number of endpoints","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u001bgcp.project.computeService.subnetwork","title":"Subnetwork resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetworkUrl":{"name":"subnetworkUrl","type":"\u0007","is_mandatory":true,"title":"Raw subnetwork self-link URL","desc":"Deprecated in favor of `subnetwork`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","title":"Zone the NEG lives in (empty for regional NEGs)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zoneUrl":{"name":"zoneUrl","type":"\u0007","is_mandatory":true,"title":"Raw zone self-link URL","desc":"Deprecated in favor of `zone`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"}},"title":"Google Cloud (GCP) Compute network endpoint group","desc":"Examine a Compute Engine Network Endpoint Group (NEG): its endpoint type (GCE_VM_IP, GCE_VM_IP_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT, INTERNET_IP_PORT, INTERNET_FQDN_PORT), default port, number of endpoints, the network and subnetwork it belongs to, serverless backend configuration (Cloud Run, App Engine, or Cloud Functions), PSC target service, and zone or region placement.","private":true,"min_provider_version":"13.6.1","defaults":"name networkEndpointType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.packetMirroring":{"id":"gcp.project.computeService.packetMirroring","name":"gcp.project.computeService.packetMirroring","fields":{"collectorIlb":{"name":"collectorIlb","type":"\n","is_mandatory":true,"title":"Collector (internal load balancer)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enable":{"name":"enable","type":"\u0007","is_mandatory":true,"title":"Whether packet mirroring is enabled (TRUE, FALSE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\n","is_mandatory":true,"title":"Filter configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mirroredResources":{"name":"mirroredResources","type":"\n","is_mandatory":true,"title":"Mirrored resources (instances, subnetworks, tags)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\n","is_mandatory":true,"title":"Network information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Priority (0-65535)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the packet mirroring policy lives in","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute packet mirroring policy","desc":"Examine a Compute Engine packet mirroring policy: whether mirroring is enabled, its priority, the collector internal load balancer, the mirrored resources (specific instances, subnetworks, or tags), traffic filter configuration, and the network it applies to.","private":true,"min_provider_version":"13.6.1","defaults":"name enable","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.publicAdvertisedPrefix":{"id":"gcp.project.computeService.publicAdvertisedPrefix","name":"gcp.project.computeService.publicAdvertisedPrefix","fields":{"byoipApiVersion":{"name":"byoipApiVersion","type":"\u0007","is_mandatory":true,"title":"BYOIP API version (V1, V2)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsVerificationIp":{"name":"dnsVerificationIp","type":"\u0007","is_mandatory":true,"title":"DNS verification IP","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Resource fingerprint used to detect concurrent modifications","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipCidrRange":{"name":"ipCidrRange","type":"\u0007","is_mandatory":true,"title":"IP CIDR range","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Prefix name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pdpScope":{"name":"pdpScope","type":"\u0007","is_mandatory":true,"title":"PDP scope (REGIONAL, GLOBAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicDelegatedPrefixes":{"name":"publicDelegatedPrefixes","type":"\u0019\n","is_mandatory":true,"title":"Public delegated prefixes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status (INITIAL, PTR_CONFIGURED, VALIDATED, PREFIX_CONFIGURATION_COMPLETE, PREFIX_CONFIGURATION_IN_PROGRESS, PREFIX_REMOVAL_IN_PROGRESS, READY_TO_USE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute public advertised prefix (BYOIP)","desc":"Examine a Bring Your Own IP (BYOIP) public advertised prefix: the IP CIDR range being advertised, its validation status (INITIAL, PTR_CONFIGURED, VALIDATED, PREFIX_CONFIGURATION_COMPLETE, PREFIX_CONFIGURATION_IN_PROGRESS, PREFIX_REMOVAL_IN_PROGRESS, READY_TO_USE), the DNS verification IP, BYOIP API version, PDP scope (REGIONAL, GLOBAL), and any public delegated sub-prefixes.","private":true,"min_provider_version":"13.6.1","defaults":"name ipCidrRange status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.region":{"id":"gcp.project.computeService.region","name":"gcp.project.computeService.region","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deprecated":{"name":"deprecated","type":"\n","is_mandatory":true,"title":"Deprecation status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Resource description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"quotas":{"name":"quotas","type":"\u001a\u0007\u0006","is_mandatory":true,"title":"Quotas assigned to this region","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the region","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"supportsPzs":{"name":"supportsPzs","type":"\u0004","is_mandatory":true,"title":"Whether the region supports Protected Zone Separation","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Engine region","desc":"Examine a Compute Engine region and its capacity posture. Surfaces the region `name`, `status`, creation timestamp, per-resource `quotas` (CPU, disk, instances, etc.) as a name-to-float map, deprecation status, and whether the region supports Protected Zone Separation (`supportsPzs`).","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.route":{"id":"gcp.project.computeService.route","name":"gcp.project.computeService.route","fields":{"asPaths":{"name":"asPaths","type":"\u0019\n","is_mandatory":true,"title":"AS paths","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destRange":{"name":"destRange","type":"\u0007","is_mandatory":true,"title":"Destination IP range","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Route name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrl":{"name":"networkUrl","type":"\u0007","is_mandatory":true,"title":"Raw network self-link URL","desc":"Deprecated in favor of `network`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"nextHopGateway":{"name":"nextHopGateway","type":"\u0007","is_mandatory":true,"title":"Next hop gateway URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nextHopHub":{"name":"nextHopHub","type":"\u0007","is_mandatory":true,"title":"Next hop Network Connectivity Center hub URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nextHopIlb":{"name":"nextHopIlb","type":"\u0007","is_mandatory":true,"title":"Next hop ILB forwarding rule URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nextHopInstance":{"name":"nextHopInstance","type":"\u0007","is_mandatory":true,"title":"Next hop instance URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nextHopIp":{"name":"nextHopIp","type":"\u0007","is_mandatory":true,"title":"Next hop IP address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nextHopNetwork":{"name":"nextHopNetwork","type":"\u0007","is_mandatory":true,"title":"Next hop network URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nextHopPeering":{"name":"nextHopPeering","type":"\u0007","is_mandatory":true,"title":"Next hop peering name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nextHopVpnTunnel":{"name":"nextHopVpnTunnel","type":"\u0007","is_mandatory":true,"title":"Next hop VPN tunnel URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Route priority (0-65535)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routeStatus":{"name":"routeStatus","type":"\u0007","is_mandatory":true,"title":"Route status (ACTIVE, INACTIVE, PENDING, DROPPED); empty for custom static routes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routeType":{"name":"routeType","type":"\u0007","is_mandatory":true,"title":"Route type (STATIC, BGP, SUBNET, TRANSIT); empty for custom static routes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Instance tags this route applies to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"warnings":{"name":"warnings","type":"\u0019\n","is_mandatory":true,"title":"Configuration warnings reported by the API for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute static route","desc":"Examine a Compute Engine route: its destination IP range, priority (0-65535), the network it belongs to, the next hop (gateway, instance, IP address, VPN tunnel, ILB forwarding rule, or NCC hub), the instance tags that scope the route, route type (STATIC, BGP, SUBNET, TRANSIT), route status (ACTIVE, INACTIVE, PENDING, DROPPED), and any configuration warnings reported by the API.","private":true,"min_provider_version":"13.6.1","defaults":"name destRange","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.router":{"id":"gcp.project.computeService.router","name":"gcp.project.computeService.router","fields":{"bgp":{"name":"bgp","type":"\n","is_mandatory":true,"title":"BGP information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"bgpPeers":{"name":"bgpPeers","type":"\u0019\n","is_mandatory":true,"title":"BGP routing stack configuration to establish BGP peering","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"An optional description of this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptedInterconnectRouter":{"name":"encryptedInterconnectRouter","type":"\u0004","is_mandatory":true,"title":"Whether a router is dedicated for use with encrypted VLAN attachments","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nat":{"name":"nat","type":"\u001bgcp.project.computeService.router.nat","title":"Google Cloud (GCP) Compute Cloud NAT configuration on a router","desc":"Examine a Cloud NAT configuration attached to a Cloud Router. Query its NAT IP allocation option (`AUTO_ONLY` or `MANUAL_ONLY`), which subnet IP ranges are NATed, port allocation settings (`minPortsPerVm`, `maxPortsPerVm`, `enableDynamicPortAllocation`), endpoint-independent mapping, idle timeout values per protocol, configured NAT rules, and log configuration.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"natServices":{"name":"natServices","type":"\u0019\u001bgcp.project.computeService.router.nat","is_mandatory":true,"title":"NAT services created in this router","min_provider_version":"11.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nats":{"name":"nats","type":"\u0019\n","is_mandatory":true,"title":"Raw NAT service dicts","desc":"Deprecated in favor of `natServices`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network to which this router belongs","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Compute Engine Cloud Router","desc":"Examine a Cloud Router's BGP configuration and NAT services. Surfaces `bgp` session settings, `bgpPeers` for dynamic route exchange, `encryptedInterconnectRouter` for HA VPN / Dedicated Interconnect encryption enforcement, and the `natServices()` defining Cloud NAT gateway configuration within the router. The `network()` reference links to the VPC the router is attached to.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.router.nat":{"id":"gcp.project.computeService.router.nat","name":"gcp.project.computeService.router.nat","fields":{"autoNetworkTier":{"name":"autoNetworkTier","type":"\u0007","is_mandatory":true,"title":"Auto network tier (PREMIUM, STANDARD)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableDynamicPortAllocation":{"name":"enableDynamicPortAllocation","type":"\u0004","is_mandatory":true,"title":"Whether dynamic port allocation is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableEndpointIndependentMapping":{"name":"enableEndpointIndependentMapping","type":"\u0004","is_mandatory":true,"title":"Whether endpoint-independent mapping is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpointTypes":{"name":"endpointTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Endpoint types (ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, ENDPOINT_TYPE_MANAGED_PROXY_LB)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"icmpIdleTimeoutSec":{"name":"icmpIdleTimeoutSec","type":"\u0005","is_mandatory":true,"title":"ICMP idle timeout in seconds","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logConfig":{"name":"logConfig","type":"\n","is_mandatory":true,"title":"Log configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxPortsPerVm":{"name":"maxPortsPerVm","type":"\u0005","is_mandatory":true,"title":"Maximum number of ports per VM (when dynamic port allocation is enabled)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minPortsPerVm":{"name":"minPortsPerVm","type":"\u0005","is_mandatory":true,"title":"Minimum number of ports per VM","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"NAT service name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"natIpAllocateOption":{"name":"natIpAllocateOption","type":"\u0007","is_mandatory":true,"title":"How NAT IPs are allocated (AUTO_ONLY, MANUAL_ONLY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"natIps":{"name":"natIps","type":"\u0019\u0007","is_mandatory":true,"title":"NAT IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rules":{"name":"rules","type":"\u0019\n","is_mandatory":true,"title":"NAT rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceSubnetworkIpRangesToNat":{"name":"sourceSubnetworkIpRangesToNat","type":"\u0007","is_mandatory":true,"title":"Which subnet IP ranges to NAT (ALL_SUBNETWORKS_ALL_IP_RANGES, ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, LIST_OF_SUBNETWORKS)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetworks":{"name":"subnetworks","type":"\u0019\n","is_mandatory":true,"title":"Subnetworks configured for NAT","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tcpEstablishedIdleTimeoutSec":{"name":"tcpEstablishedIdleTimeoutSec","type":"\u0005","is_mandatory":true,"title":"TCP established idle timeout in seconds","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tcpTimeWaitTimeoutSec":{"name":"tcpTimeWaitTimeoutSec","type":"\u0005","is_mandatory":true,"title":"TCP time-wait timeout in seconds","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tcpTransitoryIdleTimeoutSec":{"name":"tcpTransitoryIdleTimeoutSec","type":"\u0005","is_mandatory":true,"title":"TCP transitory idle timeout in seconds","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"udpIdleTimeoutSec":{"name":"udpIdleTimeoutSec","type":"\u0005","is_mandatory":true,"title":"UDP idle timeout in seconds","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Cloud NAT configuration on a router","desc":"Examine a Cloud NAT configuration attached to a Cloud Router. Query its NAT IP allocation option (`AUTO_ONLY` or `MANUAL_ONLY`), which subnet IP ranges are NATed, port allocation settings (`minPortsPerVm`, `maxPortsPerVm`, `enableDynamicPortAllocation`), endpoint-independent mapping, idle timeout values per protocol, configured NAT rules, and log configuration.","private":true,"min_provider_version":"11.5.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.securityPolicy":{"id":"gcp.project.computeService.securityPolicy","name":"gcp.project.computeService.securityPolicy","fields":{"adaptiveProtectionConfig":{"name":"adaptiveProtectionConfig","type":"\n","is_mandatory":true,"title":"Adaptive protection configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"advancedOptionsConfig":{"name":"advancedOptionsConfig","type":"\n","is_mandatory":true,"title":"Advanced options configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ddosProtectionConfig":{"name":"ddosProtectionConfig","type":"\n","is_mandatory":true,"title":"DDoS protection configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Fingerprint for optimistic locking","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Security policy name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"recaptchaOptionsConfig":{"name":"recaptchaOptionsConfig","type":"\n","is_mandatory":true,"title":"reCAPTCHA options configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the policy lives in (empty for global policies)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"rule":{"name":"rule","type":"\u001bgcp.project.computeService.securityPolicy.rule","title":"Google Cloud (GCP) Compute Cloud Armor security policy rule","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"rules":{"name":"rules","type":"\u0019\u001bgcp.project.computeService.securityPolicy.rule","title":"Security policy rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"The type of security policy (CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userDefinedFields":{"name":"userDefinedFields","type":"\u0019\n","is_mandatory":true,"title":"User-defined fields for custom rule tuning","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Cloud Armor security policy","desc":"Examine a Cloud Armor security policy that protects Google Cloud load balancers from DDoS attacks, web application threats, and unwanted traffic. Query its `type` (`CLOUD_ARMOR`, `CLOUD_ARMOR_EDGE`, or `CLOUD_ARMOR_NETWORK`), adaptive protection configuration, advanced options (request body inspection, JSON parsing), DDoS protection settings, and reCAPTCHA options. Drill into `rules` for the ordered list of allow, deny, rate-limit, and redirect rules.","private":true,"min_provider_version":"11.5.1","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.securityPolicy.rule":{"id":"gcp.project.computeService.securityPolicy.rule","name":"gcp.project.computeService.securityPolicy.rule","fields":{"action":{"name":"action","type":"\u0007","is_mandatory":true,"title":"Rule action (allow, deny(403), deny(404), deny(502), rate_based_ban, redirect, throttle)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Rule description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"headerAction":{"name":"headerAction","type":"\n","is_mandatory":true,"title":"Header action","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"match":{"name":"match","type":"\n","is_mandatory":true,"title":"Match condition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkMatch":{"name":"networkMatch","type":"\n","is_mandatory":true,"title":"Network match condition (for CLOUD_ARMOR_NETWORK policies)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"preconfiguredWafConfig":{"name":"preconfiguredWafConfig","type":"\n","is_mandatory":true,"title":"Preconfigured WAF configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"preview":{"name":"preview","type":"\u0004","is_mandatory":true,"title":"Whether the rule is in preview mode (not enforced)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"priority":{"name":"priority","type":"\u0005","is_mandatory":true,"title":"Rule priority (0 to 2147483647)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rateLimitOptions":{"name":"rateLimitOptions","type":"\n","is_mandatory":true,"title":"Rate limit options","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"redirectOptions":{"name":"redirectOptions","type":"\n","is_mandatory":true,"title":"Redirect options","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Cloud Armor security policy rule","private":true,"min_provider_version":"11.5.1","defaults":"priority action","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.serviceAttachment":{"id":"gcp.project.computeService.serviceAttachment","name":"gcp.project.computeService.serviceAttachment","fields":{"connectedEndpoints":{"name":"connectedEndpoints","type":"\u0019\n","is_mandatory":true,"title":"Connected consumer endpoints","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionPreference":{"name":"connectionPreference","type":"\u0007","is_mandatory":true,"title":"Connection preference (ACCEPT_AUTOMATIC, ACCEPT_MANUAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"consumerAcceptLists":{"name":"consumerAcceptLists","type":"\u0019\n","is_mandatory":true,"title":"Consumer accept lists (projects/networks allowed to connect)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"consumerRejectLists":{"name":"consumerRejectLists","type":"\u0019\u0007","is_mandatory":true,"title":"Consumer reject lists (projects/networks denied connection)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"domainNames":{"name":"domainNames","type":"\u0019\u0007","is_mandatory":true,"title":"Domain names for DNS integration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableProxyProtocol":{"name":"enableProxyProtocol","type":"\u0004","is_mandatory":true,"title":"Whether proxy protocol is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Resource fingerprint used to detect concurrent modifications","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Service attachment name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"natSubnets":{"name":"natSubnets","type":"\u0019\u0007","is_mandatory":true,"title":"NAT subnet URLs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"producerForwardingRule":{"name":"producerForwardingRule","type":"\u0007","is_mandatory":true,"title":"Producer forwarding rule URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconcileConnections":{"name":"reconcileConnections","type":"\u0004","is_mandatory":true,"title":"Whether connection reconciliation is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the service attachment lives in","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetService":{"name":"targetService","type":"\u0007","is_mandatory":true,"title":"Target service URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Private Service Connect service attachment","desc":"Examine a Private Service Connect service attachment: its connection preference (ACCEPT_AUTOMATIC, ACCEPT_MANUAL), the connected consumer endpoints, consumer accept and reject lists, whether proxy protocol is enabled, DNS domain names for service discovery, NAT subnets, the producer forwarding rule, and the target service URL.","private":true,"min_provider_version":"13.6.1","defaults":"name connectionPreference","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.serviceaccount":{"id":"gcp.project.computeService.serviceaccount","name":"gcp.project.computeService.serviceaccount","fields":{"email":{"name":"email","type":"\u0007","is_mandatory":true,"title":"Service account email address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scopes":{"name":"scopes","type":"\u0019\u0007","is_mandatory":true,"title":"Service account scopes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute service account","private":true,"min_provider_version":"9.0.0","defaults":"email","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.snapshot":{"id":"gcp.project.computeService.snapshot","name":"gcp.project.computeService.snapshot","fields":{"architecture":{"name":"architecture","type":"\u0007","is_mandatory":true,"title":"Architecture of the snapshot","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"autoCreated":{"name":"autoCreated","type":"\u0004","is_mandatory":true,"title":"Whether the snapshot was automatically created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"chainName":{"name":"chainName","type":"\u0007","is_mandatory":true,"title":"Snapshot chain","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"creationSizeBytes":{"name":"creationSizeBytes","type":"\u0005","is_mandatory":true,"title":"Size in bytes of the snapshot at creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskSizeGb":{"name":"diskSizeGb","type":"\u0005","is_mandatory":true,"title":"Size of the source disk, specified in GB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"downloadBytes":{"name":"downloadBytes","type":"\u0005","is_mandatory":true,"title":"Number of bytes downloaded to restore a snapshot to a disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableConfidentialCompute":{"name":"enableConfidentialCompute","type":"\u0004","is_mandatory":true,"title":"Whether the snapshot uses confidential compute mode encryption","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings for this snapshot (includes allUsers / allAuthenticatedUsers grants when the snapshot is publicly shared)","min_provider_version":"13.10.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used for snapshot encryption (null when Google-managed or customer-supplied)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Snapshot labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"licenses":{"name":"licenses","type":"\u0019\u0007","is_mandatory":true,"title":"Publicly visible licenses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","min_provider_version":"13.10.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether the snapshot's IAM policy grants any role to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the snapshot satisfies Google's Protected Zone Integration requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the snapshot satisfies Google's Protected Zone Separation requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"snapshotEncryptionKey":{"name":"snapshotEncryptionKey","type":"\n","is_mandatory":true,"title":"Encryption key protecting the snapshot","desc":"Distinguishes customer-managed (kmsKeyName), customer-supplied (rawKey / rsaEncryptedKey), and Google-managed (empty) encryption.","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"snapshotType":{"name":"snapshotType","type":"\u0007","is_mandatory":true,"title":"Snapshot type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceDisk":{"name":"sourceDisk","type":"\u0007","is_mandatory":true,"title":"URL of the source disk used to create this snapshot","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceSnapshotSchedulePolicy":{"name":"sourceSnapshotSchedulePolicy","type":"\u0007","is_mandatory":true,"title":"URL of the snapshot schedule policy that created this snapshot","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceSnapshotSchedulePolicyId":{"name":"sourceSnapshotSchedulePolicyId","type":"\u0007","is_mandatory":true,"title":"ID of the snapshot schedule policy","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"The status of the snapshot","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageBytes":{"name":"storageBytes","type":"\u0005","is_mandatory":true,"title":"Size of the storage used by the snapshot","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageBytesStatus":{"name":"storageBytesStatus","type":"\u0007","is_mandatory":true,"title":"An indicator whether storageBytes is in a stable state or in storage reallocation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageLocations":{"name":"storageLocations","type":"\u0019\u0007","is_mandatory":true,"title":"Cloud Storage locations where the snapshot resides","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute Engine persistent disk snapshot","desc":"Examine a Compute Engine disk snapshot and its security posture. Surfaces the snapshot `name`, `status`, `snapshotType`, `diskSizeGb`, storage consumption (`storageBytes`, `storageLocations`), and `labels`. Audit access exposure via `iamPolicy()` and the `public()` predicate that returns true when the snapshot is shared with `allUsers` or `allAuthenticatedUsers`. The typed `kmsKey()` accessor links to the customer-managed encryption key when CMEK is used, and `sourceDisk` identifies the disk the snapshot was taken from.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.sslCertificate":{"id":"gcp.project.computeService.sslCertificate","name":"gcp.project.computeService.sslCertificate","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\u0007","is_mandatory":true,"title":"Expiration time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managed":{"name":"managed","type":"\n","is_mandatory":true,"title":"Managed certificate configuration and status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedStatus":{"name":"managedStatus","type":"\u0007","is_mandatory":true,"title":"Provisioning status of a managed certificate","desc":"One of ACTIVE, PROVISIONING, PROVISIONING_FAILED, PROVISIONING_FAILED_PERMANENTLY, or RENEWAL_FAILED. Empty for self-managed certificates.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Certificate name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the certificate lives in (empty for global certificates)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subjectAlternativeNames":{"name":"subjectAlternativeNames","type":"\u0019\u0007","is_mandatory":true,"title":"Subject alternative names","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Certificate type (SELF_MANAGED, MANAGED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute SSL certificate","desc":"Examine a Compute Engine SSL certificate attached to HTTPS or SSL proxy load balancers. Query its `type` (`SELF_MANAGED` for user-uploaded certificates or `MANAGED` for Google-managed certificates), subject alternative names, managed certificate configuration and provisioning status, expiration time, and the region it belongs to (empty for global certificates).","private":true,"min_provider_version":"11.5.1","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.sslPolicy":{"id":"gcp.project.computeService.sslPolicy","name":"gcp.project.computeService.sslPolicy","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customFeatures":{"name":"customFeatures","type":"\u0019\u0007","is_mandatory":true,"title":"Custom features enabled when profile is CUSTOM","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabledFeatures":{"name":"enabledFeatures","type":"\u0019\u0007","is_mandatory":true,"title":"Features enabled in the SSL policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minTlsVersion":{"name":"minTlsVersion","type":"\u0007","is_mandatory":true,"title":"Minimum TLS version (TLS_1_0, TLS_1_1, TLS_1_2)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"SSL policy name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profile":{"name":"profile","type":"\u0007","is_mandatory":true,"title":"Profile (COMPATIBLE, MODERN, RESTRICTED, CUSTOM)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the SSL policy lives in (empty for global policies)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"warnings":{"name":"warnings","type":"\u0019\n","is_mandatory":true,"title":"Configuration warnings reported by the API for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"weakTls":{"name":"weakTls","type":"\u0004","title":"Whether the policy permits weak TLS","desc":"True when minTlsVersion is TLS_1_0/TLS_1_1 (version weakness) or profile is COMPATIBLE (cipher-suite weakness, even when minTlsVersion is TLS_1_2).","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute SSL policy","desc":"Examine a Compute Engine SSL policy that governs the TLS protocol version and cipher suites negotiated by HTTPS and SSL proxy load balancers. Query its `profile` (`COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`), `minTlsVersion`, enabled features, and custom features (when profile is `CUSTOM`). The `weakTls` field evaluates to `true` when the policy permits cipher suites or protocol versions considered cryptographically weak. `warnings` surfaces any API-reported configuration issues.","private":true,"min_provider_version":"11.5.1","defaults":"name profile minTlsVersion","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.storagePool":{"id":"gcp.project.computeService.storagePool","name":"gcp.project.computeService.storagePool","fields":{"capacityProvisioningType":{"name":"capacityProvisioningType","type":"\u0007","is_mandatory":true,"title":"Capacity provisioning type (ADVANCED, STANDARD)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels applied to this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"performanceProvisioningType":{"name":"performanceProvisioningType","type":"\u0007","is_mandatory":true,"title":"Performance provisioning type (ADVANCED, STANDARD)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"poolProvisionedCapacityGb":{"name":"poolProvisionedCapacityGb","type":"\u0005","is_mandatory":true,"title":"Provisioned capacity in GiB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"poolProvisionedIops":{"name":"poolProvisionedIops","type":"\u0005","is_mandatory":true,"title":"Provisioned IOPS","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"poolProvisionedThroughput":{"name":"poolProvisionedThroughput","type":"\u0005","is_mandatory":true,"title":"Provisioned throughput in MiB/s","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the storage pool (CREATING, READY, DELETING, FAILED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storagePoolType":{"name":"storagePoolType","type":"\u0007","is_mandatory":true,"title":"Storage pool type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u0007","is_mandatory":true,"title":"Zone URL where the storage pool resides","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute storage pool","desc":"Examine a Compute Engine storage pool — a pre-provisioned block storage capacity container that disks are created from. Query its `state`, capacity provisioning type (`ADVANCED` or `STANDARD`), performance provisioning type, provisioned capacity in GiB, IOPS, and throughput. `storagePoolType` identifies the underlying disk technology, and `zone` names the zone where the pool resides.","private":true,"min_provider_version":"11.6.6","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.subnetwork":{"id":"gcp.project.computeService.subnetwork","name":"gcp.project.computeService.subnetwork","fields":{"allowSubnetCidrRoutesOverlap":{"name":"allowSubnetCidrRoutesOverlap","type":"\u0004","is_mandatory":true,"title":"Whether subnet CIDR routes are allowed to overlap with routes installed by other subnets","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"An optional description of this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableFlowLogs":{"name":"enableFlowLogs","type":"\u0004","is_mandatory":true,"title":"Whether flow logging is enabled for the subnetwork","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalIpv6Prefix":{"name":"externalIpv6Prefix","type":"\u0007","is_mandatory":true,"title":"External IPv6 address range","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Fingerprint of this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gatewayAddress":{"name":"gatewayAddress","type":"\u0007","is_mandatory":true,"title":"Gateway address for default routes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"internalIpv6Prefix":{"name":"internalIpv6Prefix","type":"\u0007","is_mandatory":true,"title":"Internal IPv6 address range","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipCidrRange":{"name":"ipCidrRange","type":"\u0007","is_mandatory":true,"title":"Range of internal addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipv6AccessType":{"name":"ipv6AccessType","type":"\u0007","is_mandatory":true,"title":"Access type of IPv6 address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipv6CidrRange":{"name":"ipv6CidrRange","type":"\u0007","is_mandatory":true,"title":"Range of internal IPv6 addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logConfig":{"name":"logConfig","type":"\u001bgcp.project.computeService.subnetwork.logConfig","is_mandatory":true,"title":"VPC flow logging configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Parent VPC network this subnetwork belongs to","min_provider_version":"13.9.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrl":{"name":"networkUrl","type":"\u0007","is_mandatory":true,"title":"Raw network self-link URL","desc":"Deprecated in favor of `network`.","min_provider_version":"13.9.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"privateIpGoogleAccess":{"name":"privateIpGoogleAccess","type":"\u0004","is_mandatory":true,"title":"Whether VMs in this subnet can access Google services without assigned external IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateIpv6GoogleAccess":{"name":"privateIpv6GoogleAccess","type":"\u0007","is_mandatory":true,"title":"VMs in this subnet that can access Google services without assigned external IPv6 addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"purpose":{"name":"purpose","type":"\u0007","is_mandatory":true,"title":"Purpose of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"GCP compute region this resource belongs to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"reservedInternalRange":{"name":"reservedInternalRange","type":"\u0007","is_mandatory":true,"title":"The URL of the reserved internal range","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"role":{"name":"role","type":"\u0007","is_mandatory":true,"title":"Role of subnetwork","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secondaryIpRanges":{"name":"secondaryIpRanges","type":"\u0019\n","is_mandatory":true,"title":"Secondary IP ranges configured on the subnet for alias IP / IPv6 ranges","desc":"Each entry carries `rangeName`, `ipCidrRange`, and `reservedInternalRange`. Secondary ranges are commonly used by GKE for Pods and Services and by other workloads that need additional alias IP allocations beyond the primary `ipCidrRange`.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stackType":{"name":"stackType","type":"\u0007","is_mandatory":true,"title":"Stack type for the subnet","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the subnetwork","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud VPC subnetwork","desc":"Examine a regional VPC subnetwork inside a Compute Engine network. Surfaces the subnetwork's IPv4 and IPv6 CIDR ranges, the `purpose` and `role` (private, regional-managed-proxy, internal-load-balancer, global-managed-proxy, etc.), the `enableFlowLogs` flag and matching `logConfig`, the `privateIpGoogleAccess` and `privateIpv6GoogleAccess` settings that control reachability of Google APIs from instances without external IPs, and typed references to the `network()` and the `region()` the subnet is bound to.","min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.subnetwork.logConfig":{"id":"gcp.project.computeService.subnetwork.logConfig","name":"gcp.project.computeService.subnetwork.logConfig","fields":{"aggregationInterval":{"name":"aggregationInterval","type":"\u0007","is_mandatory":true,"title":"Toggles the aggregation interval for collecting flow logs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enable":{"name":"enable","type":"\u0004","is_mandatory":true,"title":"Whether to enable flow logging for this subnetwork","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filterExpression":{"name":"filterExpression","type":"\u0007","is_mandatory":true,"title":"Which VPC flow logs are exported to Cloud Logging","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"flowSampling":{"name":"flowSampling","type":"\u0006","is_mandatory":true,"title":"Sampling rate of VPC flow logs within the subnetwork (1.0 means all collected logs are reported and 0.0 means no logs are reported.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadata":{"name":"metadata","type":"\u0007","is_mandatory":true,"title":"Whether all, none, or a subset of metadata are added to the reported VPC flow logs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadataFields":{"name":"metadataFields","type":"\u0019\u0007","is_mandatory":true,"title":"Metadata fields to be added to the reported VPC flow logs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute VPC network partitioning log configuration","private":true,"min_provider_version":"9.0.0","defaults":"enable","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.targetHttpProxy":{"id":"gcp.project.computeService.targetHttpProxy","name":"gcp.project.computeService.targetHttpProxy","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the target HTTP proxy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"proxyBind":{"name":"proxyBind","type":"\u0004","is_mandatory":true,"title":"Whether the proxy can be used by Cloud Armor","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the proxy lives in (empty for global proxies)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Server-defined URL for the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"urlMap":{"name":"urlMap","type":"\u001bgcp.project.computeService.urlMap","title":"URL map resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"urlMapUrl":{"name":"urlMapUrl","type":"\u0007","is_mandatory":true,"title":"Raw URL map self-link URL","desc":"Deprecated in favor of `urlMap`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"}},"title":"Google Cloud (GCP) Compute target HTTP proxy","desc":"Examine a Compute Engine target HTTP proxy: the URL map it routes traffic through, whether proxy bind is enabled for Cloud Armor, and whether the proxy is regional or global.","private":true,"min_provider_version":"11.6.6","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.targetHttpsProxy":{"id":"gcp.project.computeService.targetHttpsProxy","name":"gcp.project.computeService.targetHttpsProxy","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the target HTTPS proxy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"proxyBind":{"name":"proxyBind","type":"\u0004","is_mandatory":true,"title":"Whether the proxy can be used by Cloud Armor","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"quicOverride":{"name":"quicOverride","type":"\u0007","is_mandatory":true,"title":"QUIC override setting (NONE, ENABLE, DISABLE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the proxy lives in (empty for global proxies)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Server-defined URL for the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslCertificateUrls":{"name":"sslCertificateUrls","type":"\u0019\u0007","is_mandatory":true,"title":"SSL certificate URLs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicy":{"name":"sslPolicy","type":"\u001bgcp.project.computeService.sslPolicy","title":"SSL policy resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicyUrl":{"name":"sslPolicyUrl","type":"\u0007","is_mandatory":true,"title":"Raw SSL policy self-link URL","desc":"Deprecated in favor of `sslPolicy`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"urlMap":{"name":"urlMap","type":"\u001bgcp.project.computeService.urlMap","title":"URL map resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"urlMapUrl":{"name":"urlMapUrl","type":"\u0007","is_mandatory":true,"title":"Raw URL map self-link URL","desc":"Deprecated in favor of `urlMap`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"}},"title":"Google Cloud (GCP) Compute target HTTPS proxy","desc":"Examine a Compute Engine target HTTPS proxy: the URL map it routes traffic through, the SSL certificates it presents, the SSL policy governing TLS version and cipher requirements, the QUIC override setting (NONE, ENABLE, DISABLE), whether proxy bind is enabled for Cloud Armor, and whether the proxy is regional or global.","private":true,"min_provider_version":"11.6.6","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.targetPool":{"id":"gcp.project.computeService.targetPool","name":"gcp.project.computeService.targetPool","fields":{"backupPool":{"name":"backupPool","type":"\u0007","is_mandatory":true,"title":"Backup pool URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"failoverRatio":{"name":"failoverRatio","type":"\u0006","is_mandatory":true,"title":"Failover ratio","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthCheckUrls":{"name":"healthCheckUrls","type":"\u0019\u0007","is_mandatory":true,"title":"Health check URLs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceUrls":{"name":"instanceUrls","type":"\u0019\u0007","is_mandatory":true,"title":"Instance URLs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Target pool name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the target pool lives in","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"securityPolicy":{"name":"securityPolicy","type":"\u0007","is_mandatory":true,"title":"Security policy URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sessionAffinity":{"name":"sessionAffinity","type":"\u0007","is_mandatory":true,"title":"Session affinity (NONE, CLIENT_IP, CLIENT_IP_PROTO, CLIENT_IP_PORT_PROTO)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute target pool (legacy network load balancing)","desc":"Examine a legacy network load balancing target pool: its session affinity mode (NONE, CLIENT_IP, CLIENT_IP_PROTO, CLIENT_IP_PORT_PROTO), failover ratio, backup pool URL, associated health check URLs, the instance URLs of members in the pool, and the security policy applied.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.targetSslProxy":{"id":"gcp.project.computeService.targetSslProxy","name":"gcp.project.computeService.targetSslProxy","fields":{"certificateMap":{"name":"certificateMap","type":"\u0007","is_mandatory":true,"title":"Certificate map URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Proxy name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"proxyHeader":{"name":"proxyHeader","type":"\u0007","is_mandatory":true,"title":"Proxy header mode (NONE, PROXY_V1)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceUrl":{"name":"serviceUrl","type":"\u0007","is_mandatory":true,"title":"Backend service URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslCertificateUrls":{"name":"sslCertificateUrls","type":"\u0019\u0007","is_mandatory":true,"title":"SSL certificate URLs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicy":{"name":"sslPolicy","type":"\u001bgcp.project.computeService.sslPolicy","title":"SSL policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslPolicyUrl":{"name":"sslPolicyUrl","type":"\u0007","is_mandatory":true,"title":"Raw SSL policy self-link URL","desc":"Deprecated in favor of `sslPolicy`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"}},"title":"Google Cloud (GCP) Compute target SSL proxy","desc":"Examine a Compute Engine target SSL proxy: the backend service it forwards traffic to, the proxy header mode (NONE, PROXY_V1), the SSL certificates it presents, the SSL policy governing TLS version and cipher requirements, and the certificate map URL.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.targetTcpProxy":{"id":"gcp.project.computeService.targetTcpProxy","name":"gcp.project.computeService.targetTcpProxy","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Proxy name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"proxyBind":{"name":"proxyBind","type":"\u0004","is_mandatory":true,"title":"Whether proxy bind is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"proxyHeader":{"name":"proxyHeader","type":"\u0007","is_mandatory":true,"title":"Proxy header mode (NONE, PROXY_V1)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the proxy lives in (empty for global proxies)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Self-link URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceUrl":{"name":"serviceUrl","type":"\u0007","is_mandatory":true,"title":"Backend service URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute target TCP proxy","desc":"Examine a Compute Engine target TCP proxy: the backend service it forwards traffic to, the proxy header mode (NONE, PROXY_V1), whether proxy bind is enabled, and whether the proxy is regional or global.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.urlMap":{"id":"gcp.project.computeService.urlMap","name":"gcp.project.computeService.urlMap","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultService":{"name":"defaultService","type":"\u0007","is_mandatory":true,"title":"Default backend service URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hostRules":{"name":"hostRules","type":"\u0019\n","is_mandatory":true,"title":"Host rules for the URL map","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the URL map","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pathMatchers":{"name":"pathMatchers","type":"\u0019\n","is_mandatory":true,"title":"Path matchers for the URL map","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the URL map lives in (empty for global URL maps)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"Server-defined URL for the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tests":{"name":"tests","type":"\u0019\n","is_mandatory":true,"title":"URL map tests","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute URL map","desc":"Examine a Compute Engine URL map: its default backend service, host rules that match incoming hostnames, path matchers that route requests to backend services or buckets, URL map tests, and whether the map is regional or global.","private":true,"min_provider_version":"11.6.6","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.vpnGateway":{"id":"gcp.project.computeService.vpnGateway","name":"gcp.project.computeService.vpnGateway","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gatewayIpVersion":{"name":"gatewayIpVersion","type":"\u0007","is_mandatory":true,"title":"IP family of the gateway IPs (IPV4, IPV6)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels applied to this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network to which this VPN gateway is attached","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the VPN gateway lives in","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"resourceManagerTags":{"name":"resourceManagerTags","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource manager tags bound to this VPN gateway","min_provider_version":"13.5.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stackType":{"name":"stackType","type":"\u0007","is_mandatory":true,"title":"Stack type for this VPN gateway (IPV4_ONLY, IPV4_IPV6, IPV6_ONLY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnInterfaces":{"name":"vpnInterfaces","type":"\u0019\n","is_mandatory":true,"title":"VPN interfaces associated with this VPN gateway","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute HA VPN gateway","desc":"Examine a High Availability (HA) VPN gateway that provides redundant Site-to-Site VPN connectivity. Query its attached `network`, IP family (`gatewayIpVersion`), stack type (`IPV4_ONLY`, `IPV4_IPV6`, or `IPV6_ONLY`), `vpnInterfaces` (each with an IP address and optional interconnect attachment), and resource manager tags. HA VPN gateways always provide two interfaces for 99.99% availability.","private":true,"min_provider_version":"11.6.6","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.vpnTunnel":{"id":"gcp.project.computeService.vpnTunnel","name":"gcp.project.computeService.vpnTunnel","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"detailedStatus":{"name":"detailedStatus","type":"\u0007","is_mandatory":true,"title":"Detailed status message","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ikeVersion":{"name":"ikeVersion","type":"\u0005","is_mandatory":true,"title":"IKE protocol version (1 or 2)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels applied to this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"localTrafficSelector":{"name":"localTrafficSelector","type":"\u0019\u0007","is_mandatory":true,"title":"Local traffic selector CIDRs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"peerExternalGateway":{"name":"peerExternalGateway","type":"\u0007","is_mandatory":true,"title":"Raw peer external VPN gateway URL","desc":"Deprecated in favor of `peerExternalVpnGateway`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"peerExternalGatewayInterface":{"name":"peerExternalGatewayInterface","type":"\u0005","is_mandatory":true,"title":"Interface ID of the external VPN gateway","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"peerExternalVpnGateway":{"name":"peerExternalVpnGateway","type":"\u001bgcp.project.computeService.externalVpnGateway","title":"Peer external VPN gateway resource","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"peerGcpGateway":{"name":"peerGcpGateway","type":"\u0007","is_mandatory":true,"title":"Raw peer GCP VPN gateway URL","desc":"Deprecated in favor of `peerGcpVpnGateway`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"peerGcpVpnGateway":{"name":"peerGcpVpnGateway","type":"\u001bgcp.project.computeService.vpnGateway","title":"Peer GCP HA VPN gateway resource","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"peerIp":{"name":"peerIp","type":"\u0007","is_mandatory":true,"title":"IP address of the peer VPN gateway","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u001bgcp.project.computeService.region","title":"Region the VPN tunnel lives in","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regionUrl":{"name":"regionUrl","type":"\u0007","is_mandatory":true,"title":"Raw region self-link URL","desc":"Deprecated in favor of `region`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"remoteTrafficSelector":{"name":"remoteTrafficSelector","type":"\u0019\u0007","is_mandatory":true,"title":"Remote traffic selector CIDRs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceManagerTags":{"name":"resourceManagerTags","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource manager tags bound to this VPN tunnel","min_provider_version":"13.5.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"router":{"name":"router","type":"\u001bgcp.project.computeService.router","title":"Cloud Router resource for dynamic routing","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routerUrl":{"name":"routerUrl","type":"\u0007","is_mandatory":true,"title":"Raw Cloud Router self-link URL","desc":"Deprecated in favor of `router`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"sharedSecretHash":{"name":"sharedSecretHash","type":"\u0007","is_mandatory":true,"title":"Hash of the shared secret","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the VPN tunnel","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targetVpnGateway":{"name":"targetVpnGateway","type":"\u0007","is_mandatory":true,"title":"URL of the Target VPN gateway (Classic VPN only)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnGateway":{"name":"vpnGateway","type":"\u001bgcp.project.computeService.vpnGateway","title":"HA VPN gateway resource","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnGatewayInterface":{"name":"vpnGatewayInterface","type":"\u0005","is_mandatory":true,"title":"Interface ID of the VPN gateway","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vpnGatewayUrl":{"name":"vpnGatewayUrl","type":"\u0007","is_mandatory":true,"title":"Raw VPN gateway self-link URL","desc":"Deprecated in favor of `vpnGateway`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"}},"title":"Google Cloud (GCP) Compute VPN tunnel","desc":"Examine a Cloud VPN tunnel carrying encrypted traffic between a GCP network and a peer gateway. Query its `status`, `ikeVersion`, `localTrafficSelector` and `remoteTrafficSelector` CIDRs, and the `sharedSecretHash`. Resolve the peer via `peerExternalVpnGateway` or `peerGcpVpnGateway`, the owning HA VPN gateway via `vpnGateway`, and the dynamic routing Cloud Router via `router`.","private":true,"min_provider_version":"11.6.6","defaults":"name status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.computeService.zone":{"id":"gcp.project.computeService.zone","name":"gcp.project.computeService.zone","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Resource description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Compute zone","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.containerAnalysisService":{"id":"gcp.project.containerAnalysisService","name":"gcp.project.containerAnalysisService","fields":{"occurrence":{"name":"occurrence","type":"\u001bgcp.project.containerAnalysisService.occurrence","title":"Google Cloud (GCP) Container Analysis occurrence","desc":"Examine a Container Analysis occurrence — a scan finding attached to a container image artifact. `kind` identifies the occurrence type (VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE, COMPLIANCE, SBOM_REFERENCE); `resourceUri` identifies the artifact; and the corresponding detail field (e.g. `vulnerability`, `attestation`, `build`) holds the type-specific data for software-supply-chain audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"occurrences":{"name":"occurrences","type":"\u0019\u001bgcp.project.containerAnalysisService.occurrence","title":"Vulnerability occurrences","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Container Analysis","desc":"Use this resource as the entry point for Container Analysis in the project. It hosts the vulnerability `occurrences` — the scan findings attached to container images for software-supply-chain audits.","private":true,"min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.containerAnalysisService.occurrence":{"id":"gcp.project.containerAnalysisService.occurrence","name":"gcp.project.containerAnalysisService.occurrence","fields":{"attestation":{"name":"attestation","type":"\n","is_mandatory":true,"title":"Attestation details (if kind is ATTESTATION)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"build":{"name":"build","type":"\n","is_mandatory":true,"title":"Build details (if kind is BUILD)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deployment":{"name":"deployment","type":"\n","is_mandatory":true,"title":"Deployment details (if kind is DEPLOYMENT)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discovery":{"name":"discovery","type":"\n","is_mandatory":true,"title":"Discovery details (if kind is DISCOVERY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"image":{"name":"image","type":"\n","is_mandatory":true,"title":"Image details (if kind is IMAGE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"title":"Occurrence kind (VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE, COMPLIANCE, SBOM_REFERENCE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"noteName":{"name":"noteName","type":"\u0007","is_mandatory":true,"title":"Note name this occurrence is associated with","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"packageInfo":{"name":"packageInfo","type":"\n","is_mandatory":true,"title":"Package details (if kind is PACKAGE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"remediation":{"name":"remediation","type":"\u0007","is_mandatory":true,"title":"Remediation details","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceUri":{"name":"resourceUri","type":"\u0007","is_mandatory":true,"title":"Resource URI the occurrence applies to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerability":{"name":"vulnerability","type":"\n","is_mandatory":true,"title":"Vulnerability details (if kind is VULNERABILITY)","desc":"Deprecated in favor of the vulnerability* fields, which expose the severity, CVSS score, fix availability, and descriptions as scalars. Retained for backward compatibility.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"vulnerabilityCvssScore":{"name":"vulnerabilityCvssScore","type":"\u0006","is_mandatory":true,"title":"CVSS score of the vulnerability from 0 (low) to 10 (high)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilityEffectiveSeverity":{"name":"vulnerabilityEffectiveSeverity","type":"\u0007","is_mandatory":true,"title":"Distro-assigned effective severity of the vulnerability (when kind is VULNERABILITY)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilityFixAvailable":{"name":"vulnerabilityFixAvailable","type":"\u0004","is_mandatory":true,"title":"Whether at least one affected package has a fix available","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilityLongDescription":{"name":"vulnerabilityLongDescription","type":"\u0007","is_mandatory":true,"title":"Detailed description of the vulnerability","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilityPackageIssues":{"name":"vulnerabilityPackageIssues","type":"\u0019\n","is_mandatory":true,"title":"Affected locations and their fixes within the associated resource","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilitySeverity":{"name":"vulnerabilitySeverity","type":"\u0007","is_mandatory":true,"title":"Note-provider severity of the vulnerability (when kind is VULNERABILITY)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilityShortDescription":{"name":"vulnerabilityShortDescription","type":"\u0007","is_mandatory":true,"title":"One-sentence description of the vulnerability (typically the CVE id)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Container Analysis occurrence","desc":"Examine a Container Analysis occurrence — a scan finding attached to a container image artifact. `kind` identifies the occurrence type (VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE, COMPLIANCE, SBOM_REFERENCE); `resourceUri` identifies the artifact; and the corresponding detail field (e.g. `vulnerability`, `attestation`, `build`) holds the type-specific data for software-supply-chain audits.","private":true,"min_provider_version":"13.6.1","defaults":"name kind","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataflowService":{"id":"gcp.project.dataflowService","name":"gcp.project.dataflowService","fields":{"job":{"name":"job","type":"\u001bgcp.project.dataflowService.job","title":"Google Cloud (GCP) Dataflow job","desc":"Examine a Dataflow job: its pipeline type (JOB_TYPE_BATCH, JOB_TYPE_STREAMING), current state (JOB_STATE_RUNNING, JOB_STATE_DONE, etc.), the environment configuration covering worker settings and SDK pipeline options, region or location of execution, resource labels, and creation timestamp.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"jobs":{"name":"jobs","type":"\u0019\u001bgcp.project.dataflowService.job","title":"Dataflow jobs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataflow","desc":"Use this resource as the entry point for Dataflow in the project. It hosts the project's `jobs` — each exposing its pipeline type, current state, environment configuration, and worker settings for stream and batch processing audits.","private":true,"min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataflowService.job":{"id":"gcp.project.dataflowService.job","name":"gcp.project.dataflowService.job","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Timestamp when the job was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"currentState":{"name":"currentState","type":"\u0007","is_mandatory":true,"title":"Current state of the job (JOB_STATE_RUNNING, JOB_STATE_DONE, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"currentStateTime":{"name":"currentStateTime","type":"\t","is_mandatory":true,"title":"Timestamp of the current state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"environment":{"name":"environment","type":"\n","is_mandatory":true,"title":"The environment the job runs in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique job identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key protecting pipeline state and shuffle data at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Region/location of the job","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-assigned job name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pipelineDescription":{"name":"pipelineDescription","type":"\n","is_mandatory":true,"title":"The SDK pipeline options","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of job (JOB_TYPE_BATCH, JOB_TYPE_STREAMING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workerIpConfiguration":{"name":"workerIpConfiguration","type":"\u0007","is_mandatory":true,"title":"VM IP configuration of the job's worker pools (WORKER_IP_PUBLIC, WORKER_IP_PRIVATE, or WORKER_IP_UNSPECIFIED)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataflow job","desc":"Examine a Dataflow job: its pipeline type (JOB_TYPE_BATCH, JOB_TYPE_STREAMING), current state (JOB_STATE_RUNNING, JOB_STATE_DONE, etc.), the environment configuration covering worker settings and SDK pipeline options, region or location of execution, resource labels, and creation timestamp.","private":true,"min_provider_version":"11.6.6","defaults":"name currentState","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataplexService":{"id":"gcp.project.dataplexService","name":"gcp.project.dataplexService","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the Dataplex API is enabled for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lake":{"name":"lake","type":"\u001bgcp.project.dataplexService.lake","title":"Google Cloud Dataplex lake","desc":"Examine a Dataplex lake — the top-level container that organizes data across storage systems into zones. Surfaces the lake's `location`, lifecycle `state`, `serviceAccount` used to access managed resources, the attached Dataproc Metastore service (`metastoreService`), and aggregated asset counts (`activeAssets`, `securityPolicyApplyingAssets`). Drill into `zones()` for the RAW and CURATED zones, and from there into the buckets and datasets the lake governs. Selected by its full resource name, for example `projects/my-project/locations/us-central1/lakes/my-lake`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"lakes":{"name":"lakes","type":"\u0019\u001bgcp.project.dataplexService.lake","title":"Dataplex lakes across all locations in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Dataplex","desc":"Use this resource as the entry point for Dataplex in the project. It hosts the data-management hierarchy: `lakes` group data across storage systems into zones, and from each lake you can drill into its zones and the Cloud Storage buckets and BigQuery datasets they govern. `enabled` reports whether the Dataplex API is turned on for the project.","private":true,"min_provider_version":"13.18.1","defaults":"projectId","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataplexService.lake":{"id":"gcp.project.dataplexService.lake","name":"gcp.project.dataplexService.lake","fields":{"activeAssets":{"name":"activeAssets","type":"\u0005","is_mandatory":true,"title":"Number of active assets in the lake","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-provided description of the lake","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-friendly display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Full resource name of the lake","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location (region) where the lake resides","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metastoreService":{"name":"metastoreService","type":"\u0007","is_mandatory":true,"title":"Resource name of the attached Dataproc Metastore service, if any","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short name of the lake","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityPolicyApplyingAssets":{"name":"securityPolicyApplyingAssets","type":"\u0005","is_mandatory":true,"title":"Number of assets still applying their security policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u0007","is_mandatory":true,"title":"Service account associated with the lake, used to access managed resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Lake lifecycle state","desc":"One of ACTIVE, CREATING, DELETING, or ACTION_REQUIRED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"System-generated unique ID for the lake","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.dataplexService.lake.zone","title":"Google Cloud Dataplex zone","desc":"Examine a zone within a Dataplex lake. A zone groups assets of a common kind and exposes its `type` (RAW or CURATED), the `resourceLocationType` governing where attached resources may live, the metadata-discovery configuration (`discoveryEnabled`, `discoverySchedule`, and the include and exclude path patterns), and lifecycle `state`. Drill into `assets()` for the Cloud Storage buckets and BigQuery datasets attached to the zone. Selected by its full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"zones":{"name":"zones","type":"\u0019\u001bgcp.project.dataplexService.lake.zone","title":"Zones within the lake","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Dataplex lake","desc":"Examine a Dataplex lake — the top-level container that organizes data across storage systems into zones. Surfaces the lake's `location`, lifecycle `state`, `serviceAccount` used to access managed resources, the attached Dataproc Metastore service (`metastoreService`), and aggregated asset counts (`activeAssets`, `securityPolicyApplyingAssets`). Drill into `zones()` for the RAW and CURATED zones, and from there into the buckets and datasets the lake governs. Selected by its full resource name, for example `projects/my-project/locations/us-central1/lakes/my-lake`.","private":true,"min_provider_version":"13.18.1","defaults":"name state location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataplexService.lake.zone":{"id":"gcp.project.dataplexService.lake.zone","name":"gcp.project.dataplexService.lake.zone","fields":{"asset":{"name":"asset","type":"\u001bgcp.project.dataplexService.lake.zone.asset","title":"Google Cloud Dataplex asset","desc":"Examine an asset attached to a Dataplex zone. An asset binds an external resource — a Cloud Storage bucket (`resourceType` STORAGE_BUCKET) or a BigQuery dataset (BIGQUERY_DATASET) — into the zone. Surfaces the backing `resourceName`, the `readAccessMode` (DIRECT or MANAGED), the state of security-policy application to the resource (`securityStatusState`), the metadata-discovery configuration, and lifecycle `state`. Selected by its full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"assets":{"name":"assets","type":"\u0019\u001bgcp.project.dataplexService.lake.zone.asset","title":"Assets attached to the zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-provided description of the zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discoveryEnabled":{"name":"discoveryEnabled","type":"\u0004","is_mandatory":true,"title":"Whether automatic metadata discovery is enabled for the zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discoveryExcludePatterns":{"name":"discoveryExcludePatterns","type":"\u0019\u0007","is_mandatory":true,"title":"Glob patterns of storage paths to exclude from discovery","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discoveryIncludePatterns":{"name":"discoveryIncludePatterns","type":"\u0019\u0007","is_mandatory":true,"title":"Glob patterns of storage paths to include in discovery","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discoverySchedule":{"name":"discoverySchedule","type":"\u0007","is_mandatory":true,"title":"Cron schedule for periodic metadata discovery runs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-friendly display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Full resource name of the zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location (region) of the parent lake","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short name of the zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceLocationType":{"name":"resourceLocationType","type":"\u0007","is_mandatory":true,"title":"Placement constraint for resources attached to the zone","desc":"One of SINGLE_REGION or MULTI_REGION.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Zone lifecycle state","desc":"One of ACTIVE, CREATING, DELETING, or ACTION_REQUIRED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Zone kind","desc":"One of RAW (raw, unstructured or semi-structured data) or CURATED (structured, query-ready data).","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"System-generated unique ID for the zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Dataplex zone","desc":"Examine a zone within a Dataplex lake. A zone groups assets of a common kind and exposes its `type` (RAW or CURATED), the `resourceLocationType` governing where attached resources may live, the metadata-discovery configuration (`discoveryEnabled`, `discoverySchedule`, and the include and exclude path patterns), and lifecycle `state`. Drill into `assets()` for the Cloud Storage buckets and BigQuery datasets attached to the zone. Selected by its full resource name.","private":true,"min_provider_version":"13.18.1","defaults":"name type state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataplexService.lake.zone.asset":{"id":"gcp.project.dataplexService.lake.zone.asset","name":"gcp.project.dataplexService.lake.zone.asset","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-provided description of the asset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discoveryEnabled":{"name":"discoveryEnabled","type":"\u0004","is_mandatory":true,"title":"Whether automatic metadata discovery is enabled for the asset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discoverySchedule":{"name":"discoverySchedule","type":"\u0007","is_mandatory":true,"title":"Cron schedule for periodic metadata discovery runs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-friendly display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Full resource name of the asset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location (region) of the parent lake","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short name of the asset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"readAccessMode":{"name":"readAccessMode","type":"\u0007","is_mandatory":true,"title":"How Dataplex manages read access to the attached resource","desc":"One of DIRECT (clients read the resource directly) or MANAGED (Dataplex brokers access to it).","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceName":{"name":"resourceName","type":"\u0007","is_mandatory":true,"title":"Relative resource name of the attached resource","desc":"For example `projects/{project}/buckets/{bucket}` for a Cloud Storage bucket or `projects/{project}/datasets/{dataset}` for a BigQuery dataset.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceType":{"name":"resourceType","type":"\u0007","is_mandatory":true,"title":"Kind of the attached resource","desc":"One of STORAGE_BUCKET or BIGQUERY_DATASET.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityStatusState":{"name":"securityStatusState","type":"\u0007","is_mandatory":true,"title":"State of security-policy application to the attached resource","desc":"One of READY, APPLYING, or ERROR.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Asset lifecycle state","desc":"One of ACTIVE, CREATING, DELETING, or ACTION_REQUIRED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"System-generated unique ID for the asset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Dataplex asset","desc":"Examine an asset attached to a Dataplex zone. An asset binds an external resource — a Cloud Storage bucket (`resourceType` STORAGE_BUCKET) or a BigQuery dataset (BIGQUERY_DATASET) — into the zone. Surfaces the backing `resourceName`, the `readAccessMode` (DIRECT or MANAGED), the state of security-policy application to the resource (`securityStatusState`), the metadata-discovery configuration, and lifecycle `state`. Selected by its full resource name.","private":true,"min_provider_version":"13.18.1","defaults":"name resourceType state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService":{"id":"gcp.project.dataprocService","name":"gcp.project.dataprocService","fields":{"autoscalingPolicies":{"name":"autoscalingPolicies","type":"\u0019\u001bgcp.project.dataprocService.autoscalingPolicy","title":"List of Dataproc autoscaling policies in the current project","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"autoscalingPolicy":{"name":"autoscalingPolicy","type":"\u001bgcp.project.dataprocService.autoscalingPolicy","title":"Google Cloud (GCP) Dataproc autoscaling policy","desc":"Examine a Dataproc autoscaling policy that governs cluster scaling. Covers the worker and secondary-worker scale-up/scale-down configurations and the basic autoscaling algorithm settings (cooldown period, scale-up and scale-down factors, minimum and maximum worker counts).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cluster":{"name":"cluster","type":"\u001bgcp.project.dataprocService.cluster","title":"Google Cloud (GCP) Dataproc cluster","desc":"Examine a Dataproc cluster's configuration and operational state. Covers the cluster UUID, labels, GCE and GKE compute configurations (machine types, disk settings, shielded-instance settings, service account, network and subnet), lifecycle policy (idle and auto-delete TTLs), software configuration, security settings, initialization actions, current and historical status, and virtual-cluster configuration for clusters that delegate to Kubernetes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"clusters":{"name":"clusters","type":"\u0019\u001bgcp.project.dataprocService.cluster","title":"List of Dataproc clusters in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the DataProc service is enabled in the project or not","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"job":{"name":"job","type":"\u001bgcp.project.dataprocService.job","title":"Google Cloud (GCP) Dataproc job","desc":"Examine a Dataproc job submitted to a cluster. Covers the job UUID, status (PENDING, RUNNING, DONE, ERROR, CANCELLED), job type (hadoop, spark, pyspark, hive, pig, presto, sparkR, sparkSql, flink), the target cluster, user-defined labels, and the driver output resource URI.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"jobs":{"name":"jobs","type":"\u0019\u001bgcp.project.dataprocService.job","title":"List of Dataproc jobs in the current project","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"regions":{"name":"regions","type":"\u0019\u0007","title":"List of available regions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc","desc":"Use this resource as the entry point for Dataproc in the project. It hosts the managed Spark and Hadoop surface: `clusters`, submitted `jobs`, and the `autoscalingPolicies` that govern cluster scaling. `regions` lists where Dataproc resources can be created and `enabled` reports whether the service is turned on.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.autoscalingPolicy":{"id":"gcp.project.dataprocService.autoscalingPolicy","name":"gcp.project.dataprocService.autoscalingPolicy","fields":{"basicAlgorithm":{"name":"basicAlgorithm","type":"\n","is_mandatory":true,"title":"Basic autoscaling algorithm configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secondaryWorkerConfig":{"name":"secondaryWorkerConfig","type":"\n","is_mandatory":true,"title":"Secondary worker configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workerConfig":{"name":"workerConfig","type":"\n","is_mandatory":true,"title":"Worker configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc autoscaling policy","desc":"Examine a Dataproc autoscaling policy that governs cluster scaling. Covers the worker and secondary-worker scale-up/scale-down configurations and the basic autoscaling algorithm settings (cooldown period, scale-up and scale-down factors, minimum and maximum worker counts).","private":true,"min_provider_version":"13.7.2","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster":{"id":"gcp.project.dataprocService.cluster","name":"gcp.project.dataprocService.cluster","fields":{"config":{"name":"config","type":"\u001bgcp.project.dataprocService.cluster.config","is_mandatory":true,"title":"Cluster configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings on the cluster (who can submit jobs to or manage the cluster)","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels associated with the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location where the cluster is deployed","min_provider_version":"11.2.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metrics":{"name":"metrics","type":"\n","is_mandatory":true,"title":"Contains cluster daemon metrics such as HDF and YARN stats","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u001bgcp.project.dataprocService.cluster.status","is_mandatory":true,"title":"Cluster status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"statusHistory":{"name":"statusHistory","type":"\u0019\u001bgcp.project.dataprocService.cluster.status","is_mandatory":true,"title":"Previous cluster status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uuid":{"name":"uuid","type":"\u0007","is_mandatory":true,"title":"Cluster UUID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"virtualClusterConfig":{"name":"virtualClusterConfig","type":"\u001bgcp.project.dataprocService.cluster.virtualClusterConfig","is_mandatory":true,"title":"Virtual cluster config used when creating a Dataproc cluster that does not directly control the underlying compute resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster","desc":"Examine a Dataproc cluster's configuration and operational state. Covers the cluster UUID, labels, GCE and GKE compute configurations (machine types, disk settings, shielded-instance settings, service account, network and subnet), lifecycle policy (idle and auto-delete TTLs), software configuration, security settings, initialization actions, current and historical status, and virtual-cluster configuration for clusters that delegate to Kubernetes.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.config":{"id":"gcp.project.dataprocService.cluster.config","name":"gcp.project.dataprocService.cluster.config","fields":{"autoscaling":{"name":"autoscaling","type":"\n","is_mandatory":true,"title":"Autoscaling configuration for the policy associated with the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"configBucket":{"name":"configBucket","type":"\u0007","is_mandatory":true,"title":"Cloud Storage bucket used to stage job dependencies, config files, and job driver console output","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryption":{"name":"encryption","type":"\n","is_mandatory":true,"title":"Encryption configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpoint":{"name":"endpoint","type":"\n","is_mandatory":true,"title":"Port/endpoint configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gceCluster":{"name":"gceCluster","type":"\u001bgcp.project.dataprocService.cluster.config.gceCluster","is_mandatory":true,"title":"Shared Compute Engine configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gkeCluster":{"name":"gkeCluster","type":"\u001bgcp.project.dataprocService.cluster.config.gkeCluster","is_mandatory":true,"title":"Kubernetes Engine config for Dataproc clusters deployed to Kubernetes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"initializationActions":{"name":"initializationActions","type":"\u0019\n","is_mandatory":true,"title":"Commands to execute on each node after config is completed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcp.project.dataprocService.cluster.config.instance","title":"Google Cloud (GCP) Dataproc cluster instance config","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt cluster node disks (and, for newer clusters, job arguments) at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lifecycle":{"name":"lifecycle","type":"\u001bgcp.project.dataprocService.cluster.config.lifecycle","is_mandatory":true,"title":"Lifecycle configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"master":{"name":"master","type":"\u001bgcp.project.dataprocService.cluster.config.instance","is_mandatory":true,"title":"Compute Engine config for the cluster's master instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metastore":{"name":"metastore","type":"\n","is_mandatory":true,"title":"Metastore configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metrics":{"name":"metrics","type":"\n","is_mandatory":true,"title":"Dataproc metrics configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parentResourcePath":{"name":"parentResourcePath","type":"\u0007","is_mandatory":true,"title":"Parent resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secondaryWorker":{"name":"secondaryWorker","type":"\u001bgcp.project.dataprocService.cluster.config.instance","is_mandatory":true,"title":"Compute Engine configuration for the cluster's secondary worker instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"security":{"name":"security","type":"\n","is_mandatory":true,"title":"Security configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"software":{"name":"software","type":"\n","is_mandatory":true,"title":"Cluster software configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tempBucket":{"name":"tempBucket","type":"\u0007","is_mandatory":true,"title":"Cloud Storage bucket used to store ephemeral cluster and jobs data","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"worker":{"name":"worker","type":"\u001bgcp.project.dataprocService.cluster.config.instance","is_mandatory":true,"title":"Compute Engine configuration for the cluster's worker instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster config","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.config.gceCluster":{"id":"gcp.project.dataprocService.cluster.config.gceCluster","name":"gcp.project.dataprocService.cluster.config.gceCluster","fields":{"confidentialInstance":{"name":"confidentialInstance","type":"\n","is_mandatory":true,"title":"Confidential instance configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"internalIpOnly":{"name":"internalIpOnly","type":"\u0004","is_mandatory":true,"title":"Whether the cluster has only internal IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadata":{"name":"metadata","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Compute Engine metadata entries","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUri":{"name":"networkUri","type":"\u0007","is_mandatory":true,"title":"Compute Engine network to be used for machine communications","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeGroupAffinity":{"name":"nodeGroupAffinity","type":"\n","is_mandatory":true,"title":"Node group affinity for sole-tenant clusters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateIpv6GoogleAccess":{"name":"privateIpv6GoogleAccess","type":"\u0007","is_mandatory":true,"title":"Type of IPv6 access for the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reservationAffinity":{"name":"reservationAffinity","type":"\u001bgcp.project.dataprocService.cluster.config.gceCluster.reservationAffinity","is_mandatory":true,"title":"Reservation affinity for consuming zonal reservations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"Service account used by the Dataproc cluster VM instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmail":{"name":"serviceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Email of the service account used by the Dataproc cluster VM instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountScopes":{"name":"serviceAccountScopes","type":"\u0019\u0007","is_mandatory":true,"title":"URIs of service account scopes to be included in Compute Engine instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shieldedInstanceConfig":{"name":"shieldedInstanceConfig","type":"\u001bgcp.project.dataprocService.cluster.config.gceCluster.shieldedInstanceConfig","is_mandatory":true,"title":"Shielded instance config for clusters using Compute Engine Shielded VMs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetworkUri":{"name":"subnetworkUri","type":"\u0007","is_mandatory":true,"title":"Compute Engine subnetwork to use for machine communications","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Compute Engine tags","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zoneUri":{"name":"zoneUri","type":"\u0007","is_mandatory":true,"title":"Zone where the Compute Engine cluster is located","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster endpoint config","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.config.gceCluster.reservationAffinity":{"id":"gcp.project.dataprocService.cluster.config.gceCluster.reservationAffinity","name":"gcp.project.dataprocService.cluster.config.gceCluster.reservationAffinity","fields":{"consumeReservationType":{"name":"consumeReservationType","type":"\u0007","is_mandatory":true,"title":"Type of reservation to consume","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Corresponds to the label key of the reservation resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"values":{"name":"values","type":"\u0019\u0007","is_mandatory":true,"title":"Corresponds to the label values of the reservation resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster GCE cluster reservation affinity config","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.config.gceCluster.shieldedInstanceConfig":{"id":"gcp.project.dataprocService.cluster.config.gceCluster.shieldedInstanceConfig","name":"gcp.project.dataprocService.cluster.config.gceCluster.shieldedInstanceConfig","fields":{"enableIntegrityMonitoring":{"name":"enableIntegrityMonitoring","type":"\u0004","is_mandatory":true,"title":"Whether the instances have integrity monitoring enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableSecureBoot":{"name":"enableSecureBoot","type":"\u0004","is_mandatory":true,"title":"Whether the instances have Secure Boot enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableVtpm":{"name":"enableVtpm","type":"\u0004","is_mandatory":true,"title":"Whether the instances have the vTPM enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster GCE cluster shielded instance config","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.config.gkeCluster":{"id":"gcp.project.dataprocService.cluster.config.gkeCluster","name":"gcp.project.dataprocService.cluster.config.gkeCluster","fields":{"gkeClusterTarget":{"name":"gkeClusterTarget","type":"\u0007","is_mandatory":true,"title":"Target GKE cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodePoolTarget":{"name":"nodePoolTarget","type":"\u0019\n","is_mandatory":true,"title":"GKE node pools where workloads are scheduled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster GKE cluster config","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.config.instance":{"id":"gcp.project.dataprocService.cluster.config.instance","name":"gcp.project.dataprocService.cluster.config.instance","fields":{"accelerators":{"name":"accelerators","type":"\u0019\n","is_mandatory":true,"title":"Compute Engine accelerators","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskConfig":{"name":"diskConfig","type":"\u001bgcp.project.dataprocService.cluster.config.instance.diskConfig","is_mandatory":true,"title":"Disk options","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"imageUri":{"name":"imageUri","type":"\u0007","is_mandatory":true,"title":"Compute Engine imager resource used for cluster instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceNames":{"name":"instanceNames","type":"\u0019\u0007","is_mandatory":true,"title":"List of instance names","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceReferences":{"name":"instanceReferences","type":"\u0019\n","is_mandatory":true,"title":"List of references to Compute Engine instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isPreemptible":{"name":"isPreemptible","type":"\u0004","is_mandatory":true,"title":"Whether the instance group contains preemptible instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineTypeUri":{"name":"machineTypeUri","type":"\u0007","is_mandatory":true,"title":"Compute Engine machine type used for cluster instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedGroupConfig":{"name":"managedGroupConfig","type":"\n","is_mandatory":true,"title":"Config for Compute Engine Instance Group Manager that manages this group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minCpuPlatform":{"name":"minCpuPlatform","type":"\u0007","is_mandatory":true,"title":"Minimum CPU platform for the instance group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"numInstances":{"name":"numInstances","type":"\u0005","is_mandatory":true,"title":"Number of VM instances in the instance group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"preemptibility":{"name":"preemptibility","type":"\u0007","is_mandatory":true,"title":"The preemptibility of the instance group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster instance config","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.config.instance.diskConfig":{"id":"gcp.project.dataprocService.cluster.config.instance.diskConfig","name":"gcp.project.dataprocService.cluster.config.instance.diskConfig","fields":{"bootDiskSizeGb":{"name":"bootDiskSizeGb","type":"\u0005","is_mandatory":true,"title":"Size in GB of the boot disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"bootDiskType":{"name":"bootDiskType","type":"\u0007","is_mandatory":true,"title":"Type of the boot disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"localSsdInterface":{"name":"localSsdInterface","type":"\u0007","is_mandatory":true,"title":"Interface type of local SSDs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"numLocalSsds":{"name":"numLocalSsds","type":"\u0005","is_mandatory":true,"title":"Number of attached SSDs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster instance disk config","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.config.lifecycle":{"id":"gcp.project.dataprocService.cluster.config.lifecycle","name":"gcp.project.dataprocService.cluster.config.lifecycle","fields":{"autoDeleteTime":{"name":"autoDeleteTime","type":"\u0007","is_mandatory":true,"title":"Time when the cluster will be auto-deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"autoDeleteTtl":{"name":"autoDeleteTtl","type":"\u0007","is_mandatory":true,"title":"Lifetime duration of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"idleDeleteTtl":{"name":"idleDeleteTtl","type":"\u0007","is_mandatory":true,"title":"Duration to keep the cluster alive while idling","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"idleStartTime":{"name":"idleStartTime","type":"\u0007","is_mandatory":true,"title":"Time when the cluster will be auto-resumed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster lifecycle config","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.status":{"id":"gcp.project.dataprocService.cluster.status","name":"gcp.project.dataprocService.cluster.status","fields":{"detail":{"name":"detail","type":"\u0007","is_mandatory":true,"title":"Details of the cluster's state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"started":{"name":"started","type":"\t","is_mandatory":true,"title":"Started timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Cluster's state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"substate":{"name":"substate","type":"\u0007","is_mandatory":true,"title":"Additional state information that includes status reported by the agent","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster status","private":true,"min_provider_version":"9.0.0","defaults":"state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.cluster.virtualClusterConfig":{"id":"gcp.project.dataprocService.cluster.virtualClusterConfig","name":"gcp.project.dataprocService.cluster.virtualClusterConfig","fields":{"auxiliaryServices":{"name":"auxiliaryServices","type":"\n","is_mandatory":true,"title":"Auxiliary services configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kubernetesCluster":{"name":"kubernetesCluster","type":"\n","is_mandatory":true,"title":"Kubernetes cluster configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parentResourcePath":{"name":"parentResourcePath","type":"\u0007","is_mandatory":true,"title":"Parent resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stagingBucket":{"name":"stagingBucket","type":"\u0007","is_mandatory":true,"title":"Cloud Storage bucket used to stage job dependencies, config files, and job driver console output","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc cluster virtual cluster config","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dataprocService.job":{"id":"gcp.project.dataprocService.job","name":"gcp.project.dataprocService.job","fields":{"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Cluster the job is submitted to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"done":{"name":"done","type":"\u0004","is_mandatory":true,"title":"Whether the job is complete","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"driverOutputResourceUri":{"name":"driverOutputResourceUri","type":"\u0007","is_mandatory":true,"title":"Driver output resource URI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"jobType":{"name":"jobType","type":"\u0007","is_mandatory":true,"title":"Job type (hadoop, spark, pyspark, hive, pig, presto, sparkR, sparkSql, flink)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"jobUuid":{"name":"jobUuid","type":"\u0007","is_mandatory":true,"title":"Job UUID (unique across project over time)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (project_id + job_id)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Job status (PENDING, SETUP_DONE, RUNNING, CANCEL_PENDING, CANCEL_STARTED, CANCELLED, DONE, ERROR, ATTEMPT_FAILURE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"statusDetail":{"name":"statusDetail","type":"\u0007","is_mandatory":true,"title":"Status detail message","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Dataproc job","desc":"Examine a Dataproc job submitted to a cluster. Covers the job UUID, status (PENDING, RUNNING, DONE, ERROR, CANCELLED), job type (hadoop, spark, pyspark, hive, pig, presto, sparkR, sparkSql, flink), the target cluster, user-defined labels, and the driver output resource URI.","private":true,"min_provider_version":"13.7.2","defaults":"name status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.datastreamService":{"id":"gcp.project.datastreamService","name":"gcp.project.datastreamService","fields":{"connectionProfile":{"name":"connectionProfile","type":"\u001bgcp.project.datastreamService.connectionProfile","title":"Google Cloud (GCP) Datastream connection profile","desc":"Examine a Datastream connection profile — the credentials and endpoint configuration for a data source or destination. Inspect `profileType` (mysql, postgresql, oracle, sqlserver, mongodb, bigquery, gcs, salesforce) to determine the profile variant; `profile` for the type-specific connection parameters; `connectivityType` for the network path (forwardSsh, privateConnectivity, staticServiceIp); and `privateConnection` when private VPC connectivity is used.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"connectionProfiles":{"name":"connectionProfiles","type":"\u0019\u001bgcp.project.datastreamService.connectionProfile","title":"List of Datastream connection profiles in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateConnection":{"name":"privateConnection","type":"\u001bgcp.project.datastreamService.privateConnection","title":"Google Cloud (GCP) Datastream private connection","desc":"Examine a Datastream private connection — a VPC peering arrangement that provides private network access from Datastream to on-premises or private cloud data sources. Inspect `network` for the peered VPC; `subnet` for the CIDR range allocated to the peering; `state` for the lifecycle (CREATING, CREATED, FAILED, DELETING, DELETED); `error` for any failure details; and `routes` for the routing entries configured inside the private connection.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"privateConnections":{"name":"privateConnections","type":"\u0019\u001bgcp.project.datastreamService.privateConnection","title":"List of Datastream private connections in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"route":{"name":"route","type":"\u001bgcp.project.datastreamService.route","title":"Google Cloud (GCP) Datastream route","desc":"Examine a route inside a Datastream private connection. Inspect `destinationAddress` for the destination host or IP and `destinationPort` for the optional port override that steers traffic from Datastream workers through the private connection to the target data source.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"stream":{"name":"stream","type":"\u001bgcp.project.datastreamService.stream","title":"Google Cloud (GCP) Datastream stream","desc":"Examine a Datastream change-data-capture stream. Inspect `state` for the operational lifecycle; `source` and `destination` to traverse to the connection profiles at each end; `sourceConfig` and `destinationConfig` for the type-specific replication parameters; `kmsKey` for the customer-managed encryption key; `backfillStrategy` to verify whether historical data is automatically backfilled; and `errors` for failures reported by the stream.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"streams":{"name":"streams","type":"\u0019\u001bgcp.project.datastreamService.stream","title":"List of Datastream streams in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Datastream","desc":"Use this resource as the entry point for Datastream in the project. It hosts the change-data-capture surface: `streams`, the source and destination `connectionProfiles` they use, and the `privateConnections` that provide private network connectivity.","private":true,"min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.datastreamService.connectionProfile":{"id":"gcp.project.datastreamService.connectionProfile","name":"gcp.project.datastreamService.connectionProfile","fields":{"bucket":{"name":"bucket","type":"\u001bgcp.project.storageService.bucket","title":"Resolved GCS bucket (only when profileType == \"gcs\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectivity":{"name":"connectivity","type":"\n","is_mandatory":true,"title":"Connectivity-specific configuration (variant determined by connectivityType)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectivityType":{"name":"connectivityType","type":"\u0007","is_mandatory":true,"title":"Connectivity type: forwardSsh | privateConnectivity | staticServiceIp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-provided display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/P/locations/L/connectionProfiles/C)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateConnection":{"name":"privateConnection","type":"\u001bgcp.project.datastreamService.privateConnection","title":"Resolved private connection (only when connectivityType == \"privateConnectivity\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profile":{"name":"profile","type":"\n","is_mandatory":true,"title":"Profile-specific configuration (variant determined by profileType)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profileType":{"name":"profileType","type":"\u0007","is_mandatory":true,"title":"Profile type: mysql | postgresql | oracle | sqlserver | mongodb | bigquery | gcs | salesforce","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the resource satisfies PZI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the resource satisfies PZS","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Datastream connection profile","desc":"Examine a Datastream connection profile — the credentials and endpoint configuration for a data source or destination. Inspect `profileType` (mysql, postgresql, oracle, sqlserver, mongodb, bigquery, gcs, salesforce) to determine the profile variant; `profile` for the type-specific connection parameters; `connectivityType` for the network path (forwardSsh, privateConnectivity, staticServiceIp); and `privateConnection` when private VPC connectivity is used.","private":true,"min_provider_version":"13.11.2","defaults":"name profileType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.datastreamService.privateConnection":{"id":"gcp.project.datastreamService.privateConnection","name":"gcp.project.datastreamService.privateConnection","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-provided display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"error":{"name":"error","type":"\n","is_mandatory":true,"title":"Last error (reason, message, errorTime, details)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/P/locations/L/privateConnections/P)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Peered VPC network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"routes":{"name":"routes","type":"\u0019\u001bgcp.project.datastreamService.route","title":"Routes inside this private connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the private connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnet":{"name":"subnet","type":"\u0007","is_mandatory":true,"title":"CIDR subnet used for the peered network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Datastream private connection","desc":"Examine a Datastream private connection — a VPC peering arrangement that provides private network access from Datastream to on-premises or private cloud data sources. Inspect `network` for the peered VPC; `subnet` for the CIDR range allocated to the peering; `state` for the lifecycle (CREATING, CREATED, FAILED, DELETING, DELETED); `error` for any failure details; and `routes` for the routing entries configured inside the private connection.","private":true,"min_provider_version":"13.11.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.datastreamService.route":{"id":"gcp.project.datastreamService.route","name":"gcp.project.datastreamService.route","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destinationAddress":{"name":"destinationAddress","type":"\u0007","is_mandatory":true,"title":"Destination address (host or IP)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destinationPort":{"name":"destinationPort","type":"\u0005","is_mandatory":true,"title":"Destination port (0 if not specified)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-provided display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/P/locations/L/privateConnections/P/routes/R)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateConnectionName":{"name":"privateConnectionName","type":"\u0007","is_mandatory":true,"title":"Parent private connection resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Datastream route","desc":"Examine a route inside a Datastream private connection. Inspect `destinationAddress` for the destination host or IP and `destinationPort` for the optional port override that steers traffic from Datastream workers through the private connection to the target data source.","private":true,"min_provider_version":"13.11.2","defaults":"name destinationAddress","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.datastreamService.stream":{"id":"gcp.project.datastreamService.stream","name":"gcp.project.datastreamService.stream","fields":{"backfillStrategy":{"name":"backfillStrategy","type":"\u0007","is_mandatory":true,"title":"Backfill strategy: \"all\" (auto-backfill all objects) or \"none\" (manual)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destination":{"name":"destination","type":"\u001bgcp.project.datastreamService.connectionProfile","title":"Destination connection profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destinationConfig":{"name":"destinationConfig","type":"\n","is_mandatory":true,"title":"Destination configuration variant (oneof: bigqueryDestinationConfig | gcsDestinationConfig)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-provided display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"error":{"name":"error","type":"\u001bgcp.project.datastreamService.stream.error","title":"Google Cloud (GCP) Datastream stream error","desc":"Examine an error reported by a Datastream stream. Inspect `reason` for the error code, `message` for the human-readable description, `errorTime` for when the error occurred, and `details` for additional key-value context returned by the Datastream service.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"errors":{"name":"errors","type":"\u0019\u001bgcp.project.datastreamService.stream.error","is_mandatory":true,"title":"Errors raised by the stream","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key (CMEK) used to encrypt the stream","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/P/locations/L/streams/S)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the resource satisfies PZI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the resource satisfies PZS","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"source":{"name":"source","type":"\u001bgcp.project.datastreamService.connectionProfile","title":"Source connection profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceConfig":{"name":"sourceConfig","type":"\n","is_mandatory":true,"title":"Source configuration variant","desc":"Oneof: mysqlSourceConfig | postgresqlSourceConfig | oracleSourceConfig | sqlServerSourceConfig | mongodbSourceConfig | salesforceSourceConfig.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the stream","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Datastream stream","desc":"Examine a Datastream change-data-capture stream. Inspect `state` for the operational lifecycle; `source` and `destination` to traverse to the connection profiles at each end; `sourceConfig` and `destinationConfig` for the type-specific replication parameters; `kmsKey` for the customer-managed encryption key; `backfillStrategy` to verify whether historical data is automatically backfilled; and `errors` for failures reported by the stream.","private":true,"min_provider_version":"13.11.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.datastreamService.stream.error":{"id":"gcp.project.datastreamService.stream.error","name":"gcp.project.datastreamService.stream.error","fields":{"details":{"name":"details","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Additional details about the error","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"errorTime":{"name":"errorTime","type":"\t","is_mandatory":true,"title":"Time the error occurred","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"errorUuid":{"name":"errorUuid","type":"\u0007","is_mandatory":true,"title":"Unique error identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"message":{"name":"message","type":"\u0007","is_mandatory":true,"title":"Human-readable error message","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reason":{"name":"reason","type":"\u0007","is_mandatory":true,"title":"Error reason code","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"streamName":{"name":"streamName","type":"\u0007","is_mandatory":true,"title":"Parent stream resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Datastream stream error","desc":"Examine an error reported by a Datastream stream. Inspect `reason` for the error code, `message` for the human-readable description, `errorTime` for when the error occurred, and `details` for additional key-value context returned by the Datastream service.","private":true,"min_provider_version":"13.11.2","defaults":"errorUuid reason","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService":{"id":"gcp.project.dlpService","name":"gcp.project.dlpService","fields":{"columnDataProfile":{"name":"columnDataProfile","type":"\u001bgcp.project.dlpService.columnDataProfile","title":"Google Cloud (GCP) Cloud DLP column data profile","desc":"Examine the sensitivity profile of a single BigQuery column. `columnInfoType` names the detected infoType; `freeTextScore` indicates how likely the column holds free-form text that could contain sensitive data; `columnType` and `policyState` describe BigQuery column metadata captured at profile time.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"columnDataProfiles":{"name":"columnDataProfiles","type":"\u0019\u001bgcp.project.dlpService.columnDataProfile","title":"Column-level data sensitivity profiles for BigQuery columns — detected infoType, free-text status, and column data type","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connection":{"name":"connection","type":"\u001bgcp.project.dlpService.connection","title":"Google Cloud (GCP) Cloud DLP connection to a data source","desc":"Examine a Cloud DLP connection to a data source used during discovery (Cloud SQL or AlloyDB). `state` reports connectivity health; `properties` holds the connection details whose shape varies by the configured data source: `cloudSql` (instance + db name + credential), etc.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"connections":{"name":"connections","type":"\u0019\u001bgcp.project.dlpService.connection","title":"Connections to data sources used by discovery (Cloud SQL, AlloyDB)","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deidentifyTemplate":{"name":"deidentifyTemplate","type":"\u001bgcp.project.dlpService.deidentifyTemplate","title":"Google Cloud (GCP) Cloud DLP deidentify template","desc":"Examine the configuration of a Cloud DLP deidentify template. Inspect `deidentifyConfig` for the transformation rules (masking, encryption, replacement, bucketing) applied to sensitive data fields detected during inspection. Templates are referenced by DLP jobs to ensure consistent de-identification across the project.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"deidentifyTemplates":{"name":"deidentifyTemplates","type":"\u0019\u001bgcp.project.dlpService.deidentifyTemplate","title":"Deidentify templates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discoveryConfig":{"name":"discoveryConfig","type":"\u001bgcp.project.dlpService.discoveryConfig","title":"Google Cloud (GCP) Cloud DLP discovery configuration","desc":"Examine a discovery configuration — a schedule that auto-discovers and profiles BigQuery and Cloud Storage resources. Inspect `status` for the run state (RUNNING, PAUSED), `targets` for the resource selection rules, and `inspectTemplates` for the inspection templates the discovery applies to scanned data.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"discoveryConfigs":{"name":"discoveryConfigs","type":"\u0019\u001bgcp.project.dlpService.discoveryConfig","title":"Discovery configurations","desc":"Schedules that auto-profile BigQuery datasets and Cloud Storage buckets and emit `tableDataProfile` and `fileStoreDataProfile` records.","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dlpJob":{"name":"dlpJob","type":"\u001bgcp.project.dlpService.dlpJob","title":"Google Cloud (GCP) Cloud DLP job","desc":"Examine a single Cloud DLP inspect or risk-analysis job. `type` distinguishes INSPECT_JOB (a scan that detects sensitive data in BigQuery, Cloud Storage, or Datastore) from RISK_ANALYSIS_JOB (re-identification analysis). `state` reflects lifecycle (PENDING, RUNNING, DONE, CANCELED, FAILED, ACTIVE); `details` contains the scan configuration and result counts as a dict whose shape varies by `type`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dlpJobs":{"name":"dlpJobs","type":"\u0019\u001bgcp.project.dlpService.dlpJob","title":"Inspect and risk-analysis jobs (current and historical)","desc":"`INSPECT_JOB` runs sensitive-data scans against BigQuery, Cloud Storage, or Datastore; `RISK_ANALYSIS_JOB` analyzes re-identification risk.","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileStoreDataProfile":{"name":"fileStoreDataProfile","type":"\u001bgcp.project.dlpService.fileStoreDataProfile","title":"Google Cloud (GCP) Cloud DLP file-store data profile","desc":"Examine the sensitivity profile of a single Cloud Storage bucket — the GCS analog of AWS Macie bucket coverage. `sensitivityScore` and `dataRiskLevel` aggregate the bucket's sensitivity; `fileStoreInfoTypeSummaries` lists the infoTypes detected across the bucket's files; `resourceVisibility` reports public/restricted access; `bucket` traverses to the underlying Cloud Storage bucket resource for owner-side queries (IAM, lifecycle, encryption).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"fileStoreDataProfiles":{"name":"fileStoreDataProfiles","type":"\u0019\u001bgcp.project.dlpService.fileStoreDataProfile","title":"File-store sensitivity profiles for Cloud Storage buckets","desc":"Reports sensitivity score, risk level, infoType summaries, and visibility (the GCS analog of AWS Macie bucket coverage).","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"inspectTemplate":{"name":"inspectTemplate","type":"\u001bgcp.project.dlpService.inspectTemplate","title":"Google Cloud (GCP) Cloud DLP inspect template","desc":"Examine the configuration of a Cloud DLP inspect template. Inspect `inspectConfig` for the info types, likelihood thresholds, and content inspection rules that govern sensitive-data detection. Templates are referenced by discovery configurations and job triggers to standardize scanning parameters across the project.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"inspectTemplates":{"name":"inspectTemplates","type":"\u0019\u001bgcp.project.dlpService.inspectTemplate","title":"Inspect templates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"jobTrigger":{"name":"jobTrigger","type":"\u001bgcp.project.dlpService.jobTrigger","title":"Google Cloud (GCP) Cloud DLP job trigger","desc":"Examine a Cloud DLP job trigger — a scheduled or event-driven rule that automatically launches DLP inspect jobs. Inspect `status` for operational health (HEALTHY, PAUSED, CANCELLED), `triggers` for the schedule or event conditions that activate the job, `inspectJob` for the scan configuration, and `errors` for failures from recent activations.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"jobTriggers":{"name":"jobTriggers","type":"\u0019\u001bgcp.project.dlpService.jobTrigger","title":"Job triggers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectDataProfile":{"name":"projectDataProfile","type":"\u001bgcp.project.dlpService.projectDataProfile","title":"Google Cloud (GCP) Cloud DLP project data profile","desc":"Examine the project-level sensitivity profile produced by Cloud DLP discovery. `sensitivityScore` and `dataRiskLevel` summarize the project's data risk; `tableDataProfileCount` and `fileStoreDataProfileCount` indicate how many per-resource profiles back this aggregate.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectDataProfiles":{"name":"projectDataProfiles","type":"\u0019\u001bgcp.project.dlpService.projectDataProfile","title":"Project-level data sensitivity profiles produced by discovery — one per profiled project, with sensitivity and risk scores","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storedInfoType":{"name":"storedInfoType","type":"\u001bgcp.project.dlpService.storedInfoType","title":"Google Cloud (GCP) Cloud DLP stored info type","desc":"Examine a Cloud DLP stored info type — a reusable, pre-built dictionary or regular-expression detector that can be referenced across inspect templates and job triggers. `currentVersion` holds the active config, stats, and build state; `pendingVersions` lists versions being rebuilt when the underlying data source changes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"storedInfoTypes":{"name":"storedInfoTypes","type":"\u0019\u001bgcp.project.dlpService.storedInfoType","title":"Stored info types","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tableDataProfile":{"name":"tableDataProfile","type":"\u001bgcp.project.dlpService.tableDataProfile","title":"Google Cloud (GCP) Cloud DLP table data profile","desc":"Examine the sensitivity profile of a single BigQuery table. Inspect `sensitivityScore` and `dataRiskLevel` for the aggregate scores; `predictedInfoTypes` and `otherInfoTypes` for the detected infoTypes; `encryptionStatus` and `resourceVisibility` for posture; and `bigqueryTable` to traverse to the BigQuery table resource.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"tableDataProfiles":{"name":"tableDataProfiles","type":"\u0019\u001bgcp.project.dlpService.tableDataProfile","title":"Table-level data sensitivity profiles for BigQuery tables — sensitivity score, predicted infoTypes, encryption status, and resource visibility","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Sensitive Data Protection (Cloud DLP)","desc":"Use this resource as the entry point for Sensitive Data Protection in the project. It hosts the configuration surface (`inspectTemplates`, `deidentifyTemplates`, `storedInfoTypes`, `jobTriggers`, `discoveryConfigs`, `connections`), the `dlpJobs` that run inspection and risk-analysis scans, and the data sensitivity profiles produced by discovery — `projectDataProfiles`, `tableDataProfiles`, `columnDataProfiles`, and `fileStoreDataProfiles`.","private":true,"min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.columnDataProfile":{"id":"gcp.project.dlpService.columnDataProfile","name":"gcp.project.dlpService.columnDataProfile","fields":{"column":{"name":"column","type":"\u0007","is_mandatory":true,"title":"BigQuery column name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"columnInfoType":{"name":"columnInfoType","type":"\n","is_mandatory":true,"title":"InfoType detected for this column, with keys `infoType` and `estimatedPrevalence`","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"columnType":{"name":"columnType","type":"\u0007","is_mandatory":true,"title":"BigQuery column type (INTEGER, STRING, RECORD, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataRiskLevel":{"name":"dataRiskLevel","type":"\n","is_mandatory":true,"title":"Column-level data risk level","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datasetId":{"name":"datasetId","type":"\u0007","is_mandatory":true,"title":"BigQuery dataset ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"freeTextScore":{"name":"freeTextScore","type":"\u0006","is_mandatory":true,"title":"Free-text likelihood score (higher means more likely to hold free-form text)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"otherMatches":{"name":"otherMatches","type":"\u0019\n","is_mandatory":true,"title":"Other infoTypes also detected for this column","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"policyState":{"name":"policyState","type":"\u0007","is_mandatory":true,"title":"BigQuery policy tag state for the column","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profileLastGenerated":{"name":"profileLastGenerated","type":"\t","is_mandatory":true,"title":"Time when this profile was most recently generated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sensitivityScore":{"name":"sensitivityScore","type":"\n","is_mandatory":true,"title":"Column-level sensitivity score","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the profile: PROFILE_STATE_UNSPECIFIED, RUNNING, or DONE","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tableFullResource":{"name":"tableFullResource","type":"\u0007","is_mandatory":true,"title":"Full resource name of the profiled table","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tableId":{"name":"tableId","type":"\u0007","is_mandatory":true,"title":"BigQuery table ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP column data profile","desc":"Examine the sensitivity profile of a single BigQuery column. `columnInfoType` names the detected infoType; `freeTextScore` indicates how likely the column holds free-form text that could contain sensitive data; `columnType` and `policyState` describe BigQuery column metadata captured at profile time.","private":true,"min_provider_version":"13.14.2","defaults":"column tableId sensitivityScore","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.connection":{"id":"gcp.project.dlpService.connection","name":"gcp.project.dlpService.connection","fields":{"errors":{"name":"errors","type":"\u0019\n","is_mandatory":true,"title":"Connection errors if state is ERROR","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Connection properties","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Connection state: MISSING_CREDENTIALS, AVAILABLE, or ERROR","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP connection to a data source","desc":"Examine a Cloud DLP connection to a data source used during discovery (Cloud SQL or AlloyDB). `state` reports connectivity health; `properties` holds the connection details whose shape varies by the configured data source: `cloudSql` (instance + db name + credential), etc.","private":true,"min_provider_version":"13.14.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.deidentifyTemplate":{"id":"gcp.project.dlpService.deidentifyTemplate","name":"gcp.project.dlpService.deidentifyTemplate","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deidentifyConfig":{"name":"deidentifyConfig","type":"\n","is_mandatory":true,"title":"Deidentify configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP deidentify template","desc":"Examine the configuration of a Cloud DLP deidentify template. Inspect `deidentifyConfig` for the transformation rules (masking, encryption, replacement, bucketing) applied to sensitive data fields detected during inspection. Templates are referenced by DLP jobs to ensure consistent de-identification across the project.","private":true,"min_provider_version":"13.6.1","defaults":"name displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.discoveryConfig":{"id":"gcp.project.dlpService.discoveryConfig","name":"gcp.project.dlpService.discoveryConfig","fields":{"actions":{"name":"actions","type":"\u0019\n","is_mandatory":true,"title":"Post-discovery actions (publish to SCC, export to BigQuery, Pub/Sub, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time when the config was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Human-readable display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"errors":{"name":"errors","type":"\u0019\n","is_mandatory":true,"title":"Errors encountered during recent discovery runs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"inspectTemplates":{"name":"inspectTemplates","type":"\u0019\u0007","is_mandatory":true,"title":"Inspection templates the discovery applies to scanned data, by their resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastRunTime":{"name":"lastRunTime","type":"\t","is_mandatory":true,"title":"Last time the discovery config was run","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"orgConfig":{"name":"orgConfig","type":"\n","is_mandatory":true,"title":"Org owner / project owner that issued the discovery config","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Run state: RUNNING or PAUSED","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"targets":{"name":"targets","type":"\u0019\n","is_mandatory":true,"title":"Resource discovery targets","desc":"Keys depend on the target type: BigQuery has `bigQueryTarget` (filter + conditions), Cloud Storage has `cloudStorageTarget`, Cloud SQL has `cloudSqlTarget`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time when the config was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP discovery configuration","desc":"Examine a discovery configuration — a schedule that auto-discovers and profiles BigQuery and Cloud Storage resources. Inspect `status` for the run state (RUNNING, PAUSED), `targets` for the resource selection rules, and `inspectTemplates` for the inspection templates the discovery applies to scanned data.","private":true,"min_provider_version":"13.14.2","defaults":"name displayName status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.dlpJob":{"id":"gcp.project.dlpService.dlpJob","name":"gcp.project.dlpService.dlpJob","fields":{"actionDetails":{"name":"actionDetails","type":"\u0019\n","is_mandatory":true,"title":"Post-job actions (publish to Pub/Sub, save findings to BigQuery, publish to Security Command Center, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time when the job was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"details":{"name":"details","type":"\n","is_mandatory":true,"title":"Job-type-specific configuration and result details","desc":"Keys depend on `type`: INSPECT_JOB has `requestedOptions`, `result`, `inspectDetails`; RISK_ANALYSIS_JOB has `requestedSourceTable`, `requestedPrivacyMetric`, `riskDetails`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ended":{"name":"ended","type":"\t","is_mandatory":true,"title":"Time when the job finished","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"errors":{"name":"errors","type":"\u0019\n","is_mandatory":true,"title":"Errors encountered while running the job","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"jobTrigger":{"name":"jobTrigger","type":"\u0007","is_mandatory":true,"title":"Resource name of the job trigger that created this job, empty for ad-hoc jobs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastModified":{"name":"lastModified","type":"\t","is_mandatory":true,"title":"Time when the job was last modified by the system","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (`projects/{project}/locations/{location}/dlpJobs/{job-id}`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"started":{"name":"started","type":"\t","is_mandatory":true,"title":"Time when the job started","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Job state: PENDING, RUNNING, DONE, CANCELED, FAILED, or ACTIVE","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Job type: INSPECT_JOB or RISK_ANALYSIS_JOB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP job","desc":"Examine a single Cloud DLP inspect or risk-analysis job. `type` distinguishes INSPECT_JOB (a scan that detects sensitive data in BigQuery, Cloud Storage, or Datastore) from RISK_ANALYSIS_JOB (re-identification analysis). `state` reflects lifecycle (PENDING, RUNNING, DONE, CANCELED, FAILED, ACTIVE); `details` contains the scan configuration and result counts as a dict whose shape varies by `type`.","private":true,"min_provider_version":"13.14.2","defaults":"name type state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.fileStoreDataProfile":{"id":"gcp.project.dlpService.fileStoreDataProfile","name":"gcp.project.dlpService.fileStoreDataProfile","fields":{"bucket":{"name":"bucket","type":"\u001bgcp.project.storageService.bucket","title":"Cloud Storage bucket this profile describes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time when the bucket was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataRiskLevel":{"name":"dataRiskLevel","type":"\n","is_mandatory":true,"title":"Data risk level, with key `score` (HIGH/MEDIUM/LOW)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataSourceType":{"name":"dataSourceType","type":"\u0007","is_mandatory":true,"title":"Resource type that was profiled, e.g. `google.cloudstorage.bucket`","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataStorageLocations":{"name":"dataStorageLocations","type":"\u0019\u0007","is_mandatory":true,"title":"For multi-region buckets, the individual storage locations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileClusterSummaries":{"name":"fileClusterSummaries","type":"\u0019\n","is_mandatory":true,"title":"Per-cluster summaries (clusters group files by type: documents, images, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileStoreInfoTypeSummaries":{"name":"fileStoreInfoTypeSummaries","type":"\u0019\n","is_mandatory":true,"title":"Detected infoType summaries across the bucket's files","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileStoreIsEmpty":{"name":"fileStoreIsEmpty","type":"\u0004","is_mandatory":true,"title":"Whether the bucket contains no files","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileStoreLocation":{"name":"fileStoreLocation","type":"\u0007","is_mandatory":true,"title":"Location of the bucket (region or multi-region)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileStorePath":{"name":"fileStorePath","type":"\u0007","is_mandatory":true,"title":"File-store path (`gs://{bucket}` for Cloud Storage)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fullResource":{"name":"fullResource","type":"\u0007","is_mandatory":true,"title":"Full resource name of the profiled resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastModifiedTime":{"name":"lastModifiedTime","type":"\t","is_mandatory":true,"title":"Time when the bucket was last modified","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locationType":{"name":"locationType","type":"\u0007","is_mandatory":true,"title":"Location type: region, dual-region, or multi-region","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profileLastGenerated":{"name":"profileLastGenerated","type":"\t","is_mandatory":true,"title":"Time when this profile was most recently generated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profileStatus":{"name":"profileStatus","type":"\n","is_mandatory":true,"title":"Status of the last profile-generation attempt","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"GCP project ID that owns the bucket","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceAttributes":{"name":"resourceAttributes","type":"\n","is_mandatory":true,"title":"Resource attributes captured by the profile, e.g. `customer_managed_encryption` boolean","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceLabels":{"name":"resourceLabels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels on the bucket at profile-generation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceVisibility":{"name":"resourceVisibility","type":"\u0007","is_mandatory":true,"title":"How broadly the bucket is shared: PUBLIC, RESTRICTED, or RESOURCE_VISIBILITY_UNSPECIFIED","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sensitivityScore":{"name":"sensitivityScore","type":"\n","is_mandatory":true,"title":"Sensitivity score, with keys `score` (HIGH/MEDIUM_LOW) and numeric breakdowns","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the profile: PROFILE_STATE_UNSPECIFIED, RUNNING, or DONE","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP file-store data profile","desc":"Examine the sensitivity profile of a single Cloud Storage bucket — the GCS analog of AWS Macie bucket coverage. `sensitivityScore` and `dataRiskLevel` aggregate the bucket's sensitivity; `fileStoreInfoTypeSummaries` lists the infoTypes detected across the bucket's files; `resourceVisibility` reports public/restricted access; `bucket` traverses to the underlying Cloud Storage bucket resource for owner-side queries (IAM, lifecycle, encryption).","private":true,"min_provider_version":"13.14.2","defaults":"fileStorePath sensitivityScore dataRiskLevel","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.inspectTemplate":{"id":"gcp.project.dlpService.inspectTemplate","name":"gcp.project.dlpService.inspectTemplate","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"inspectConfig":{"name":"inspectConfig","type":"\n","is_mandatory":true,"title":"Inspect configuration (info types, rules, limits)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP inspect template","desc":"Examine the configuration of a Cloud DLP inspect template. Inspect `inspectConfig` for the info types, likelihood thresholds, and content inspection rules that govern sensitive-data detection. Templates are referenced by discovery configurations and job triggers to standardize scanning parameters across the project.","private":true,"min_provider_version":"13.6.1","defaults":"name displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.jobTrigger":{"id":"gcp.project.dlpService.jobTrigger","name":"gcp.project.dlpService.jobTrigger","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"errors":{"name":"errors","type":"\u0019\n","is_mandatory":true,"title":"Errors from recent activations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"inspectJob":{"name":"inspectJob","type":"\n","is_mandatory":true,"title":"Inspect job configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Trigger status (HEALTHY, PAUSED, CANCELLED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"triggers":{"name":"triggers","type":"\u0019\n","is_mandatory":true,"title":"Trigger schedule/conditions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP job trigger","desc":"Examine a Cloud DLP job trigger — a scheduled or event-driven rule that automatically launches DLP inspect jobs. Inspect `status` for operational health (HEALTHY, PAUSED, CANCELLED), `triggers` for the schedule or event conditions that activate the job, `inspectJob` for the scan configuration, and `errors` for failures from recent activations.","private":true,"min_provider_version":"13.6.1","defaults":"name displayName status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.projectDataProfile":{"id":"gcp.project.dlpService.projectDataProfile","name":"gcp.project.dlpService.projectDataProfile","fields":{"dataRiskLevel":{"name":"dataRiskLevel","type":"\n","is_mandatory":true,"title":"Data risk level, with key `score` (HIGH/MEDIUM/LOW)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileStoreDataProfileCount":{"name":"fileStoreDataProfileCount","type":"\u0005","is_mandatory":true,"title":"Number of file-store data profiles backing this aggregate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profileLastGenerated":{"name":"profileLastGenerated","type":"\t","is_mandatory":true,"title":"Time when this profile was most recently generated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profileStatus":{"name":"profileStatus","type":"\n","is_mandatory":true,"title":"Status of the last profile-generation attempt","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID this profile describes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sensitivityScore":{"name":"sensitivityScore","type":"\n","is_mandatory":true,"title":"Sensitivity score, with keys `score` (HIGH/MEDIUM_LOW) and numeric breakdowns","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tableDataProfileCount":{"name":"tableDataProfileCount","type":"\u0005","is_mandatory":true,"title":"Number of table data profiles backing this aggregate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP project data profile","desc":"Examine the project-level sensitivity profile produced by Cloud DLP discovery. `sensitivityScore` and `dataRiskLevel` summarize the project's data risk; `tableDataProfileCount` and `fileStoreDataProfileCount` indicate how many per-resource profiles back this aggregate.","private":true,"min_provider_version":"13.14.2","defaults":"projectId sensitivityScore dataRiskLevel","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.storedInfoType":{"id":"gcp.project.dlpService.storedInfoType","name":"gcp.project.dlpService.storedInfoType","fields":{"currentVersion":{"name":"currentVersion","type":"\n","is_mandatory":true,"title":"Current version info (config, stats, state)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pendingVersions":{"name":"pendingVersions","type":"\u0019\n","is_mandatory":true,"title":"Pending versions (if being updated)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP stored info type","desc":"Examine a Cloud DLP stored info type — a reusable, pre-built dictionary or regular-expression detector that can be referenced across inspect templates and job triggers. `currentVersion` holds the active config, stats, and build state; `pendingVersions` lists versions being rebuilt when the underlying data source changes.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dlpService.tableDataProfile":{"id":"gcp.project.dlpService.tableDataProfile","name":"gcp.project.dlpService.tableDataProfile","fields":{"bigqueryTable":{"name":"bigqueryTable","type":"\u001bgcp.project.bigqueryService.table","title":"BigQuery table this profile describes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time at which the table was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataRiskLevel":{"name":"dataRiskLevel","type":"\n","is_mandatory":true,"title":"Data risk level, with key `score` (HIGH/MEDIUM/LOW)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datasetId":{"name":"datasetId","type":"\u0007","is_mandatory":true,"title":"BigQuery dataset ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datasetLocation":{"name":"datasetLocation","type":"\u0007","is_mandatory":true,"title":"BigQuery dataset location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"datasetProjectId":{"name":"datasetProjectId","type":"\u0007","is_mandatory":true,"title":"GCP project ID that owns the BigQuery dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionStatus":{"name":"encryptionStatus","type":"\u0007","is_mandatory":true,"title":"Encryption status: ENCRYPTION_GOOGLE_MANAGED or ENCRYPTION_CUSTOMER_MANAGED","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expirationTime":{"name":"expirationTime","type":"\t","is_mandatory":true,"title":"Time at which the table expires","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"failedColumnCount":{"name":"failedColumnCount","type":"\u0005","is_mandatory":true,"title":"Number of columns that failed profiling","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fullResource":{"name":"fullResource","type":"\u0007","is_mandatory":true,"title":"Full resource name of the profiled table","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastModifiedTime":{"name":"lastModifiedTime","type":"\t","is_mandatory":true,"title":"Time the table was last modified","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the profile","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"otherInfoTypes":{"name":"otherInfoTypes","type":"\u0019\n","is_mandatory":true,"title":"Other infoTypes found in the table that were not predicted, with each entry having `infoType`, `estimatedPrevalence`, and `excludedFromAnalysis`","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"predictedInfoTypes":{"name":"predictedInfoTypes","type":"\u0019\n","is_mandatory":true,"title":"InfoTypes predicted from the table's data, with each entry having `infoType` and `estimatedPrevalence`","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profileLastGenerated":{"name":"profileLastGenerated","type":"\t","is_mandatory":true,"title":"Time when this profile was most recently generated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"profileStatus":{"name":"profileStatus","type":"\n","is_mandatory":true,"title":"Status of the last profile-generation attempt","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceLabels":{"name":"resourceLabels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels applied to the table at profile-generation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceVisibility":{"name":"resourceVisibility","type":"\u0007","is_mandatory":true,"title":"How broadly the table is shared: PUBLIC, RESTRICTED, or RESOURCE_VISIBILITY_UNSPECIFIED","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rowCount":{"name":"rowCount","type":"\u0005","is_mandatory":true,"title":"Row count of the table when the profile was generated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scannedColumnCount":{"name":"scannedColumnCount","type":"\u0005","is_mandatory":true,"title":"Number of columns successfully profiled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sensitivityScore":{"name":"sensitivityScore","type":"\n","is_mandatory":true,"title":"Sensitivity score, with keys `score` (HIGH/MEDIUM_LOW) and numeric breakdowns","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the profile: PROFILE_STATE_UNSPECIFIED, RUNNING, or DONE","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tableId":{"name":"tableId","type":"\u0007","is_mandatory":true,"title":"BigQuery table ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tableSizeBytes":{"name":"tableSizeBytes","type":"\u0005","is_mandatory":true,"title":"Size of the table in bytes when the profile was generated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud DLP table data profile","desc":"Examine the sensitivity profile of a single BigQuery table. Inspect `sensitivityScore` and `dataRiskLevel` for the aggregate scores; `predictedInfoTypes` and `otherInfoTypes` for the detected infoTypes; `encryptionStatus` and `resourceVisibility` for posture; and `bigqueryTable` to traverse to the BigQuery table resource.","private":true,"min_provider_version":"13.14.2","defaults":"tableId datasetId sensitivityScore dataRiskLevel","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dnsService":{"id":"gcp.project.dnsService","name":"gcp.project.dnsService","fields":{"managedZones":{"name":"managedZones","type":"\u0019\u001bgcp.project.dnsService.managedzone","title":"Cloud DNS managed zone in project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"managedzone":{"name":"managedzone","type":"\u001bgcp.project.dnsService.managedzone","title":"Google Cloud DNS managed zone","desc":"Examine a Cloud DNS managed zone's configuration and security posture. Surfaces the `dnsName`, `visibility` (public or private), `dnssecConfig` (DNSSEC enablement and key-signing algorithm), the `cloudLoggingEnabled` flag, `privateVisibilityConfig` for VPC-scoped private zones, `nameServers`, `nameServerSet`, `labels`, and IAM policy bindings. Derived predicates `dnssecEnabled` and `dnsSecAlgorithmWeak()` flag DNSSEC posture issues. Child `recordSets()` expose the DNS records within the zone.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"policies":{"name":"policies","type":"\u0019\u001bgcp.project.dnsService.policy","title":"Cloud DNS rules in project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"policy":{"name":"policy","type":"\u001bgcp.project.dnsService.policy","title":"Google Cloud DNS policy","desc":"Examine a Cloud DNS policy applied to one or more VPC networks. Surfaces `enableInboundForwarding` (whether on-premises resolvers can send queries to Cloud DNS), `enableLogging` for DNS query audit trails, and `networkNames` / `networks()` listing the VPC networks the policy governs.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"recordset":{"name":"recordset","type":"\u001bgcp.project.dnsService.recordset","title":"Google Cloud DNS record set","desc":"Examine a Cloud DNS resource record set within a managed zone. Surfaces the record `name`, `type` (A, AAAA, CNAME, MX, TXT, NS, SOA, etc.), `ttl`, `rrdatas` (the actual record data as defined in RFC 1035 / 1034), and `signatureRrdatas` (DNSSEC signatures as defined in RFC 4034).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"responsePolicies":{"name":"responsePolicies","type":"\u0019\u001bgcp.project.dnsService.responsePolicy","title":"Cloud DNS response policies in project","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"responsePolicy":{"name":"responsePolicy","type":"\u001bgcp.project.dnsService.responsePolicy","title":"Google Cloud DNS response policy","desc":"Examine a Cloud DNS response policy that overrides DNS answers for queries made against one or more VPC networks. Because a response policy can redirect or rewrite resolved addresses, surfacing its bindings matters for security review. Surfaces the server-assigned `id`, the user-assigned `responsePolicyName`, `description`, `networkUrls` / `networks()` listing the VPC networks the policy is attached to, and `gkeClusters` naming any bound GKE clusters.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"title":"Google Cloud (GCP) Cloud DNS","desc":"Use this resource as the entry point for Cloud DNS in the project. It hosts the `managedZones` (public and private DNS zones, including their DNSSEC state and record sets) and the `policies` that govern inbound and outbound DNS resolution for the project's VPC networks.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dnsService.managedzone":{"id":"gcp.project.dnsService.managedzone","name":"gcp.project.dnsService.managedzone","fields":{"cloudLoggingEnabled":{"name":"cloudLoggingEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Cloud Logging is enabled for queries in this zone","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-friendly description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsName":{"name":"dnsName","type":"\u0007","is_mandatory":true,"title":"DNS name of this managed zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsSecAlgorithmWeak":{"name":"dnsSecAlgorithmWeak","type":"\u0004","title":"Whether DNSSEC is enabled but uses a weak signing algorithm (RSASHA1 / RSASHA1-NSEC3-SHA1)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnssecConfig":{"name":"dnssecConfig","type":"\n","is_mandatory":true,"title":"DNSSEC configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnssecDefaultKeyAlgorithms":{"name":"dnssecDefaultKeyAlgorithms","type":"\u0019\u0007","is_mandatory":true,"title":"DNSSEC signing algorithms of the zone's default key specs (e.g. rsasha256, ecdsap256sha256, rsasha1)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnssecEnabled":{"name":"dnssecEnabled","type":"\u0004","is_mandatory":true,"title":"Whether DNSSEC is enabled","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"forwardingTargets":{"name":"forwardingTargets","type":"\u0019\u0007","is_mandatory":true,"title":"IPv4 addresses of the name servers this private zone forwards outbound queries to (empty when forwarding is not configured)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings for this managed zone","min_provider_version":"13.9.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Managed zone ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-friendly name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nameServerSet":{"name":"nameServerSet","type":"\u0007","is_mandatory":true,"title":"Optionally specifies the name server set for this managed zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nameServers":{"name":"nameServers","type":"\u0019\u0007","is_mandatory":true,"title":"Delegated to these virtual name servers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"peeringNetwork":{"name":"peeringNetwork","type":"\u0007","is_mandatory":true,"title":"Fully qualified URL of the VPC network this private zone peers with for DNS resolution (empty when peering is not configured)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateVisibilityConfig":{"name":"privateVisibilityConfig","type":"\n","is_mandatory":true,"title":"Authorized VPC networks and GKE clusters for a private zone (empty for public zones)","min_provider_version":"13.9.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"recordSets":{"name":"recordSets","type":"\u0019\u001bgcp.project.dnsService.recordset","title":"Cloud DNS record set in the zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"visibility":{"name":"visibility","type":"\u0007","is_mandatory":true,"title":"Zone's visibility","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud DNS managed zone","desc":"Examine a Cloud DNS managed zone's configuration and security posture. Surfaces the `dnsName`, `visibility` (public or private), `dnssecConfig` (DNSSEC enablement and key-signing algorithm), the `cloudLoggingEnabled` flag, `privateVisibilityConfig` for VPC-scoped private zones, `nameServers`, `nameServerSet`, `labels`, and IAM policy bindings. Derived predicates `dnssecEnabled` and `dnsSecAlgorithmWeak()` flag DNSSEC posture issues. Child `recordSets()` expose the DNS records within the zone.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dnsService.policy":{"id":"gcp.project.dnsService.policy","name":"gcp.project.dnsService.policy","fields":{"alternativeNameServers":{"name":"alternativeNameServers","type":"\u0019\u0007","is_mandatory":true,"title":"IPv4 addresses of alternative name servers that all DNS queries are forwarded to (outbound forwarding targets)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-friendly description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableInboundForwarding":{"name":"enableInboundForwarding","type":"\u0004","is_mandatory":true,"title":"Whether DNS queries sent by VMs or applications over VPN connections are allowed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableLogging":{"name":"enableLogging","type":"\u0004","is_mandatory":true,"title":"Whether logging is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Managed Zone ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-friendly name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkNames":{"name":"networkNames","type":"\u0019\u0007","is_mandatory":true,"title":"List of network names specifying networks to which this policy is applied","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networks":{"name":"networks","type":"\u0019\u001bgcp.project.computeService.network","title":"List of networks to which this policy is applied","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud DNS policy","desc":"Examine a Cloud DNS policy applied to one or more VPC networks. Surfaces `enableInboundForwarding` (whether on-premises resolvers can send queries to Cloud DNS), `enableLogging` for DNS query audit trails, and `networkNames` / `networks()` listing the VPC networks the policy governs.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dnsService.recordset":{"id":"gcp.project.dnsService.recordset","name":"gcp.project.dnsService.recordset","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User-friendly name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rrdatas":{"name":"rrdatas","type":"\u0019\u0007","is_mandatory":true,"title":"Rrdatas: As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"signatureRrdatas":{"name":"signatureRrdatas","type":"\u0019\u0007","is_mandatory":true,"title":"SignatureRrdatas: As defined in RFC 4034","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ttl":{"name":"ttl","type":"\u0005","is_mandatory":true,"title":"Number of seconds that this resource record set can be cached by resolvers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"The identifier of a supported record type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud DNS record set","desc":"Examine a Cloud DNS resource record set within a managed zone. Surfaces the record `name`, `type` (A, AAAA, CNAME, MX, TXT, NS, SOA, etc.), `ttl`, `rrdatas` (the actual record data as defined in RFC 1035 / 1034), and `signatureRrdatas` (DNSSEC signatures as defined in RFC 4034).","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.dnsService.responsePolicy":{"id":"gcp.project.dnsService.responsePolicy","name":"gcp.project.dnsService.responsePolicy","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-provided description for this response policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gkeClusters":{"name":"gkeClusters","type":"\u0019\u0007","is_mandatory":true,"title":"Resource names of the GKE clusters this response policy is applied to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique server-assigned identifier for the response policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrls":{"name":"networkUrls","type":"\u0019\u0007","is_mandatory":true,"title":"Fully qualified URLs of the VPC networks this response policy is applied to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networks":{"name":"networks","type":"\u0019\u001bgcp.project.computeService.network","title":"VPC networks this response policy is applied to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"responsePolicyName":{"name":"responsePolicyName","type":"\u0007","is_mandatory":true,"title":"User-assigned name for this response policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud DNS response policy","desc":"Examine a Cloud DNS response policy that overrides DNS answers for queries made against one or more VPC networks. Because a response policy can redirect or rewrite resolved addresses, surfacing its bindings matters for security review. Surfaces the server-assigned `id`, the user-assigned `responsePolicyName`, `description`, `networkUrls` / `networks()` listing the VPC networks the policy is attached to, and `gkeClusters` naming any bound GKE clusters.","private":true,"min_provider_version":"13.18.1","defaults":"responsePolicyName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.eventarcService":{"id":"gcp.project.eventarcService","name":"gcp.project.eventarcService","fields":{"channel":{"name":"channel","type":"\u001bgcp.project.eventarcService.channel","title":"Google Cloud (GCP) Eventarc channel","desc":"Examine an Eventarc channel — its provider name, associated Pub/Sub topic, current state (PENDING, ACTIVE, INACTIVE), and CMEK crypto key name. Channels receive events from third-party or custom event sources and make them available to Eventarc triggers.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"channels":{"name":"channels","type":"\u0019\u001bgcp.project.eventarcService.channel","title":"Eventarc channels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trigger":{"name":"trigger","type":"\u001bgcp.project.eventarcService.trigger","title":"Google Cloud (GCP) Eventarc trigger","desc":"Examine an Eventarc trigger — its event filters (CloudEvents attribute matchers), destination configuration, transport configuration, associated channel, service account, event data content type, and trigger condition status. Triggers define which events are routed to which destinations such as Cloud Run, Cloud Functions, or Workflows.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"triggers":{"name":"triggers","type":"\u0019\u001bgcp.project.eventarcService.trigger","title":"Eventarc triggers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Eventarc","desc":"Use this resource as the entry point for Eventarc in the project. It hosts the `triggers` that route events to destinations and the `channels` that deliver events from third-party and custom sources.","private":true,"min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.eventarcService.channel":{"id":"gcp.project.eventarcService.channel","name":"gcp.project.eventarcService.channel","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cryptoKeyName":{"name":"cryptoKeyName","type":"\u0007","is_mandatory":true,"title":"Crypto key name for CMEK","desc":"Deprecated in favor of kmsKey().","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt events flowing through the channel at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"provider":{"name":"provider","type":"\u0007","is_mandatory":true,"title":"Provider name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsubTopic":{"name":"pubsubTopic","type":"\u0007","is_mandatory":true,"title":"Pub/Sub topic name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Channel state (PENDING, ACTIVE, INACTIVE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Eventarc channel","desc":"Examine an Eventarc channel — its provider name, associated Pub/Sub topic, current state (PENDING, ACTIVE, INACTIVE), and CMEK crypto key name. Channels receive events from third-party or custom event sources and make them available to Eventarc triggers.","private":true,"min_provider_version":"13.6.1","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.eventarcService.trigger":{"id":"gcp.project.eventarcService.trigger","name":"gcp.project.eventarcService.trigger","fields":{"channelName":{"name":"channelName","type":"\u0007","is_mandatory":true,"title":"Channel name (if using a channel)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"conditions":{"name":"conditions","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Trigger condition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destination":{"name":"destination","type":"\n","is_mandatory":true,"title":"Destination configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventDataContentType":{"name":"eventDataContentType","type":"\u0007","is_mandatory":true,"title":"Event data content type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventFilter":{"name":"eventFilter","type":"\u001bgcp.project.eventarcService.trigger.eventFilter","title":"Google Cloud (GCP) Eventarc event filter","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"eventFilters":{"name":"eventFilters","type":"\u0019\u001bgcp.project.eventarcService.trigger.eventFilter","is_mandatory":true,"title":"Event filters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u0007","is_mandatory":true,"title":"Service account email used by the trigger","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"transport":{"name":"transport","type":"\n","is_mandatory":true,"title":"Transport configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Eventarc trigger","desc":"Examine an Eventarc trigger — its event filters (CloudEvents attribute matchers), destination configuration, transport configuration, associated channel, service account, event data content type, and trigger condition status. Triggers define which events are routed to which destinations such as Cloud Run, Cloud Functions, or Workflows.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.eventarcService.trigger.eventFilter":{"id":"gcp.project.eventarcService.trigger.eventFilter","name":"gcp.project.eventarcService.trigger.eventFilter","fields":{"attribute":{"name":"attribute","type":"\u0007","is_mandatory":true,"title":"CloudEvents attribute name (e.g., type, source)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"operator":{"name":"operator","type":"\u0007","is_mandatory":true,"title":"Match operator (empty for exact, path_pattern, match-path-pattern)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"value":{"name":"value","type":"\u0007","is_mandatory":true,"title":"Attribute value to match","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Eventarc event filter","private":true,"min_provider_version":"13.6.1","defaults":"attribute value","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.filestoreService":{"id":"gcp.project.filestoreService","name":"gcp.project.filestoreService","fields":{"instance":{"name":"instance","type":"\u001bgcp.project.filestoreService.instance","title":"Google Cloud (GCP) Filestore instance","desc":"Examine a managed NFS file server: its service tier (BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ENTERPRISE, ZONAL, REGIONAL), current lifecycle state, file share configurations, network interfaces with assigned IP addresses, KMS encryption key, deletion-protection status, and zone-separation compliance flags.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.filestoreService.instance","title":"List of Filestore instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Filestore","desc":"Use this resource as the entry point for Filestore in the project. It hosts the project's `instances` — each exposing its service tier, file shares, network configuration, and capacity for managed NFS audits.","private":true,"min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.filestoreService.instance":{"id":"gcp.project.filestoreService.instance","name":"gcp.project.filestoreService.instance","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the instance was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deletionProtectionEnabled":{"name":"deletionProtectionEnabled","type":"\u0004","is_mandatory":true,"title":"Whether deletion protection is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-assigned description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileShare":{"name":"fileShare","type":"\u001bgcp.project.filestoreService.instance.fileShare","title":"Google Cloud (GCP) Filestore instance file share","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"fileShares":{"name":"fileShares","type":"\u0019\u001bgcp.project.filestoreService.instance.fileShare","is_mandatory":true,"title":"File share configurations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt the instance's file shares at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKeyName":{"name":"kmsKeyName","type":"\u0007","is_mandatory":true,"title":"KMS key name used for data encryption","desc":"Deprecated in favor of kmsKey().","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.filestoreService.instance.network","title":"Google Cloud (GCP) Filestore instance network configuration","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"networks":{"name":"networks","type":"\u0019\u001bgcp.project.filestoreService.instance.network","is_mandatory":true,"title":"Network configurations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"protocol":{"name":"protocol","type":"\u0007","is_mandatory":true,"title":"Protocol used (NFS_V3, NFS_V4_1)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies zone separation (Pzi)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies physical zone separation (Pzs)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"The current state of the instance (CREATING, READY, REPAIRING, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tier":{"name":"tier","type":"\u0007","is_mandatory":true,"title":"The service tier (BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ENTERPRISE, ZONAL, REGIONAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Filestore instance","desc":"Examine a managed NFS file server: its service tier (BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ENTERPRISE, ZONAL, REGIONAL), current lifecycle state, file share configurations, network interfaces with assigned IP addresses, KMS encryption key, deletion-protection status, and zone-separation compliance flags.","private":true,"min_provider_version":"11.6.6","defaults":"name state tier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.filestoreService.instance.fileShare":{"id":"gcp.project.filestoreService.instance.fileShare","name":"gcp.project.filestoreService.instance.fileShare","fields":{"capacityGb":{"name":"capacityGb","type":"\u0005","is_mandatory":true,"title":"File share capacity in GiB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Share name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Filestore instance file share","private":true,"min_provider_version":"11.6.6","defaults":"name capacityGb","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.filestoreService.instance.network":{"id":"gcp.project.filestoreService.instance.network","name":"gcp.project.filestoreService.instance.network","fields":{"connectMode":{"name":"connectMode","type":"\u0007","is_mandatory":true,"title":"Network connect mode (DIRECT_PEERING, PRIVATE_SERVICE_ACCESS)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipAddresses":{"name":"ipAddresses","type":"\u0019\u0007","is_mandatory":true,"title":"The assigned IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modes":{"name":"modes","type":"\u0019\u0007","is_mandatory":true,"title":"Network mode (MODE_IPV4)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"The name of the VPC network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reservedIpRange":{"name":"reservedIpRange","type":"\u0007","is_mandatory":true,"title":"The name of the reserved IP range (if any)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Filestore instance network configuration","private":true,"min_provider_version":"11.6.6","defaults":"network ipAddresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.firestoreService":{"id":"gcp.project.firestoreService","name":"gcp.project.firestoreService","fields":{"database":{"name":"database","type":"\u001bgcp.project.firestoreService.database","title":"Google Cloud (GCP) Firestore database","desc":"Examine a Firestore database's configuration and protection settings. Covers the database type (FIRESTORE_NATIVE or DATASTORE_MODE), location, concurrency mode, App Engine integration mode, point-in-time recovery enablement, delete-protection state, customer-managed KMS encryption configuration, version retention period, the earliest recoverable timestamp, resource manager tags, indexes, and backup schedules.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"databases":{"name":"databases","type":"\u0019\u001bgcp.project.firestoreService.database","title":"List of Firestore databases in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Firestore","desc":"Use this resource as the entry point for Firestore in the project. It hosts the project's `databases` — each exposing its database type (Native or Datastore mode), location, concurrency mode, point-in-time recovery setting, and delete-protection state.","private":true,"min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.firestoreService.database":{"id":"gcp.project.firestoreService.database","name":"gcp.project.firestoreService.database","fields":{"appEngineIntegrationMode":{"name":"appEngineIntegrationMode","type":"\u0007","is_mandatory":true,"title":"App Engine integration mode","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupSchedule":{"name":"backupSchedule","type":"\u001bgcp.project.firestoreService.database.backupSchedule","title":"Google Cloud (GCP) Firestore database backup schedule","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupSchedules":{"name":"backupSchedules","type":"\u0019\u001bgcp.project.firestoreService.database.backupSchedule","title":"Backup schedules","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cmekConfig":{"name":"cmekConfig","type":"\n","is_mandatory":true,"title":"Customer-managed encryption key configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"concurrencyMode":{"name":"concurrencyMode","type":"\u0007","is_mandatory":true,"title":"Concurrency control mode","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deleteProtectionState":{"name":"deleteProtectionState","type":"\u0007","is_mandatory":true,"title":"Delete protection state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"earliestVersionTime":{"name":"earliestVersionTime","type":"\t","is_mandatory":true,"title":"Earliest timestamp to which the database can be restored","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"index":{"name":"index","type":"\u001bgcp.project.firestoreService.database.index","title":"Google Cloud (GCP) Firestore database index","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"indexes":{"name":"indexes","type":"\u0019\u001bgcp.project.firestoreService.database.index","title":"Database indexes","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locationId":{"name":"locationId","type":"\u0007","is_mandatory":true,"title":"Location of the database","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the database","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pointInTimeRecoveryEnablement":{"name":"pointInTimeRecoveryEnablement","type":"\u0007","is_mandatory":true,"title":"Whether point-in-time recovery is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tags":{"name":"tags","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource Manager tag keys/values bound to this database","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of the database (FIRESTORE_NATIVE or DATASTORE_MODE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"UID of the database","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versionRetentionPeriod":{"name":"versionRetentionPeriod","type":"\u0007","is_mandatory":true,"title":"Version retention period","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Firestore database","desc":"Examine a Firestore database's configuration and protection settings. Covers the database type (FIRESTORE_NATIVE or DATASTORE_MODE), location, concurrency mode, App Engine integration mode, point-in-time recovery enablement, delete-protection state, customer-managed KMS encryption configuration, version retention period, the earliest recoverable timestamp, resource manager tags, indexes, and backup schedules.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.firestoreService.database.backupSchedule":{"id":"gcp.project.firestoreService.database.backupSchedule","name":"gcp.project.firestoreService.database.backupSchedule","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dailyRecurrence":{"name":"dailyRecurrence","type":"\n","is_mandatory":true,"title":"Daily recurrence config","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retention":{"name":"retention","type":"\u0007","is_mandatory":true,"title":"Backup retention period","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"weeklyRecurrence":{"name":"weeklyRecurrence","type":"\n","is_mandatory":true,"title":"Weekly recurrence config","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Firestore database backup schedule","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.firestoreService.database.index":{"id":"gcp.project.firestoreService.database.index","name":"gcp.project.firestoreService.database.index","fields":{"apiScope":{"name":"apiScope","type":"\u0007","is_mandatory":true,"title":"API scope (DATASTORE_MODE_API, ANY_API)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fields":{"name":"fields","type":"\u0019\n","is_mandatory":true,"title":"Index fields","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"queryScope":{"name":"queryScope","type":"\u0007","is_mandatory":true,"title":"Query scope (COLLECTION, COLLECTION_GROUP, COLLECTION_RECURSIVE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Index state (CREATING, READY, NEEDS_REPAIR)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Firestore database index","private":true,"min_provider_version":"13.6.1","defaults":"name queryScope","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeBackupService":{"id":"gcp.project.gkeBackupService","name":"gcp.project.gkeBackupService","fields":{"backupPlan":{"name":"backupPlan","type":"\u001bgcp.project.gkeBackupService.backupPlan","title":"Google Cloud (GCP) GKE Backup plan","desc":"Examine a Backup for GKE backup plan. Inspect `cluster` for the source GKE cluster being protected; `backupSchedule` for the cron-based schedule; `retentionPolicy` for how long backups are retained and whether deletion protection is active; `backupConfig` for the scope (all namespaces, selected namespaces, or selected applications); and `state` for the plan's operational lifecycle.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupPlans":{"name":"backupPlans","type":"\u0019\u001bgcp.project.gkeBackupService.backupPlan","title":"Backup plans","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"restorePlan":{"name":"restorePlan","type":"\u001bgcp.project.gkeBackupService.restorePlan","title":"Google Cloud (GCP) GKE Backup restore plan","desc":"Examine a Backup for GKE restore plan. Inspect `backupPlan` to traverse to the source backup plan; `cluster` for the target GKE cluster where backups are restored; `restoreConfig` for the namespace mapping, substitution rules, and volume data restore policies; and `state` for the plan's operational lifecycle (CLUSTER_PENDING, READY, FAILED, DELETING).","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"restorePlans":{"name":"restorePlans","type":"\u0019\u001bgcp.project.gkeBackupService.restorePlan","title":"Restore plans","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Backup for GKE","desc":"Use this resource as the entry point for Backup for GKE in the project. It hosts the `backupPlans` that schedule cluster backups and the `restorePlans` that govern how those backups are restored.","private":true,"min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeBackupService.backupPlan":{"id":"gcp.project.gkeBackupService.backupPlan","name":"gcp.project.gkeBackupService.backupPlan","fields":{"backupConfig":{"name":"backupConfig","type":"\n","is_mandatory":true,"title":"Backup configuration scope","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupSchedule":{"name":"backupSchedule","type":"\n","is_mandatory":true,"title":"Backup schedule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cluster":{"name":"cluster","type":"\u0007","is_mandatory":true,"title":"Source GKE cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deactivated":{"name":"deactivated","type":"\u0004","is_mandatory":true,"title":"Whether the plan is deactivated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"protectedPodCount":{"name":"protectedPodCount","type":"\u0005","is_mandatory":true,"title":"Protected pod count","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retentionPolicy":{"name":"retentionPolicy","type":"\n","is_mandatory":true,"title":"Retention policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State (CLUSTER_PENDING, PROVISIONING, READY, FAILED, DEACTIVATED, DELETING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stateReason":{"name":"stateReason","type":"\u0007","is_mandatory":true,"title":"State reason","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) GKE Backup plan","desc":"Examine a Backup for GKE backup plan. Inspect `cluster` for the source GKE cluster being protected; `backupSchedule` for the cron-based schedule; `retentionPolicy` for how long backups are retained and whether deletion protection is active; `backupConfig` for the scope (all namespaces, selected namespaces, or selected applications); and `state` for the plan's operational lifecycle.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeBackupService.restorePlan":{"id":"gcp.project.gkeBackupService.restorePlan","name":"gcp.project.gkeBackupService.restorePlan","fields":{"backupPlan":{"name":"backupPlan","type":"\u001bgcp.project.gkeBackupService.backupPlan","title":"Source backup plan","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupPlanName":{"name":"backupPlanName","type":"\u0007","is_mandatory":true,"title":"Source backup plan name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cluster":{"name":"cluster","type":"\u0007","is_mandatory":true,"title":"Target GKE cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"restoreConfig":{"name":"restoreConfig","type":"\n","is_mandatory":true,"title":"Restore configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State (CLUSTER_PENDING, READY, FAILED, DELETING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stateReason":{"name":"stateReason","type":"\u0007","is_mandatory":true,"title":"State reason","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"Unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) GKE Backup restore plan","desc":"Examine a Backup for GKE restore plan. Inspect `backupPlan` to traverse to the source backup plan; `cluster` for the target GKE cluster where backups are restored; `restoreConfig` for the namespace mapping, substitution rules, and volume data restore policies; and `state` for the plan's operational lifecycle (CLUSTER_PENDING, READY, FAILED, DELETING).","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService":{"id":"gcp.project.gkeService","name":"gcp.project.gkeService","fields":{"cluster":{"name":"cluster","type":"\u001bgcp.project.gkeService.cluster","title":"Google Kubernetes Engine (GKE) cluster","desc":"Examine a GKE cluster's full configuration and security posture — node pools, networking, control-plane version and release channel, workload identity, binary authorization, shielded nodes, database encryption, security posture scanning, and maintenance policy. Select a cluster by name and location, for example `gcp.project.gkeService.clusters.one(name == \"my-cluster\")`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"clusters":{"name":"clusters","type":"\u0019\u001bgcp.project.gkeService.cluster","title":"List of GKE clusters in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE)","desc":"Use this resource as the entry point for GKE in the project. It hosts the project's `clusters` — each exposing its node pools, network and control-plane configuration, workload identity, binary authorization, release channel, and security posture for Kubernetes audits.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster":{"id":"gcp.project.gkeService.cluster","name":"gcp.project.gkeService.cluster","fields":{"addonsConfig":{"name":"addonsConfig","type":"\u001bgcp.project.gkeService.cluster.addonsConfig","is_mandatory":true,"title":"Configurations for the various addons available to run in the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"anonymousAuthenticationConfig":{"name":"anonymousAuthenticationConfig","type":"\n","is_mandatory":true,"title":"Anonymous authentication configuration","desc":"Controls whether anonymous access to non-health-check endpoints is permitted. `mode` is one of `LIMITED` (anonymous access restricted to the health-check endpoints) or `ENABLED` (anonymous access fully allowed).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"autopilotEnabled":{"name":"autopilotEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Autopilot is enabled for the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"basicAuthEnabled":{"name":"basicAuthEnabled","type":"\u0004","is_mandatory":true,"title":"Whether HTTP basic authentication to the control plane is enabled","desc":"True when a static MasterAuth username is set. Basic authentication is deprecated and removed in modern GKE versions; a non-empty value is a CIS benchmark finding. Reads the deprecated MasterAuth.Username field purely for the audit signal.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"binaryAuthorization":{"name":"binaryAuthorization","type":"\n","is_mandatory":true,"title":"Legacy binary authorization configuration dict","desc":"Deprecated in favor of `binaryAuthorizationEvaluationMode`, which is the single field GKE now uses to drive Binary Authorization policy evaluation.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"binaryAuthorizationEnabled":{"name":"binaryAuthorizationEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Binary Authorization is enabled for the cluster","desc":"Deprecated in favor of `binaryAuthorizationEvaluationMode`. True when the legacy boolean is set or `evaluationMode` is anything other than `DISABLED`/`UNSPECIFIED`.","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"binaryAuthorizationEvaluationMode":{"name":"binaryAuthorizationEvaluationMode","type":"\u0007","is_mandatory":true,"title":"Binary Authorization policy evaluation mode","desc":"One of `DISABLED`, `PROJECT_SINGLETON_POLICY_ENFORCE`, or `POLICY_BINDINGS`. Replaces the legacy boolean `binaryAuthorization.enabled` flag.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clientCertificateEnabled":{"name":"clientCertificateEnabled","type":"\u0004","is_mandatory":true,"title":"Whether client certificate authentication to the control plane is enabled","desc":"True when the cluster issues a client certificate (MasterAuth client certificate config) or an output client certificate is present. Static client certificates cannot be rotated or revoked, so CIS recommends disabling this in favor of short-lived credentials.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterIpv4Cidr":{"name":"clusterIpv4Cidr","type":"\u0007","is_mandatory":true,"title":"The IP address range of the container pods in this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"conditions":{"name":"conditions","type":"\u0019\n","is_mandatory":true,"title":"Status conditions","desc":"Conditions that caused the current cluster state. Each entry has a `code`, a human-readable `message`, and a canonical `canonicalCode` (`google.rpc.Code` value). Provides more detail than the single `status` string.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"confidentialNodesConfig":{"name":"confidentialNodesConfig","type":"\n","is_mandatory":true,"title":"Configuration of Confidential Nodes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"confidentialNodesEnabled":{"name":"confidentialNodesEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Confidential Nodes (memory encryption via AMD SEV) is enabled cluster-wide","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"controlPlaneEndpointsConfig":{"name":"controlPlaneEndpointsConfig","type":"\n","is_mandatory":true,"title":"Control plane endpoints configuration","desc":"Examine the modern, structured access-control configuration for the cluster's control plane — both DNS and IP endpoints. The `ipEndpointsConfig` sub-dict exposes the authorized-networks list, whether the public IP endpoint is enabled, and whether private endpoint global access is enabled. The `dnsEndpointConfig` sub-dict exposes the managed DNS endpoint URL and whether it is allowed. Replaces the legacy `masterAuthorizedNetworksConfig` and the access-related fields of `privateClusterConfig`.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"controlPlaneLoggingComponents":{"name":"controlPlaneLoggingComponents","type":"\u0019\u0007","is_mandatory":true,"title":"Logging components enabled on the control plane","desc":"The members of `loggingConfig.componentConfig.enableComponents` — `SYSTEM_COMPONENTS`, `WORKLOADS`, `APISERVER`, `SCHEDULER`, and `CONTROLLER_MANAGER`. An empty list means cluster logging is disabled.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"controlPlaneMonitoringComponents":{"name":"controlPlaneMonitoringComponents","type":"\u0019\u0007","is_mandatory":true,"title":"Monitoring components enabled on the control plane","desc":"The members of `monitoringConfig.componentConfig.enableComponents` — `SYSTEM_COMPONENTS`, `APISERVER`, `SCHEDULER`, `CONTROLLER_MANAGER`, `STORAGE`, `HPA`, `POD`, `DAEMONSET`, `DEPLOYMENT`, `STATEFULSET`, `CADVISOR`, `KUBELET`, `DCGM`, and `JOBSET`. An empty list means cluster monitoring is disabled.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"controlPlanePublicEndpointEnabled":{"name":"controlPlanePublicEndpointEnabled","type":"\u0004","is_mandatory":true,"title":"Whether the control plane is reachable through a public IP endpoint","desc":"True when the modern `controlPlaneEndpointsConfig.ipEndpointsConfig` permits public access, or when the legacy `privateClusterConfig` did not enable a private endpoint. A `false` result means the API server is only reachable over private networking.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"costManagementConfig":{"name":"costManagementConfig","type":"\n","is_mandatory":true,"title":"Configuration for the fine-grained cost management feature","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"currentMasterVersion":{"name":"currentMasterVersion","type":"\u0007","is_mandatory":true,"title":"The current software version of the master endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"currentNodeCount":{"name":"currentNodeCount","type":"\u0005","is_mandatory":true,"title":"The number of nodes currently in the cluster","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseEncryption":{"name":"databaseEncryption","type":"\n","is_mandatory":true,"title":"Etcd encryption configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseEncryptionKey":{"name":"databaseEncryptionKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Cloud KMS key used for etcd encryption","min_provider_version":"13.2.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseEncryptionState":{"name":"databaseEncryptionState","type":"\u0007","is_mandatory":true,"title":"Etcd encryption state (ENCRYPTED, DECRYPTED)","min_provider_version":"13.2.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional description for the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableKubernetesAlpha":{"name":"enableKubernetesAlpha","type":"\u0004","is_mandatory":true,"title":"Whether Kubernetes alpha features are enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableTpu":{"name":"enableTpu","type":"\u0004","is_mandatory":true,"title":"Whether Cloud TPU integration is enabled","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabledK8sBetaApis":{"name":"enabledK8sBetaApis","type":"\u0019\u0007","is_mandatory":true,"title":"Enabled Kubernetes beta APIs","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpoint":{"name":"endpoint","type":"\u0007","is_mandatory":true,"title":"The IP address of the cluster's master endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic locking","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expirationTime":{"name":"expirationTime","type":"\t","is_mandatory":true,"title":"The time the cluster will be automatically deleted in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fleet":{"name":"fleet","type":"\n","is_mandatory":true,"title":"Fleet configuration","desc":"Fleet membership information for the cluster — `project` (the fleet host project), `membership` (the full fleet membership resource name), and `preRegistered` (whether the cluster was registered through the fleet API).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier for the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"identityServiceConfig":{"name":"identityServiceConfig","type":"\n","is_mandatory":true,"title":"Configuration for Identity Service component","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"initialClusterVersion":{"name":"initialClusterVersion","type":"\u0007","is_mandatory":true,"title":"The initial Kubernetes version for this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"initialNodeCount":{"name":"initialNodeCount","type":"\u0005","is_mandatory":true,"title":"The initial number of nodes for the cluster","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipAllocationPolicy":{"name":"ipAllocationPolicy","type":"\u001bgcp.project.gkeService.cluster.ipAllocationPolicy","is_mandatory":true,"title":"Configuration for cluster IP allocation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"legacyAbac":{"name":"legacyAbac","type":"\n","is_mandatory":true,"title":"Legacy ABAC authorization configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"legacyAbacEnabled":{"name":"legacyAbacEnabled","type":"\u0004","is_mandatory":true,"title":"Whether the legacy ABAC authorizer is enabled on the cluster","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Name of the Google Compute Engine zone/region in which the cluster exists","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locations":{"name":"locations","type":"\u0019\u0007","is_mandatory":true,"title":"The list of Google Compute Engine zones in which the cluster's nodes should be located","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingConfig":{"name":"loggingConfig","type":"\n","is_mandatory":true,"title":"Logging configuration","desc":"Examine which logging components are enabled for the cluster. The `componentConfig.enableComponents` list contains members of `SYSTEM_COMPONENTS`, `WORKLOADS`, `APISERVER`, `SCHEDULER`, and `CONTROLLER_MANAGER`. Replaces the legacy `loggingService` string.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingEnabled":{"name":"loggingEnabled","type":"\u0004","title":"Whether cluster logging is enabled (loggingService is set and not \"none\")","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingService":{"name":"loggingService","type":"\u0007","is_mandatory":true,"title":"Legacy logging service identifier","desc":"Deprecated in favor of `loggingConfig`, which captures the per-component enable list (SYSTEM_COMPONENTS, WORKLOADS, APISERVER, SCHEDULER, CONTROLLER_MANAGER) used by modern GKE.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"maintenancePolicy":{"name":"maintenancePolicy","type":"\u001bgcp.project.gkeService.cluster.maintenancePolicy","is_mandatory":true,"title":"Maintenance policy for the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"masterAuth":{"name":"masterAuth","type":"\n","is_mandatory":true,"title":"Authentication information for accessing the master endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"masterAuthorizedNetworksAllowed":{"name":"masterAuthorizedNetworksAllowed","type":"\u0004","is_mandatory":true,"title":"Whether master authorized networks restricts control plane access","desc":"True when the master authorized networks allowlist is enforced (modern or legacy). When false, the control plane is reachable from any source permitted by the endpoint configuration.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"masterAuthorizedNetworksCidrs":{"name":"masterAuthorizedNetworksCidrs","type":"\u0019\u0007","is_mandatory":true,"title":"CIDR blocks permitted to reach the control plane","desc":"The source ranges from the master authorized networks allowlist, read from the modern `controlPlaneEndpointsConfig.ipEndpointsConfig` authorized-networks config when present, otherwise from the legacy `masterAuthorizedNetworksConfig`. An empty list with `masterAuthorizedNetworksAllowed` enabled means no external CIDR can reach the control plane.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"masterAuthorizedNetworksConfig":{"name":"masterAuthorizedNetworksConfig","type":"\n","is_mandatory":true,"title":"Legacy master authorized networks configuration","desc":"Deprecated in favor of `controlPlaneEndpointsConfig.ipEndpointsConfig.authorizedNetworksConfig`, which is the modern home for restricting control plane access by source CIDR.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"masterAuthorizedNetworksEnabled":{"name":"masterAuthorizedNetworksEnabled","type":"\u0004","is_mandatory":true,"title":"Whether master authorized networks is enabled","desc":"Deprecated in favor of `controlPlaneEndpointsConfig.ipEndpointsConfig.authorizedNetworksConfig.enabled`.","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"masterGlobalAccessEnabled":{"name":"masterGlobalAccessEnabled","type":"\u0004","is_mandatory":true,"title":"Whether the cluster's private control plane is reachable from any region","desc":"Deprecated in favor of `controlPlaneEndpointsConfig.ipEndpointsConfig.enableGlobalAccess`.","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"meshCertificates":{"name":"meshCertificates","type":"\n","is_mandatory":true,"title":"Service mesh certificate configuration","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"monitoringConfig":{"name":"monitoringConfig","type":"\n","is_mandatory":true,"title":"Monitoring configuration","desc":"Examine which monitoring components are enabled for the cluster plus the managed Prometheus configuration. The `componentConfig.enableComponents` list contains members of `SYSTEM_COMPONENTS`, `APISERVER`, `SCHEDULER`, `CONTROLLER_MANAGER`, `STORAGE`, `HPA`, `POD`, `DAEMONSET`, `DEPLOYMENT`, `STATEFULSET`, `CADVISOR`, `KUBELET`, `DCGM`, and `JOBSET`. Replaces the legacy `monitoringService` string.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"monitoringEnabled":{"name":"monitoringEnabled","type":"\u0004","title":"Whether cluster monitoring is enabled (monitoringService is set and not \"none\")","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"monitoringService":{"name":"monitoringService","type":"\u0007","is_mandatory":true,"title":"Legacy monitoring service identifier","desc":"Deprecated in favor of `monitoringConfig`, which captures the per-component enable list plus the managed Prometheus configuration used by modern GKE.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"The name of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"The name of the Google Compute Engine network to which the cluster is connected","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkConfig":{"name":"networkConfig","type":"\u001bgcp.project.gkeService.cluster.networkConfig","is_mandatory":true,"title":"Configuration for cluster networking","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkPolicy":{"name":"networkPolicy","type":"\u001bgcp.project.gkeService.cluster.networkPolicy","title":"Network policy configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkPolicyConfig":{"name":"networkPolicyConfig","type":"\n","is_mandatory":true,"title":"Raw network policy config dict","desc":"Deprecated in favor of `networkPolicy`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"nodeIpv4CidrSize":{"name":"nodeIpv4CidrSize","type":"\u0005","is_mandatory":true,"title":"The size of the address space on each node for hosting pods","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodePools":{"name":"nodePools","type":"\u0019\u001bgcp.project.gkeService.cluster.nodepool","is_mandatory":true,"title":"The list of node pools for the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodepool":{"name":"nodepool","type":"\u001bgcp.project.gkeService.cluster.nodepool","title":"Google Kubernetes Engine (GKE) cluster node pool","desc":"Examine a node pool's VM configuration, autoscaling bounds, auto-upgrade and auto-repair settings, Kubernetes version, pod CIDR size, upgrade strategy, and the managed instance groups that back it. Each node pool contains a `config` sub-resource covering machine type, disk, service account, image type, shielded-instance settings, and workload metadata mode.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"notificationConfig":{"name":"notificationConfig","type":"\u001bgcp.project.gkeService.cluster.notificationConfig","is_mandatory":true,"title":"Cluster notification configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateClusterConfig":{"name":"privateClusterConfig","type":"\n","is_mandatory":true,"title":"Private cluster configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateEndpointEnabled":{"name":"privateEndpointEnabled","type":"\u0004","is_mandatory":true,"title":"Whether the cluster's control plane endpoint is private","desc":"Deprecated in favor of `controlPlaneEndpointsConfig.ipEndpointsConfig.enablePublicEndpoint` (false means the public IP endpoint is disabled).","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"privateNodesEnabled":{"name":"privateNodesEnabled","type":"\u0004","is_mandatory":true,"title":"Whether nodes have only private IPs","desc":"Deprecated in favor of `controlPlaneEndpointsConfig.ipEndpointsConfig.enablePublicEndpoint` (which captures the modern equivalent inverted) and the broader private-node configuration on the cluster's node pool networking.","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rbacBindingConfig":{"name":"rbacBindingConfig","type":"\n","is_mandatory":true,"title":"RBAC binding configuration","desc":"Settings that govern which ClusterRoleBinding/RoleBinding subjects are permitted. `enableInsecureBindingSystemUnauthenticated` allows bindings to `system:anonymous` or `system:unauthenticated`; `enableInsecureBindingSystemAuthenticated` allows bindings to `system:authenticated`. Both default to disallowed.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"releaseChannel":{"name":"releaseChannel","type":"\u0007","is_mandatory":true,"title":"The release channel that the cluster is subscribed to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"releaseChannelManaged":{"name":"releaseChannelManaged","type":"\u0004","title":"Whether the cluster is subscribed to a Google-managed release channel","desc":"True when the channel is rapid, regular, or stable. False for unspecified, which means upgrades are manual.","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceLabels":{"name":"resourceLabels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"The resource labels for the cluster to use to annotate any related Google Compute Engine resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the cluster satisfies Physical Zone Isolation requirements","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the cluster satisfies Physical Zone Separation requirements","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secretManagerConfig":{"name":"secretManagerConfig","type":"\n","is_mandatory":true,"title":"Secret Manager configuration","desc":"Configuration for the Secret Manager CSI driver — exposes whether the driver is `enabled` and the optional `rotationConfig` (enable flag plus rotation interval) used to refresh synced secrets.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityPostureConfig":{"name":"securityPostureConfig","type":"\u001bgcp.project.gkeService.cluster.securityPostureConfig","is_mandatory":true,"title":"Security posture configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"servicesIpv4Cidr":{"name":"servicesIpv4Cidr","type":"\u0007","is_mandatory":true,"title":"The IP address range of the Kubernetes services","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shieldedNodesConfig":{"name":"shieldedNodesConfig","type":"\n","is_mandatory":true,"title":"Configuration for Shielded Nodes feature","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shieldedNodesEnabled":{"name":"shieldedNodesEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Shielded Nodes is enabled cluster-wide","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"The current status of this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u0007","is_mandatory":true,"title":"The name of the Google Compute Engine subnetwork to which the cluster is connected","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tpuIpv4CidrBlock":{"name":"tpuIpv4CidrBlock","type":"\u0007","is_mandatory":true,"title":"The IP address range of the Cloud TPUs","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userManagedKeysConfig":{"name":"userManagedKeysConfig","type":"\n","is_mandatory":true,"title":"User-managed keys configuration","desc":"Customer-managed encryption-key (CMEK) references for cluster control plane storage and certificate authorities — cluster CA, etcd API CA, etcd peer CA, aggregation CA, service-account signing/verification keys, the control-plane disk encryption key, and the GKE-ops etcd backup encryption key.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workloadIdentityConfig":{"name":"workloadIdentityConfig","type":"\n","is_mandatory":true,"title":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workloadIdentityEnabled":{"name":"workloadIdentityEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Workload Identity is enabled (workloadPool is set)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) cluster","desc":"Examine a GKE cluster's full configuration and security posture — node pools, networking, control-plane version and release channel, workload identity, binary authorization, shielded nodes, database encryption, security posture scanning, and maintenance policy. Select a cluster by name and location, for example `gcp.project.gkeService.clusters.one(name == \"my-cluster\")`.","private":true,"min_provider_version":"9.0.0","defaults":"name description location status currentMasterVersion","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.addonsConfig":{"id":"gcp.project.gkeService.cluster.addonsConfig","name":"gcp.project.gkeService.cluster.addonsConfig","fields":{"cloudRunConfig":{"name":"cloudRunConfig","type":"\n","is_mandatory":true,"title":"Configuration for the Cloud Run addon","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"configConnectorConfig":{"name":"configConnectorConfig","type":"\n","is_mandatory":true,"title":"Configuration for the ConfigConnector addon","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsCacheConfig":{"name":"dnsCacheConfig","type":"\n","is_mandatory":true,"title":"Configuration for NodeLocalDNS, a DNS cache running on cluster nodes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcePersistentDiskCsiDriverConfig":{"name":"gcePersistentDiskCsiDriverConfig","type":"\n","is_mandatory":true,"title":"Configuration for the Compute Engine Persistent Disk CSI driver","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcpFilestoreCsiDriverConfig":{"name":"gcpFilestoreCsiDriverConfig","type":"\n","is_mandatory":true,"title":"Configuration for the GCP Filestore CSI driver","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcsFuseCsiDriverConfig":{"name":"gcsFuseCsiDriverConfig","type":"\n","is_mandatory":true,"title":"Configuration for the Cloud Storage Fuse CSI driver","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gkeBackupAgentConfig":{"name":"gkeBackupAgentConfig","type":"\n","is_mandatory":true,"title":"Configuration for the backup for GKE agent addon","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"horizontalPodAutoscaling":{"name":"horizontalPodAutoscaling","type":"\n","is_mandatory":true,"title":"Configuration for the horizontal pod autoscaling feature","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"httpLoadBalancing":{"name":"httpLoadBalancing","type":"\n","is_mandatory":true,"title":"Configuration for the HTTP (L7) load balancing controller addon","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kubernetesDashboard":{"name":"kubernetesDashboard","type":"\n","is_mandatory":true,"title":"Configuration for the Kubernetes Dashboard","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkPolicyConfig":{"name":"networkPolicyConfig","type":"\n","is_mandatory":true,"title":"Configuration for NetworkPolicy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"statefulHaConfig":{"name":"statefulHaConfig","type":"\n","is_mandatory":true,"title":"Configuration for the StatefulHA add-on.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) cluster addons config","private":true,"min_provider_version":"9.0.0","defaults":"httpLoadBalancing horizontalPodAutoscaling kubernetesDashboard networkPolicyConfig cloudRunConfig dnsCacheConfig configConnectorConfig gcePersistentDiskCsiDriverConfig gcpFilestoreCsiDriverConfig gkeBackupAgentConfig gcsFuseCsiDriverConfig statefulHaConfig","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.ipAllocationPolicy":{"id":"gcp.project.gkeService.cluster.ipAllocationPolicy","name":"gcp.project.gkeService.cluster.ipAllocationPolicy","fields":{"clusterIpv4CidrBlock":{"name":"clusterIpv4CidrBlock","type":"\u0007","is_mandatory":true,"title":"IP address range for the cluster pod IPs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterSecondaryRangeName":{"name":"clusterSecondaryRangeName","type":"\u0007","is_mandatory":true,"title":"Name of the secondary range to be used for the cluster CIDR block","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createSubnetwork":{"name":"createSubnetwork","type":"\u0004","is_mandatory":true,"title":"Whether a new subnetwork is created automatically for the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipv6AccessType":{"name":"ipv6AccessType","type":"\u0007","is_mandatory":true,"title":"IPv6 access type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeIpv4CidrBlock":{"name":"nodeIpv4CidrBlock","type":"\u0007","is_mandatory":true,"title":"IP address range of the instance IPs in this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"servicesIpv4CidrBlock":{"name":"servicesIpv4CidrBlock","type":"\u0007","is_mandatory":true,"title":"IP address range of the services IPs in this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"servicesSecondaryRangeName":{"name":"servicesSecondaryRangeName","type":"\u0007","is_mandatory":true,"title":"Name of the secondary range to be used for the services CIDR block","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stackType":{"name":"stackType","type":"\u0007","is_mandatory":true,"title":"IP stack type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetworkName":{"name":"subnetworkName","type":"\u0007","is_mandatory":true,"title":"Custom subnetwork name to be used if createSubnetwork is true","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tpuIpv4CidrBlock":{"name":"tpuIpv4CidrBlock","type":"\u0007","is_mandatory":true,"title":"IP address range of the Cloud TPUs in this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"useIpAliases":{"name":"useIpAliases","type":"\u0004","is_mandatory":true,"title":"Whether alias IPs are used for pod IPs in the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"useRoutes":{"name":"useRoutes","type":"\u0004","is_mandatory":true,"title":"Whether routes will be used for pod IPs in this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) cluster IP allocation policy","private":true,"min_provider_version":"9.0.0","defaults":"stackType clusterIpv4CidrBlock servicesIpv4CidrBlock","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.maintenancePolicy":{"id":"gcp.project.gkeService.cluster.maintenancePolicy","name":"gcp.project.gkeService.cluster.maintenancePolicy","fields":{"dailyMaintenanceWindowDuration":{"name":"dailyMaintenanceWindowDuration","type":"\u0007","is_mandatory":true,"title":"Daily maintenance window duration (PTnHnMnS format)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dailyMaintenanceWindowStartTime":{"name":"dailyMaintenanceWindowStartTime","type":"\u0007","is_mandatory":true,"title":"Daily maintenance window start time (HH:MM format, GMT)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceExclusions":{"name":"maintenanceExclusions","type":"\n","is_mandatory":true,"title":"Maintenance exclusions (name -\u003e time window dict)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"recurringWindowEndTime":{"name":"recurringWindowEndTime","type":"\t","is_mandatory":true,"title":"Recurring maintenance window end time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"recurringWindowRecurrence":{"name":"recurringWindowRecurrence","type":"\u0007","is_mandatory":true,"title":"Recurring maintenance window recurrence (RRULE format)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"recurringWindowStartTime":{"name":"recurringWindowStartTime","type":"\t","is_mandatory":true,"title":"Recurring maintenance window start time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceVersion":{"name":"resourceVersion","type":"\u0007","is_mandatory":true,"title":"Resource version for optimistic locking","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) GKE cluster maintenance policy","private":true,"min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.networkConfig":{"id":"gcp.project.gkeService.cluster.networkConfig","name":"gcp.project.gkeService.cluster.networkConfig","fields":{"datapathProvider":{"name":"datapathProvider","type":"\u0007","is_mandatory":true,"title":"Desired datapath provider for this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultSnatStatus":{"name":"defaultSnatStatus","type":"\n","is_mandatory":true,"title":"Whether the cluster disables default in-node sNAT rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsConfig":{"name":"dnsConfig","type":"\n","is_mandatory":true,"title":"Cluster DNS configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableCiliumClusterwideNetworkPolicy":{"name":"enableCiliumClusterwideNetworkPolicy","type":"\u0004","is_mandatory":true,"title":"Whether CiliumClusterwideNetworkPolicy is enabled on this cluster.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableFqdnNetworkPolicy":{"name":"enableFqdnNetworkPolicy","type":"\u0004","is_mandatory":true,"title":"Whether FQDN Network Policy is enabled on this cluster.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableIntraNodeVisibility":{"name":"enableIntraNodeVisibility","type":"\u0004","is_mandatory":true,"title":"Whether intra-node visibility is enabled for this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableL4IlbSubsetting":{"name":"enableL4IlbSubsetting","type":"\u0004","is_mandatory":true,"title":"Whether L4ILB subsetting is enabled for this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableMultiNetworking":{"name":"enableMultiNetworking","type":"\u0004","is_mandatory":true,"title":"Whether multi-networking is enabled for this cluster.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network to which the cluster is connected","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkPath":{"name":"networkPath","type":"\u0007","is_mandatory":true,"title":"Relative path of the network to which the cluster is connected","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateIpv6GoogleAccess":{"name":"privateIpv6GoogleAccess","type":"\u0007","is_mandatory":true,"title":"Desired state of IPv6 connectivity to Google Services","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceExternalIpsConfig":{"name":"serviceExternalIpsConfig","type":"\n","is_mandatory":true,"title":"Configuration specifying whether services with externalIPs field are blocked","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u001bgcp.project.computeService.subnetwork","title":"Subnetwork to which the cluster is connected","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetworkPath":{"name":"subnetworkPath","type":"\u0007","is_mandatory":true,"title":"Relative path of the subnetwork to which the cluster is connected","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) cluster network config","desc":"Examine the VPC network and subnetwork the cluster is attached to, along with datapath provider, intra-node visibility, L4 internal load-balancer subsetting, IPv6 access settings, DNS configuration, and restrictions on services with external IPs.","private":true,"min_provider_version":"9.0.0","defaults":"networkPath","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.networkPolicy":{"id":"gcp.project.gkeService.cluster.networkPolicy","name":"gcp.project.gkeService.cluster.networkPolicy","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether network policy is enabled on the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"provider":{"name":"provider","type":"\u0007","is_mandatory":true,"title":"Network policy provider (CALICO)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) cluster network policy configuration","desc":"Examine whether a Kubernetes network policy provider (such as Calico) is enabled on the cluster. An `enabled: false` result means pod-to-pod traffic is unrestricted by Kubernetes NetworkPolicy objects — a common CIS benchmark finding.","private":true,"min_provider_version":"13.6.1","defaults":"enabled provider","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool":{"id":"gcp.project.gkeService.cluster.nodepool","name":"gcp.project.gkeService.cluster.nodepool","fields":{"autoRepair":{"name":"autoRepair","type":"\u0004","is_mandatory":true,"title":"Whether nodes are automatically repaired when unhealthy","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"autoUpgrade":{"name":"autoUpgrade","type":"\u0004","is_mandatory":true,"title":"Whether nodes are automatically upgraded to the cluster master version","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"autoscaling":{"name":"autoscaling","type":"\u001bgcp.project.gkeService.cluster.nodepool.autoscaling","is_mandatory":true,"title":"Autoscaler configuration for this NodePool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"config":{"name":"config","type":"\u001bgcp.project.gkeService.cluster.nodepool.config","is_mandatory":true,"title":"The node configuration of the pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic locking","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"initialNodeCount":{"name":"initialNodeCount","type":"\u0005","is_mandatory":true,"title":"The initial node count for the pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceGroupManagers":{"name":"instanceGroupManagers","type":"\u0019\u001bgcp.project.computeService.instanceGroupManager","title":"The managed instance group managers associated with this node pool","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceGroupUrls":{"name":"instanceGroupUrls","type":"\u0019\u0007","is_mandatory":true,"title":"The resource URLs of the managed instance groups associated with this node pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locations":{"name":"locations","type":"\u0019\u0007","is_mandatory":true,"title":"The list of Google Compute Engine zones in which the NodePool's nodes should be located","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"management":{"name":"management","type":"\n","is_mandatory":true,"title":"Node management configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"The name of the node pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkConfig":{"name":"networkConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.networkConfig","is_mandatory":true,"title":"Networking configuration for this node pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"podIpv4CidrSize":{"name":"podIpv4CidrSize","type":"\u0005","is_mandatory":true,"title":"The pod CIDR block size per node in this node pool","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"The current status of this node pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"statusMessage":{"name":"statusMessage","type":"\u0007","is_mandatory":true,"title":"Additional information about the current status of this node pool","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"upgradeSettings":{"name":"upgradeSettings","type":"\u001bgcp.project.gkeService.cluster.nodepool.upgradeSettings","is_mandatory":true,"title":"Upgrade settings for the node pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"The Kubernetes version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) cluster node pool","desc":"Examine a node pool's VM configuration, autoscaling bounds, auto-upgrade and auto-repair settings, Kubernetes version, pod CIDR size, upgrade strategy, and the managed instance groups that back it. Each node pool contains a `config` sub-resource covering machine type, disk, service account, image type, shielded-instance settings, and workload metadata mode.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.autoscaling":{"id":"gcp.project.gkeService.cluster.nodepool.autoscaling","name":"gcp.project.gkeService.cluster.nodepool.autoscaling","fields":{"autoprovisioned":{"name":"autoprovisioned","type":"\u0004","is_mandatory":true,"title":"Can this node pool be deleted automatically.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Is autoscaling enabled for this node pool.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxNodeCount":{"name":"maxNodeCount","type":"\u0005","is_mandatory":true,"title":"Maximum number of nodes for one location in the node pool","desc":"Must be \u003e= min_node_count. There has to be enough quota to scale up the cluster.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minNodeCount":{"name":"minNodeCount","type":"\u0005","is_mandatory":true,"title":"Minimum number of nodes for one location in the node pool","desc":"Must be greater than or equal to 0 and less than or equal to max_node_count.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalMaxNodeCount":{"name":"totalMaxNodeCount","type":"\u0005","is_mandatory":true,"title":"Maximum number of nodes in the node pool","desc":"Must be greater than or equal to total_min_node_count. There has to be enough quota to scale up the cluster. The total_*_node_count fields are mutually exclusive with the *_node_count fields.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalMinNodeCount":{"name":"totalMinNodeCount","type":"\u0005","is_mandatory":true,"title":"Minimum number of nodes in the node pool","desc":"Must be greater than or equal to 0 and less than or equal to total_max_node_count. The total_*_node_count fields are mutually exclusive with the *_node_count fields.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool autoscaling configuration","desc":"Examine whether autoscaling is enabled on a node pool and the minimum and maximum node count bounds — both per-location and total across all locations. The `autoprovisioned` flag indicates the pool was created by Node Auto-Provisioning rather than configured directly.","private":true,"min_provider_version":"11.0.82","defaults":"enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config":{"id":"gcp.project.gkeService.cluster.nodepool.config","name":"gcp.project.gkeService.cluster.nodepool.config","fields":{"accelerator":{"name":"accelerator","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.accelerator","title":"Google Kubernetes Engine (GKE) node pool hardware accelerators configuration","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"accelerators":{"name":"accelerators","type":"\u0019\u001bgcp.project.gkeService.cluster.nodepool.config.accelerator","is_mandatory":true,"title":"A list of hardware accelerators to attach to each node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"advancedMachineFeatures":{"name":"advancedMachineFeatures","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.advancedMachineFeatures","is_mandatory":true,"title":"Advanced features for the Compute Engine VM","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"bootDiskKmsKey":{"name":"bootDiskKmsKey","type":"\u0007","is_mandatory":true,"title":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"confidentialNodes":{"name":"confidentialNodes","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.confidentialNodes","is_mandatory":true,"title":"Confidential nodes configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskSizeGb":{"name":"diskSizeGb","type":"\u0005","is_mandatory":true,"title":"Size of the disk attached to each node, specified in GB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskType":{"name":"diskType","type":"\u0007","is_mandatory":true,"title":"Type of the disk attached to each node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcfsConfig":{"name":"gcfsConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.gcfsConfig","is_mandatory":true,"title":"Google Container File System (image streaming) configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcfsEnabled":{"name":"gcfsEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Google Container File System (image streaming) is enabled for nodes in this pool","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gpuDirectConfig":{"name":"gpuDirectConfig","type":"\n","is_mandatory":true,"title":"GPU Direct configuration","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gvisorSandbox":{"name":"gvisorSandbox","type":"\u0004","is_mandatory":true,"title":"Whether the gVisor sandbox runtime is enabled for nodes in this pool","desc":"True when the sandbox config type is GVISOR. gVisor provides an extra kernel-isolation boundary between containers and the host.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gvnicConfig":{"name":"gvnicConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.gvnicConfig","is_mandatory":true,"title":"gVNIC configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasFullCloudPlatformScope":{"name":"hasFullCloudPlatformScope","type":"\u0004","title":"Whether the node pool's service account is granted the broad cloud-platform OAuth scope","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"imageType":{"name":"imageType","type":"\u0007","is_mandatory":true,"title":"The image type to use for this node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kubeletConfig":{"name":"kubeletConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.kubeletConfig","is_mandatory":true,"title":"Node kubelet configs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"The map of Kubernetes labels to be applied to each node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"linuxNodeConfig":{"name":"linuxNodeConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.linuxNodeConfig","is_mandatory":true,"title":"Parameters that can be configured on Linux nodes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"localSsdCount":{"name":"localSsdCount","type":"\u0005","is_mandatory":true,"title":"The number of local SSD disks to be attached to the node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"localSsdEncryptionMode":{"name":"localSsdEncryptionMode","type":"\u0007","is_mandatory":true,"title":"Encryption mode for node Local SSDs (STANDARD_ENCRYPTION uses Google-managed keys; EPHEMERAL_KEY_ENCRYPTION uses per-boot ephemeral keys)","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineType":{"name":"machineType","type":"\u0007","is_mandatory":true,"title":"The name of a Google Compute Engine machine type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadata":{"name":"metadata","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"The metadata key/value pairs assigned to instances in the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minCpuPlatform":{"name":"minCpuPlatform","type":"\u0007","is_mandatory":true,"title":"Minimum CPU platform to be used by this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeTaint":{"name":"nodeTaint","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.nodeTaint","title":"Google Kubernetes Engine (GKE) Kubernetes node taint","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"oauthScopes":{"name":"oauthScopes","type":"\u0019\u0007","is_mandatory":true,"title":"The set of Google API scopes to be made available on all of the node VMs under the \"default\" service account","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"preemptible":{"name":"preemptible","type":"\u0004","is_mandatory":true,"title":"Whether the nodes are created as preemptible VM instances.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sandboxConfig":{"name":"sandboxConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.sandboxConfig","is_mandatory":true,"title":"Sandbox configuration for this node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"Google Cloud Platform Service Account to be used by the node VMs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmail":{"name":"serviceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Email of the Google Cloud Platform Service Account to be used by the node VMs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shieldedInstanceConfig":{"name":"shieldedInstanceConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.shieldedInstanceConfig","is_mandatory":true,"title":"Shielded instance configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"spot":{"name":"spot","type":"\u0004","is_mandatory":true,"title":"Whether Spot VM is enabled (a rebrand of the existing preemptible flag)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"The list of instance tags applied to all nodes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"taints":{"name":"taints","type":"\u0019\u001bgcp.project.gkeService.cluster.nodepool.config.nodeTaint","is_mandatory":true,"title":"List of Kubernetes taints to be applied to each node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"usesDefaultServiceAccount":{"name":"usesDefaultServiceAccount","type":"\u0004","title":"Whether the node pool runs as the default Compute Engine service account (\u003cprojectNumber\u003e-compute@developer.gserviceaccount.com or \"default\")","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"windowsNodeConfig":{"name":"windowsNodeConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.windowsNodeConfig","is_mandatory":true,"title":"Parameters that can be configured on Windows nodes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workloadMetadataMode":{"name":"workloadMetadataMode","type":"\u0007","is_mandatory":true,"title":"The workload metadata mode for this node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool configuration","desc":"Examine the per-node VM settings for a node pool — machine type, disk size and type, service account (and whether it is the default Compute Engine account or carries the broad cloud-platform OAuth scope), image type, workload metadata mode, Kubernetes labels and taints, shielded instance settings, sandbox type (gVisor), confidential nodes, and accelerator configuration. This resource is the primary surface for CIS GKE node-security benchmarks.","private":true,"min_provider_version":"9.0.0","defaults":"machineType diskSizeGb","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.accelerator":{"id":"gcp.project.gkeService.cluster.nodepool.config.accelerator","name":"gcp.project.gkeService.cluster.nodepool.config.accelerator","fields":{"count":{"name":"count","type":"\u0005","is_mandatory":true,"title":"The number of the accelerator cards exposed to an instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gpuPartitionSize":{"name":"gpuPartitionSize","type":"\u0007","is_mandatory":true,"title":"Size of partitions to create on the GPU","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gpuSharingConfig":{"name":"gpuSharingConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.config.accelerator.gpuSharingConfig","is_mandatory":true,"title":"The configuration for GPU sharing","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"The accelerator type resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool hardware accelerators configuration","private":true,"min_provider_version":"9.0.0","defaults":"type count","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.accelerator.gpuSharingConfig":{"id":"gcp.project.gkeService.cluster.nodepool.config.accelerator.gpuSharingConfig","name":"gcp.project.gkeService.cluster.nodepool.config.accelerator.gpuSharingConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxSharedClientsPerGpu":{"name":"maxSharedClientsPerGpu","type":"\u0005","is_mandatory":true,"title":"The max number of containers that can share a GPU","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"strategy":{"name":"strategy","type":"\u0007","is_mandatory":true,"title":"The GPU sharing strategy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) GPU sharing configuration","private":true,"min_provider_version":"9.0.0","defaults":"strategy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.advancedMachineFeatures":{"id":"gcp.project.gkeService.cluster.nodepool.config.advancedMachineFeatures","name":"gcp.project.gkeService.cluster.nodepool.config.advancedMachineFeatures","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"threadsPerCore":{"name":"threadsPerCore","type":"\u0005","is_mandatory":true,"title":"Number of threads per physical core (if unset, assumes the maximum number of threads supported per core by the underlying processor)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool advanced machine features configuration","private":true,"min_provider_version":"9.0.0","defaults":"threadsPerCore","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.confidentialNodes":{"id":"gcp.project.gkeService.cluster.nodepool.config.confidentialNodes","name":"gcp.project.gkeService.cluster.nodepool.config.confidentialNodes","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether to use confidential nodes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool confidential nodes configuration","private":true,"min_provider_version":"9.0.0","defaults":"enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.gcfsConfig":{"id":"gcp.project.gkeService.cluster.nodepool.config.gcfsConfig","name":"gcp.project.gkeService.cluster.nodepool.config.gcfsConfig","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether to use GCFS","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool GCFS configuration","private":true,"min_provider_version":"9.0.0","defaults":"enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.gvnicConfig":{"id":"gcp.project.gkeService.cluster.nodepool.config.gvnicConfig","name":"gcp.project.gkeService.cluster.nodepool.config.gvnicConfig","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether to use gVNIC","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool gVNIC configuration","private":true,"min_provider_version":"9.0.0","defaults":"enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.kubeletConfig":{"id":"gcp.project.gkeService.cluster.nodepool.config.kubeletConfig","name":"gcp.project.gkeService.cluster.nodepool.config.kubeletConfig","fields":{"cpuCfsQuotaPeriod":{"name":"cpuCfsQuotaPeriod","type":"\u0007","is_mandatory":true,"title":"Set the CPU CFS quota period value 'cpu.cfs_period_us'","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cpuManagerPolicy":{"name":"cpuManagerPolicy","type":"\u0007","is_mandatory":true,"title":"Control the CPU management policy on the node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"podPidsLimit":{"name":"podPidsLimit","type":"\u0005","is_mandatory":true,"title":"Set the Pod PID limits","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) Node Pool kubelet configuration","desc":"Examine kubelet settings applied to every node in the pool — the CPU manager policy (e.g., `static` for guaranteed-QoS containers), the CPU CFS quota period, and the per-pod PID limit. These settings affect workload isolation and resource-exhaustion blast-radius.","private":true,"min_provider_version":"9.0.0","defaults":"cpuManagerPolicy podPidsLimit","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.linuxNodeConfig":{"id":"gcp.project.gkeService.cluster.nodepool.config.linuxNodeConfig","name":"gcp.project.gkeService.cluster.nodepool.config.linuxNodeConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sysctls":{"name":"sysctls","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"The Linux kernel parameters to apply to the nodes and all pods running on them","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool parameters that can be configured on Linux nodes","private":true,"min_provider_version":"9.0.0","defaults":"sysctls","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.nodeTaint":{"id":"gcp.project.gkeService.cluster.nodepool.config.nodeTaint","name":"gcp.project.gkeService.cluster.nodepool.config.nodeTaint","fields":{"effect":{"name":"effect","type":"\u0007","is_mandatory":true,"title":"Effect for the taint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Key for the taint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"value":{"name":"value","type":"\u0007","is_mandatory":true,"title":"Value for the taint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) Kubernetes node taint","private":true,"min_provider_version":"9.0.0","defaults":"key value effect","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.sandboxConfig":{"id":"gcp.project.gkeService.cluster.nodepool.config.sandboxConfig","name":"gcp.project.gkeService.cluster.nodepool.config.sandboxConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of the sandbox to use for this node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool sandbox configuration","private":true,"min_provider_version":"9.0.0","defaults":"type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.shieldedInstanceConfig":{"id":"gcp.project.gkeService.cluster.nodepool.config.shieldedInstanceConfig","name":"gcp.project.gkeService.cluster.nodepool.config.shieldedInstanceConfig","fields":{"enableIntegrityMonitoring":{"name":"enableIntegrityMonitoring","type":"\u0004","is_mandatory":true,"title":"Whether the instance has integrity monitoring enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableSecureBoot":{"name":"enableSecureBoot","type":"\u0004","is_mandatory":true,"title":"Whether the instance has Secure Boot enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool shielded instance configuration","desc":"Examine whether Secure Boot and integrity monitoring are enabled for nodes in the pool. Both settings are CIS GKE benchmark controls: Secure Boot ensures only signed OS components run, and integrity monitoring detects runtime changes to the boot sequence.","private":true,"min_provider_version":"9.0.0","defaults":"enableSecureBoot enableIntegrityMonitoring","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.config.windowsNodeConfig":{"id":"gcp.project.gkeService.cluster.nodepool.config.windowsNodeConfig","name":"gcp.project.gkeService.cluster.nodepool.config.windowsNodeConfig","fields":{"osVersion":{"name":"osVersion","type":"\u0007","is_mandatory":true,"title":"Windows Server OS version pinned to this node pool","desc":"One of OS_VERSION_UNSPECIFIED, OS_VERSION_LTSC2019, or OS_VERSION_LTSC2022.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool parameters that can be configured on Windows nodes","desc":"Examine the Windows-specific settings on a GKE node pool. Surfaces the `osVersion` selecting which Windows Server LTSC image the pool is pinned to (e.g., `LTSC2019`, `LTSC2022`). Auditors of mixed-OS GKE clusters need this to verify that Windows nodes are running an approved OS baseline.","private":true,"min_provider_version":"13.16.3","defaults":"osVersion","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.networkConfig":{"id":"gcp.project.gkeService.cluster.nodepool.networkConfig","name":"gcp.project.gkeService.cluster.nodepool.networkConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"performanceConfig":{"name":"performanceConfig","type":"\u001bgcp.project.gkeService.cluster.nodepool.networkConfig.performanceConfig","is_mandatory":true,"title":"Network performance tier configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"podIpv4CidrBlock":{"name":"podIpv4CidrBlock","type":"\u0007","is_mandatory":true,"title":"The IP address range for pod IPs in this node pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"podRange":{"name":"podRange","type":"\u0007","is_mandatory":true,"title":"The ID of the secondary range for pod IPs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool-Level network configuration","private":true,"min_provider_version":"9.0.0","defaults":"podRange podIpv4CidrBlock","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.networkConfig.performanceConfig":{"id":"gcp.project.gkeService.cluster.nodepool.networkConfig.performanceConfig","name":"gcp.project.gkeService.cluster.nodepool.networkConfig.performanceConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalEgressBandwidthTier":{"name":"totalEgressBandwidthTier","type":"\u0007","is_mandatory":true,"title":"Specifies the total network bandwidth tier for the node pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool network performance configuration","private":true,"min_provider_version":"9.0.0","defaults":"totalEgressBandwidthTier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.nodepool.upgradeSettings":{"id":"gcp.project.gkeService.cluster.nodepool.upgradeSettings","name":"gcp.project.gkeService.cluster.nodepool.upgradeSettings","fields":{"blueGreenSettings":{"name":"blueGreenSettings","type":"\n","is_mandatory":true,"title":"Blue-green upgrade settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxSurge":{"name":"maxSurge","type":"\u0005","is_mandatory":true,"title":"Maximum number of nodes that can be created beyond the current size during upgrade","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxUnavailable":{"name":"maxUnavailable","type":"\u0005","is_mandatory":true,"title":"Maximum number of nodes that can be simultaneously unavailable during upgrade","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"strategy":{"name":"strategy","type":"\u0007","is_mandatory":true,"title":"Update strategy (SURGE, BLUE_GREEN, SHORT_LIVED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) node pool upgrade settings","private":true,"min_provider_version":"11.6.6","defaults":"strategy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.notificationConfig":{"id":"gcp.project.gkeService.cluster.notificationConfig","name":"gcp.project.gkeService.cluster.notificationConfig","fields":{"filterEventTypes":{"name":"filterEventTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Event type filters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsubEnabled":{"name":"pubsubEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Pub/Sub notifications are enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsubTopic":{"name":"pubsubTopic","type":"\u0007","is_mandatory":true,"title":"Pub/Sub topic for notifications","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"topic":{"name":"topic","type":"\u001bgcp.project.pubsubService.topic","title":"Pub/Sub topic resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) GKE cluster notification configuration","private":true,"min_provider_version":"13.7.2","defaults":"pubsubEnabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.gkeService.cluster.securityPostureConfig":{"id":"gcp.project.gkeService.cluster.securityPostureConfig","name":"gcp.project.gkeService.cluster.securityPostureConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Security posture mode (DISABLED, BASIC, ENTERPRISE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"vulnerabilityMode":{"name":"vulnerabilityMode","type":"\u0007","is_mandatory":true,"title":"Vulnerability scanning mode (VULNERABILITY_DISABLED, VULNERABILITY_BASIC, VULNERABILITY_ENTERPRISE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Kubernetes Engine (GKE) cluster security posture configuration","private":true,"min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.healthcareService":{"id":"gcp.project.healthcareService","name":"gcp.project.healthcareService","fields":{"dataset":{"name":"dataset","type":"\u001bgcp.project.healthcareService.dataset","title":"Google Cloud (GCP) Cloud Healthcare dataset","desc":"Examine a Cloud Healthcare dataset: its default IANA time zone, customer- managed encryption key configuration, and the DICOM, FHIR, and HL7v2 stores it contains.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"datasets":{"name":"datasets","type":"\u0019\u001bgcp.project.healthcareService.dataset","title":"List of Cloud Healthcare datasets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dicomStore":{"name":"dicomStore","type":"\u001bgcp.project.healthcareService.dicomStore","title":"Google Cloud (GCP) Cloud Healthcare DICOM store","desc":"Examine a Cloud Healthcare DICOM store: its resource labels and the Pub/Sub notification destination configured for new DICOM instance ingestion events.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"fhirStore":{"name":"fhirStore","type":"\u001bgcp.project.healthcareService.fhirStore","title":"Google Cloud (GCP) Cloud Healthcare FHIR store","desc":"Examine a Cloud Healthcare FHIR store: the FHIR specification version (DSTU2, STU3, R4, R5), whether referential integrity is disabled, whether the updateCreate capability is enabled, complex data type reference parsing mode, whether strict search-parameter handling is the default, and resource labels.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"hl7v2Store":{"name":"hl7v2Store","type":"\u001bgcp.project.healthcareService.hl7v2Store","title":"Google Cloud (GCP) Cloud Healthcare HL7v2 store","desc":"Examine a Cloud Healthcare HL7v2 store: its message parser configuration, whether duplicate messages are rejected, and resource labels.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Healthcare API","desc":"Use this resource as the entry point for the Cloud Healthcare API in the project. It hosts the `datasets` and, through them, the DICOM, FHIR, and HL7v2 stores — exposing encryption configuration, time zone, and notification settings for healthcare-data audits.","private":true,"min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.healthcareService.dataset":{"id":"gcp.project.healthcareService.dataset","name":"gcp.project.healthcareService.dataset","fields":{"dicomStores":{"name":"dicomStores","type":"\u0019\u001bgcp.project.healthcareService.dicomStore","title":"DICOM stores in this dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Customer-managed encryption key configuration (includes kmsKeyName)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fhirStores":{"name":"fhirStores","type":"\u0019\u001bgcp.project.healthcareService.fhirStore","title":"FHIR stores in this dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hl7v2Stores":{"name":"hl7v2Stores","type":"\u0019\u001bgcp.project.healthcareService.hl7v2Store","title":"HL7v2 stores in this dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the dataset","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeZone":{"name":"timeZone","type":"\u0007","is_mandatory":true,"title":"Default IANA time zone used by the dataset (e.g. \"America/New_York\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Healthcare dataset","desc":"Examine a Cloud Healthcare dataset: its default IANA time zone, customer- managed encryption key configuration, and the DICOM, FHIR, and HL7v2 stores it contains.","private":true,"min_provider_version":"13.15.1","defaults":"name timeZone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.healthcareService.dicomStore":{"id":"gcp.project.healthcareService.dicomStore","name":"gcp.project.healthcareService.dicomStore","fields":{"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the DICOM store","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"notificationConfig":{"name":"notificationConfig","type":"\n","is_mandatory":true,"title":"Pub/Sub notification destination for new DICOM instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Healthcare DICOM store","desc":"Examine a Cloud Healthcare DICOM store: its resource labels and the Pub/Sub notification destination configured for new DICOM instance ingestion events.","private":true,"min_provider_version":"13.15.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.healthcareService.fhirStore":{"id":"gcp.project.healthcareService.fhirStore","name":"gcp.project.healthcareService.fhirStore","fields":{"complexDataTypeReferenceParsing":{"name":"complexDataTypeReferenceParsing","type":"\u0007","is_mandatory":true,"title":"Whether references in complex data types are parsed (ENABLED, DISABLED, COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultSearchHandlingStrict":{"name":"defaultSearchHandlingStrict","type":"\u0004","is_mandatory":true,"title":"Whether search uses strict handling for unrecognized parameters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disableReferentialIntegrity":{"name":"disableReferentialIntegrity","type":"\u0004","is_mandatory":true,"title":"Whether referential integrity is disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableUpdateCreate":{"name":"enableUpdateCreate","type":"\u0004","is_mandatory":true,"title":"Whether the store has the updateCreate capability","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the FHIR store","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"FHIR specification version (DSTU2, STU3, R4, R5)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Healthcare FHIR store","desc":"Examine a Cloud Healthcare FHIR store: the FHIR specification version (DSTU2, STU3, R4, R5), whether referential integrity is disabled, whether the updateCreate capability is enabled, complex data type reference parsing mode, whether strict search-parameter handling is the default, and resource labels.","private":true,"min_provider_version":"13.15.1","defaults":"name version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.healthcareService.hl7v2Store":{"id":"gcp.project.healthcareService.hl7v2Store","name":"gcp.project.healthcareService.hl7v2Store","fields":{"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the HL7v2 store","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parserConfig":{"name":"parserConfig","type":"\n","is_mandatory":true,"title":"Configuration for how the server parses messages","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rejectDuplicateMessage":{"name":"rejectDuplicateMessage","type":"\u0004","is_mandatory":true,"title":"Whether duplicate messages are rejected","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Healthcare HL7v2 store","desc":"Examine a Cloud Healthcare HL7v2 store: its message parser configuration, whether duplicate messages are rejected, and resource labels.","private":true,"min_provider_version":"13.15.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iamService":{"id":"gcp.project.iamService","name":"gcp.project.iamService","fields":{"denyPolicies":{"name":"denyPolicies","type":"\u0019\u001bgcp.project.iamService.denyPolicy","title":"IAM deny policies attached to the project","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"denyPolicy":{"name":"denyPolicy","type":"\u001bgcp.project.iamService.denyPolicy","title":"Google Cloud (GCP) IAM deny policy","desc":"Examine the deny rules that block principals from using specific permissions on the project, which take precedence over any allow policy. Each entry in `rules` carries the denied permissions, the principals the denial applies to, any exception principals or permissions excluded from the denial, and an optional CEL condition that gates when the rule fires. Deny policies are selected by their full resource `name`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"role":{"name":"role","type":"\u001bgcp.project.iamService.role","title":"Google Cloud (GCP) IAM custom role","desc":"Examine a custom IAM role defined in the project — its title, description, launch stage (`ALPHA`, `BETA`, `GA`, `DEPRECATED`, `DISABLED`), the full list of permissions it grants, and whether it has been soft-deleted. Custom roles with overly broad permission sets are a common privilege-escalation finding.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"roles":{"name":"roles","type":"\u0019\u001bgcp.project.iamService.role","title":"Custom IAM roles defined in the project","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"Google Cloud (GCP) IAM service account","desc":"Examine a GCP service account — its email address, display name, description, disabled status, OAuth 2.0 client ID, and all associated keys. The `activeUserManagedKeys` field surfaces non-disabled, user-managed keys (the audit hot spot for key sprawl), and `lastAuthenticatedTime` reports when the account last successfully authenticated, drawn from Policy Intelligence data.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"serviceAccounts":{"name":"serviceAccounts","type":"\u0019\u001bgcp.project.iamService.serviceAccount","title":"List of service accounts","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workloadIdentityPool":{"name":"workloadIdentityPool","type":"\u001bgcp.project.iamService.workloadIdentityPool","title":"Google Cloud (GCP) Workload Identity Federation pool","desc":"Examine pool lifecycle (`state`, `disabled`, `expireTime`) and the external identity providers attached to it via `providers`. A pool is the namespace that external workloads (AWS roles, OIDC issuers, SAML IdPs, X.509 trust stores) federate into before they can impersonate Google service accounts. Pools are the top-level audit unit for federation: a `disabled=false`, non-expired pool with a permissive provider is the path that lets external callers obtain GCP credentials.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"workloadIdentityPools":{"name":"workloadIdentityPools","type":"\u0019\u001bgcp.project.iamService.workloadIdentityPool","title":"Workload Identity Federation pools defined in the project","min_provider_version":"13.13.4","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Identity and Access Management (IAM)","desc":"Use this resource to enumerate the project's IAM building blocks: the `serviceAccounts` and their service-account keys, custom `roles` defined in the project, and the Workload Identity Federation pools (and their external providers) reachable through `workloadIdentityPools`. This is the entry point for IAM audits — service-account-key sprawl, key rotation, custom role permission scope, and external federation trust anchors all hang off of here.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iamService.denyPolicy":{"id":"gcp.project.iamService.denyPolicy","name":"gcp.project.iamService.denyPolicy","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Arbitrary user-supplied metadata attached to the policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-specified display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Etag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the deny policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rules":{"name":"rules","type":"\u0019\n","is_mandatory":true,"title":"Deny rules that make up the policy, each with denied permissions, principals, exceptions, and an optional condition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"Globally unique identifier assigned when the policy was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Timestamp when the policy was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) IAM deny policy","desc":"Examine the deny rules that block principals from using specific permissions on the project, which take precedence over any allow policy. Each entry in `rules` carries the denied permissions, the principals the denial applies to, any exception principals or permissions excluded from the denial, and an optional CEL condition that gates when the rule fires. Deny policies are selected by their full resource `name`.","private":true,"min_provider_version":"13.15.1","defaults":"displayName name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iamService.role":{"id":"gcp.project.iamService.role","name":"gcp.project.iamService.role","fields":{"deleted":{"name":"deleted","type":"\u0004","is_mandatory":true,"title":"Whether the role has been deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"grantsIamPolicyManagement":{"name":"grantsIamPolicyManagement","type":"\u0004","title":"Whether the role grants any IAM policy management permission (any permission ending in .setIamPolicy)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"grantsServiceAccountImpersonation":{"name":"grantsServiceAccountImpersonation","type":"\u0004","title":"Whether the role grants service-account impersonation","desc":"True when any included permission is iam.serviceAccounts.actAs, getAccessToken, signBlob, signJwt, getOpenIdToken, or implicitDelegation — the permissions that enable acting as a service account and escalating privilege.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"includedPermissions":{"name":"includedPermissions","type":"\u0019\u0007","is_mandatory":true,"title":"Permissions included in this role","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the role","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stage":{"name":"stage","type":"\u0007","is_mandatory":true,"title":"Launch stage of the role (ALPHA, BETA, GA, DEPRECATED, DISABLED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"title":{"name":"title","type":"\u0007","is_mandatory":true,"title":"Title of the role","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) IAM custom role","desc":"Examine a custom IAM role defined in the project — its title, description, launch stage (`ALPHA`, `BETA`, `GA`, `DEPRECATED`, `DISABLED`), the full list of permissions it grants, and whether it has been soft-deleted. Custom roles with overly broad permission sets are a common privilege-escalation finding.","private":true,"min_provider_version":"11.6.6","defaults":"title name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iamService.serviceAccount":{"id":"gcp.project.iamService.serviceAccount","name":"gcp.project.iamService.serviceAccount","fields":{"activeUserManagedKeys":{"name":"activeUserManagedKeys","type":"\u0019\u001bgcp.project.iamService.serviceAccount.key","title":"User-managed keys that are not disabled (the SA-key audit hot spot)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"canBeImpersonated":{"name":"canBeImpersonated","type":"\u0004","title":"Whether any principal can impersonate this service account","desc":"True when the IAM policy grants one of the predefined impersonation roles (serviceAccountTokenCreator, serviceAccountUser, or workloadIdentityUser) to any member. Only these predefined roles are checked — custom roles that include equivalent permissions (e.g. iam.serviceAccounts.getAccessToken) are not detected — and the grant is flagged even when scoped by an IAM condition (inspect iamPolicy for the condition details).","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Service account description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the service account is disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-specified, human-readable name for the service account","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"email":{"name":"email","type":"\u0007","is_mandatory":true,"title":"Email address of the service account","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasUserManagedKeys":{"name":"hasUserManagedKeys","type":"\u0004","title":"Whether this service account has at least one user-managed (non-disabled) key","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"The service account's own resource IAM policy bindings (who is granted roles on the service account itself, e.g. token creator or user)","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isDefault":{"name":"isDefault","type":"\u0004","title":"Whether this is a Google-created default service account (default Compute or App Engine SA), which holds broad project-editor permissions by default","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"key":{"name":"key","type":"\u001bgcp.project.iamService.serviceAccount.key","title":"Google Cloud (GCP) IAM service account key","desc":"Examine an individual key associated with a service account — its algorithm, origin (`GOOGLE_PROVIDED` or `USER_PROVIDED`), type (`SYSTEM_MANAGED` or `USER_MANAGED`), validity window (`validAfterTime`, `validBeforeTime`), and disabled status. The `userManaged` derived field is `true` when the key was created by a user rather than Google, making it the primary field for CIS service-account-key rotation audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"keys":{"name":"keys","type":"\u0019\u001bgcp.project.iamService.serviceAccount.key","title":"Service account keys","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastAuthenticatedTime":{"name":"lastAuthenticatedTime","type":"\t","title":"Timestamp when the service account was last used to authenticate (from Policy Intelligence)","min_provider_version":"13.9.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Service account name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oauth2ClientId":{"name":"oauth2ClientId","type":"\u0007","is_mandatory":true,"title":"OAuth 2.0 client ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uniqueId":{"name":"uniqueId","type":"\u0007","is_mandatory":true,"title":"Unique, stable, numeric ID for the service account","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) IAM service account","desc":"Examine a GCP service account — its email address, display name, description, disabled status, OAuth 2.0 client ID, and all associated keys. The `activeUserManagedKeys` field surfaces non-disabled, user-managed keys (the audit hot spot for key sprawl), and `lastAuthenticatedTime` reports when the account last successfully authenticated, drawn from Policy Intelligence data.","private":true,"min_provider_version":"9.0.0","defaults":"displayName name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iamService.serviceAccount.key":{"id":"gcp.project.iamService.serviceAccount.key","name":"gcp.project.iamService.serviceAccount.key","fields":{"ageInDays":{"name":"ageInDays","type":"\u0005","title":"Age of the key in whole days, computed from `validAfterTime` to now (the field CIS key-rotation audits compare against a 90-day threshold)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the key is disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyAlgorithm":{"name":"keyAlgorithm","type":"\u0007","is_mandatory":true,"title":"Algorithm (and possibly key size) of the key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyOrigin":{"name":"keyOrigin","type":"\u0007","is_mandatory":true,"title":"Key origin","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyType":{"name":"keyType","type":"\u0007","is_mandatory":true,"title":"Key type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastAuthenticatedTime":{"name":"lastAuthenticatedTime","type":"\t","title":"Timestamp when the key was last used to authenticate (from Policy Intelligence)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Service account key name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userManaged":{"name":"userManaged","type":"\u0004","is_mandatory":true,"title":"Whether the key is user-managed (true when keyType == USER_MANAGED). User-managed keys are typically the audit hot spot.","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"validAfterTime":{"name":"validAfterTime","type":"\t","is_mandatory":true,"title":"Key can be used after this timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"validBeforeTime":{"name":"validBeforeTime","type":"\t","is_mandatory":true,"title":"Key can be used before this timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) IAM service account key","desc":"Examine an individual key associated with a service account — its algorithm, origin (`GOOGLE_PROVIDED` or `USER_PROVIDED`), type (`SYSTEM_MANAGED` or `USER_MANAGED`), validity window (`validAfterTime`, `validBeforeTime`), and disabled status. The `userManaged` derived field is `true` when the key was created by a user rather than Google, making it the primary field for CIS service-account-key rotation audits.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iamService.workloadIdentityPool":{"id":"gcp.project.iamService.workloadIdentityPool","name":"gcp.project.iamService.workloadIdentityPool","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the pool","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the pool is disabled. Disabled pools cannot mint tokens.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-specified display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Time the pool is scheduled to be permanently deleted (set when `state` is DELETED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Pool operating mode","desc":"One of FEDERATION_ONLY, TRUST_DOMAIN, SYSTEM_TRUST_DOMAIN, or empty/MODE_UNSPECIFIED (both unspecified values operate as FEDERATION_ONLY). FEDERATION_ONLY pools accept external workload identities (the audit hot spot); TRUST_DOMAIN and SYSTEM_TRUST_DOMAIN pools (e.g. GKE's `*.svc.id.goog` pools) do not host user-defined providers.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/global/workloadIdentityPools/{poolId})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"poolId":{"name":"poolId","type":"\u0007","is_mandatory":true,"title":"Short pool ID (the last segment of `name`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"provider":{"name":"provider","type":"\u001bgcp.project.iamService.workloadIdentityPool.provider","title":"Google Cloud (GCP) Workload Identity Federation pool provider","desc":"Examine which external identity provider (AWS account, OIDC issuer, SAML IdP, or X.509 trust store) is allowed to mint tokens that federate into the parent pool, plus the `attributeMapping` and `attributeCondition` that gate which Google identities those external tokens may impersonate. Providers are the trust-anchor audit unit: a permissive `attributeMapping` (mapping `google.subject` to an unfiltered external claim) or a missing `attributeCondition` is the typical misconfiguration that turns federation into anyone-can-impersonate-anyone. The `providerType` field is the discriminator (`aws`, `oidc`, `saml`, or `x509`); the matching `aws*` / `oidc*` / `saml*` flat fields are populated for those types, and `x509TrustAnchorCount` reports how many trust anchors an `x509` provider configures.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"providers":{"name":"providers","type":"\u0019\u001bgcp.project.iamService.workloadIdentityPool.provider","title":"Identity providers attached to this pool. Null for TRUST_DOMAIN and SYSTEM_TRUST_DOMAIN pools, which cannot host user-defined providers.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Pool lifecycle state (STATE_UNSPECIFIED, ACTIVE, DELETED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Workload Identity Federation pool","desc":"Examine pool lifecycle (`state`, `disabled`, `expireTime`) and the external identity providers attached to it via `providers`. A pool is the namespace that external workloads (AWS roles, OIDC issuers, SAML IdPs, X.509 trust stores) federate into before they can impersonate Google service accounts. Pools are the top-level audit unit for federation: a `disabled=false`, non-expired pool with a permissive provider is the path that lets external callers obtain GCP credentials.","private":true,"min_provider_version":"13.13.4","defaults":"displayName name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iamService.workloadIdentityPool.provider":{"id":"gcp.project.iamService.workloadIdentityPool.provider","name":"gcp.project.iamService.workloadIdentityPool.provider","fields":{"attributeCondition":{"name":"attributeCondition","type":"\u0007","is_mandatory":true,"title":"CEL expression evaluated against the external token. When empty, every external token that satisfies the mapping is accepted.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"attributeMapping":{"name":"attributeMapping","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Maps Google claims to expressions over the external token","desc":"Maps `google.subject`, `google.groups`, and `attribute.*` to expressions over the external token. A mapping of `google.subject` to an unfiltered external claim is the audit hot spot.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"awsAccountId":{"name":"awsAccountId","type":"\u0007","is_mandatory":true,"title":"For AWS providers: the AWS account ID whose IAM roles/users may federate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the provider","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the provider is disabled. Disabled providers cannot mint tokens.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-specified display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Time the provider is scheduled to be permanently deleted (set when `state` is DELETED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/global/workloadIdentityPools/{poolId}/providers/{providerId})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oidcAllowedAudiences":{"name":"oidcAllowedAudiences","type":"\u0019\u0007","is_mandatory":true,"title":"For OIDC providers: audience claims the IdP must include in tokens. Empty defaults to the workload identity pool's full resource name.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oidcIssuerUri":{"name":"oidcIssuerUri","type":"\u0007","is_mandatory":true,"title":"For OIDC providers: the issuer URL of the trusted IdP","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"poolId":{"name":"poolId","type":"\u0007","is_mandatory":true,"title":"Short pool ID this provider belongs to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"providerId":{"name":"providerId","type":"\u0007","is_mandatory":true,"title":"Short provider ID (the last segment of `name`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"providerType":{"name":"providerType","type":"\u0007","is_mandatory":true,"title":"Discriminator for which credential family this provider trusts: `aws`, `oidc`, `saml`, or `x509`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"samlIdpMetadataXml":{"name":"samlIdpMetadataXml","type":"\u0007","is_mandatory":true,"title":"For SAML providers: the SAML 2.0 IdP metadata XML document defining the trust","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Provider lifecycle state (STATE_UNSPECIFIED, ACTIVE, DELETED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"x509TrustAnchorCount":{"name":"x509TrustAnchorCount","type":"\u0005","is_mandatory":true,"title":"For X.509 providers: the number of trust anchors configured in the provider's trust store (0 for non-X.509 providers)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Workload Identity Federation pool provider","desc":"Examine which external identity provider (AWS account, OIDC issuer, SAML IdP, or X.509 trust store) is allowed to mint tokens that federate into the parent pool, plus the `attributeMapping` and `attributeCondition` that gate which Google identities those external tokens may impersonate. Providers are the trust-anchor audit unit: a permissive `attributeMapping` (mapping `google.subject` to an unfiltered external claim) or a missing `attributeCondition` is the typical misconfiguration that turns federation into anyone-can-impersonate-anyone. The `providerType` field is the discriminator (`aws`, `oidc`, `saml`, or `x509`); the matching `aws*` / `oidc*` / `saml*` flat fields are populated for those types, and `x509TrustAnchorCount` reports how many trust anchors an `x509` provider configures.","private":true,"min_provider_version":"13.13.4","defaults":"displayName providerType state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iapService":{"id":"gcp.project.iapService","name":"gcp.project.iapService","fields":{"brand":{"name":"brand","type":"\u001bgcp.project.iapService.brand","title":"Google Cloud (GCP) IAP OAuth brand","desc":"Examine an Identity-Aware Proxy OAuth brand — the OAuth consent screen configuration for a project. Inspect `applicationTitle` and `supportEmail` for the user-visible consent screen content; and `orgInternalOnly` to verify whether access is restricted to internal organization users or open to external identities.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"brands":{"name":"brands","type":"\u0019\u001bgcp.project.iapService.brand","title":"List of IAP OAuth brands","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tunnelDestGroup":{"name":"tunnelDestGroup","type":"\u001bgcp.project.iapService.tunnelDestGroup","title":"Google Cloud (GCP) IAP tunnel destination group","desc":"Examine an Identity-Aware Proxy tunnel destination group — a named set of hosts or IP ranges that IAP TCP forwarding can route to. Inspect `cidrs` for the allowed IP CIDR ranges and `fqdns` for the allowed fully qualified domain names that define the group's reachable destinations.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"tunnelDestGroups":{"name":"tunnelDestGroups","type":"\u0019\u001bgcp.project.iapService.tunnelDestGroup","title":"List of IAP tunnel destination groups","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Identity-Aware Proxy (IAP)","desc":"Use this resource as the entry point for Identity-Aware Proxy in the project. It hosts the OAuth `brands` (and their OAuth clients) and the `tunnelDestGroups` that scope TCP forwarding for access-control audits.","private":true,"min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iapService.brand":{"id":"gcp.project.iapService.brand","name":"gcp.project.iapService.brand","fields":{"applicationTitle":{"name":"applicationTitle","type":"\u0007","is_mandatory":true,"title":"Application title displayed on the OAuth consent screen","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"orgInternalOnly":{"name":"orgInternalOnly","type":"\u0004","is_mandatory":true,"title":"Whether the brand is only for internal organization use","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"supportEmail":{"name":"supportEmail","type":"\u0007","is_mandatory":true,"title":"Support email displayed on the OAuth consent screen","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) IAP OAuth brand","desc":"Examine an Identity-Aware Proxy OAuth brand — the OAuth consent screen configuration for a project. Inspect `applicationTitle` and `supportEmail` for the user-visible consent screen content; and `orgInternalOnly` to verify whether access is restricted to internal organization users or open to external identities.","private":true,"min_provider_version":"13.7.2","defaults":"name applicationTitle","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.iapService.tunnelDestGroup":{"id":"gcp.project.iapService.tunnelDestGroup","name":"gcp.project.iapService.tunnelDestGroup","fields":{"cidrs":{"name":"cidrs","type":"\u0019\u0007","is_mandatory":true,"title":"CIDR ranges in the destination group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fqdns":{"name":"fqdns","type":"\u0019\u0007","is_mandatory":true,"title":"Fully qualified domain names in the destination group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) IAP tunnel destination group","desc":"Examine an Identity-Aware Proxy tunnel destination group — a named set of hosts or IP ranges that IAP TCP forwarding can route to. Inspect `cidrs` for the allowed IP CIDR ranges and `fqdns` for the allowed fully qualified domain names that define the group's reachable destinations.","private":true,"min_provider_version":"13.7.2","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.idsService":{"id":"gcp.project.idsService","name":"gcp.project.idsService","fields":{"endpoint":{"name":"endpoint","type":"\u001bgcp.project.idsService.endpoint","title":"Google Cloud (GCP) Cloud IDS endpoint","desc":"Examine a Cloud IDS intrusion-detection endpoint. Inspect `severity` for the minimum threat level that generates alerts (INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL); `network` for the VPC network under inspection; `state` for the operational lifecycle (CREATING, READY, DELETING, UPDATING); and `trafficLogs` to verify whether full traffic logging is enabled for forensic audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"endpoints":{"name":"endpoints","type":"\u0019\u001bgcp.project.idsService.endpoint","title":"IDS endpoints","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud IDS","desc":"Use this resource as the entry point for Cloud IDS in the project. It hosts the IDS `endpoints` — each exposing its severity threshold, inspected network, traffic-logging setting, and operational state for intrusion-detection audits.","private":true,"min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.idsService.endpoint":{"id":"gcp.project.idsService.endpoint","name":"gcp.project.idsService.endpoint","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpointForwardingRule":{"name":"endpointForwardingRule","type":"\u0007","is_mandatory":true,"title":"Endpoint forwarding rule URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpointIp":{"name":"endpointIp","type":"\u0007","is_mandatory":true,"title":"Endpoint IP address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Network resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"networkUrl":{"name":"networkUrl","type":"\u0007","is_mandatory":true,"title":"Raw network self-link URL","desc":"Deprecated in favor of `network`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"severity":{"name":"severity","type":"\u0007","is_mandatory":true,"title":"Minimum threat severity (INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Endpoint state (CREATING, READY, DELETING, UPDATING)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trafficLogs":{"name":"trafficLogs","type":"\u0004","is_mandatory":true,"title":"Whether traffic logs are enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud IDS endpoint","desc":"Examine a Cloud IDS intrusion-detection endpoint. Inspect `severity` for the minimum threat level that generates alerts (INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL); `network` for the VPC network under inspection; `state` for the operational lifecycle (CREATING, READY, DELETING, UPDATING); and `trafficLogs` to verify whether full traffic logging is enabled for forensic audits.","private":true,"min_provider_version":"13.6.1","defaults":"name severity state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService":{"id":"gcp.project.kmsService","name":"gcp.project.kmsService","fields":{"ekmConnection":{"name":"ekmConnection","type":"\u001bgcp.project.kmsService.ekmConnection","title":"Google Cloud (GCP) KMS EKM connection","desc":"Examine a Cloud KMS connection to an External Key Manager (EKM) service. EKM connections let Cloud KMS create and use keys that are stored and managed outside Google, with cryptographic operations performed by the external KMS over Service Directory. Query the `keyManagementMode` (`MANUAL` lets EKM administrators control the key material directly; `CLOUD_KMS` lets Cloud KMS coordinate operations via the EKM crypto space identified by `cryptoSpacePath`), the `serviceResolvers` that point to the EKM replicas reachable from the connection, and the location the connection lives in. EKM connections are the trust anchor for `EXTERNAL_VPC` protection-level keys.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"ekmConnections":{"name":"ekmConnections","type":"\u0019\u001bgcp.project.kmsService.ekmConnection","title":"EKM (External Key Manager) connections configured in the project","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyring":{"name":"keyring","type":"\u001bgcp.project.kmsService.keyring","title":"Google Cloud (GCP) KMS keyring","desc":"Examine a Cloud KMS keyring — its location, creation time, and the collection of `cryptokeys` it contains. A keyring is the regional container that groups cryptographic keys; individual key rotation, protection level, and IAM policy are on the `cryptokey` sub-resource.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"keyrings":{"name":"keyrings","type":"\u0019\u001bgcp.project.kmsService.keyring","title":"List of keyrings in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locations":{"name":"locations","type":"\u0019\u0007","title":"Available locations for the service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retiredResource":{"name":"retiredResource","type":"\u001bgcp.project.kmsService.retiredResource","title":"Google Cloud (GCP) KMS retired resource (deleted key tracking)","desc":"Examine a Cloud KMS resource that has been deleted — capturing its original resource name, type (`CryptoKey` or `CryptoKeyVersion`), and the time it was deleted. Useful for auditing key-deletion events and confirming that scheduled key destruction completed.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"retiredResources":{"name":"retiredResources","type":"\u0019\u001bgcp.project.kmsService.retiredResource","title":"Retired (deleted) KMS resources","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Key Management Service (KMS)","desc":"Use this resource as the entry point for Cloud KMS in the project. It hosts the `keyrings` and, through them, the crypto keys and key versions used for encryption — exposing rotation schedule, protection level, and IAM policy. `locations` lists the regions where key material can be created, and `retiredResources` surfaces deleted KMS resources.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService.ekmConnection":{"id":"gcp.project.kmsService.ekmConnection","name":"gcp.project.kmsService.ekmConnection","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the EKM connection was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cryptoSpacePath":{"name":"cryptoSpacePath","type":"\u0007","is_mandatory":true,"title":"EKM crypto-space path the connection maps to (populated when `keyManagementMode` is CLOUD_KMS)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Etag for optimistic concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyManagementMode":{"name":"keyManagementMode","type":"\u0007","is_mandatory":true,"title":"Key management mode","desc":"One of MANUAL (EKM administrators manage the key material directly; the default), CLOUD_KMS (Cloud KMS coordinates operations via the EKM crypto space identified by `cryptoSpacePath`), or KEY_MANAGEMENT_MODE_UNSPECIFIED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location the EKM connection lives in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short EKM connection name (the last segment of `resourcePath`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path (projects/*/locations/*/ekmConnections/*)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceResolvers":{"name":"serviceResolvers","type":"\u0019\n","is_mandatory":true,"title":"Service Directory resolvers identifying the reachable EKM replicas","desc":"Each entry exposes `serviceDirectoryService` (the Service Directory service pointing to an EKM replica), `endpointFilter` (optional endpoint filter), `hostname` (the EKM replica hostname used at the TLS and HTTP layers), and `serverCertificates` (the leaf certificates the EKM presents — each carries its issuer, subject, validity window, fingerprints, and the raw PEM).","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) KMS EKM connection","desc":"Examine a Cloud KMS connection to an External Key Manager (EKM) service. EKM connections let Cloud KMS create and use keys that are stored and managed outside Google, with cryptographic operations performed by the external KMS over Service Directory. Query the `keyManagementMode` (`MANUAL` lets EKM administrators control the key material directly; `CLOUD_KMS` lets Cloud KMS coordinate operations via the EKM crypto space identified by `cryptoSpacePath`), the `serviceResolvers` that point to the EKM replicas reachable from the connection, and the location the connection lives in. EKM connections are the trust anchor for `EXTERNAL_VPC` protection-level keys.","private":true,"min_provider_version":"13.16.3","defaults":"name keyManagementMode location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService.keyring":{"id":"gcp.project.kmsService.keyring","name":"gcp.project.kmsService.keyring","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cryptokey":{"name":"cryptokey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Google Cloud (GCP) KMS crypto key","desc":"Examine a Cloud KMS cryptographic key — its purpose (`ENCRYPT_DECRYPT`, `ASYMMETRIC_SIGN`, `ASYMMETRIC_DECRYPT`, `MAC`), rotation schedule (`nextRotation`, `rotationPeriod`), import-only flag, destroy-scheduled duration, backend environment, key access justification policy, IAM policy, and all key versions. The `public` field flags keys whose IAM policy is accessible to `allUsers` or `allAuthenticatedUsers`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cryptokeys":{"name":"cryptokeys","type":"\u0019\u001bgcp.project.kmsService.keyring.cryptokey","title":"List of cryptokeys in the current keyring","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings on the key ring; grants here cascade to every key in the ring","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"importJob":{"name":"importJob","type":"\u001bgcp.project.kmsService.keyring.importJob","title":"Google Cloud (GCP) KMS import job","desc":"Examine a Cloud KMS import job — the short-lived wrapping key used to bring external key material into a Cloud KMS keyring. Query its `importMethod` (the wrapping scheme, e.g. `RSA_OAEP_3072_SHA256_AES_256`), `protectionLevel` (`SOFTWARE`, `HSM`, `EXTERNAL`, `EXTERNAL_VPC`), lifecycle state (`PENDING_GENERATION`, `ACTIVE`, `EXPIRED`), creation and generation timestamps, `expireTime` / `expireEventTime`, the optional HSM `attestation` produced at key creation, and the `cryptoKeyBackend` the job's wrapping key is bound to. Import jobs expire 3 days after creation, so an `EXPIRED` job that still appears in the keyring is a candidate for cleanup.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"importJobs":{"name":"importJobs","type":"\u0019\u001bgcp.project.kmsService.keyring.importJob","title":"Import jobs in the current keyring (used to wrap key material for import into Cloud KMS)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Keyring location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Keyring name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether the key ring's IAM policy grants any role to allUsers or allAuthenticatedUsers","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) KMS keyring","desc":"Examine a Cloud KMS keyring — its location, creation time, and the collection of `cryptokeys` it contains. A keyring is the regional container that groups cryptographic keys; individual key rotation, protection level, and IAM policy are on the `cryptokey` sub-resource.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService.keyring.cryptokey":{"id":"gcp.project.kmsService.keyring.cryptokey","name":"gcp.project.kmsService.keyring.cryptokey","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cryptoKeyBackend":{"name":"cryptoKeyBackend","type":"\u0007","is_mandatory":true,"title":"Resource name of the backend environment where the key material for all crypto key versions reside","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destroyScheduledDuration":{"name":"destroyScheduledDuration","type":"\t","is_mandatory":true,"title":"Period of time that versions of this key spend in DESTROY_SCHEDULED state before being destroyed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"Crypto key IAM policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"importOnly":{"name":"importOnly","type":"\u0004","is_mandatory":true,"title":"Whether this key can contain imported versions only","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"keyAccessJustificationsPolicy":{"name":"keyAccessJustificationsPolicy","type":"\n","is_mandatory":true,"title":"Key access justifications policy (allowedAccessReasons)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Crypto key name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nextRotation":{"name":"nextRotation","type":"\t","is_mandatory":true,"title":"Time at which KMS will create a new version of this key and mark it as primary","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"primary":{"name":"primary","type":"\u001bgcp.project.kmsService.keyring.cryptokey.version","is_mandatory":true,"title":"Primary version for encrypt to use for this crypto key","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"primaryState":{"name":"primaryState","type":"\u0007","is_mandatory":true,"title":"Lifecycle state of the primary version (ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED; empty when the key has no primary)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether the key's IAM policy grants any role to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"purpose":{"name":"purpose","type":"\u0007","is_mandatory":true,"title":"Crypto key purpose","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rotationEnabled":{"name":"rotationEnabled","type":"\u0004","title":"Whether automatic rotation is configured for this key (rotationPeriod is set)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rotationPeriod":{"name":"rotationPeriod","type":"\t","is_mandatory":true,"title":"Rotation period","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"version":{"name":"version","type":"\u001bgcp.project.kmsService.keyring.cryptokey.version","title":"Google Cloud (GCP) KMS crypto key version","desc":"Examine an individual version of a Cloud KMS cryptographic key — its lifecycle state (`ENABLED`, `DISABLED`, `DESTROY_SCHEDULED`, `DESTROYED`), protection level (`SOFTWARE`, `HSM`, `EXTERNAL`), algorithm, HSM attestation, creation and destruction timestamps, import job provenance, and external protection level options for keys held outside Google.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"versionTemplate":{"name":"versionTemplate","type":"\n","is_mandatory":true,"title":"Template describing the settings for new crypto key versions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versions":{"name":"versions","type":"\u0019\u001bgcp.project.kmsService.keyring.cryptokey.version","title":"List of cryptokey versions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) KMS crypto key","desc":"Examine a Cloud KMS cryptographic key — its purpose (`ENCRYPT_DECRYPT`, `ASYMMETRIC_SIGN`, `ASYMMETRIC_DECRYPT`, `MAC`), rotation schedule (`nextRotation`, `rotationPeriod`), import-only flag, destroy-scheduled duration, backend environment, key access justification policy, IAM policy, and all key versions. The `public` field flags keys whose IAM policy is accessible to `allUsers` or `allAuthenticatedUsers`.","private":true,"min_provider_version":"9.0.0","defaults":"name purpose","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService.keyring.cryptokey.version":{"id":"gcp.project.kmsService.keyring.cryptokey.version","name":"gcp.project.kmsService.keyring.cryptokey.version","fields":{"algorithm":{"name":"algorithm","type":"\u0007","is_mandatory":true,"title":"Algorithm that the crypto key version supports","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"attestation":{"name":"attestation","type":"\u001bgcp.project.kmsService.keyring.cryptokey.version.attestation","is_mandatory":true,"title":"Statement generated and signed by HSM at key creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destroyEventTime":{"name":"destroyEventTime","type":"\t","is_mandatory":true,"title":"Destroy event timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destroyed":{"name":"destroyed","type":"\t","is_mandatory":true,"title":"Time destroyed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalProtectionLevelOptions":{"name":"externalProtectionLevelOptions","type":"\u001bgcp.project.kmsService.keyring.cryptokey.version.externalProtectionLevelOptions","is_mandatory":true,"title":"Additional fields for configuring external protection level","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"generated":{"name":"generated","type":"\t","is_mandatory":true,"title":"Time generated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"importFailureReason":{"name":"importFailureReason","type":"\u0007","is_mandatory":true,"title":"The root cause of an import failure","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"importJob":{"name":"importJob","type":"\u0007","is_mandatory":true,"title":"Name of the import job used in the most recent import of the crypto key version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"importTime":{"name":"importTime","type":"\t","is_mandatory":true,"title":"Time at which this crypto key version's key material was imported","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Crypto key version name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"protectionLevel":{"name":"protectionLevel","type":"\u0007","is_mandatory":true,"title":"Protection level describing how crypto operations perform with this crypto key version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reimportEligible":{"name":"reimportEligible","type":"\u0004","is_mandatory":true,"title":"Whether the crypto key version is eligible for reimport","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Crypto key version's current state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) KMS crypto key version","desc":"Examine an individual version of a Cloud KMS cryptographic key — its lifecycle state (`ENABLED`, `DISABLED`, `DESTROY_SCHEDULED`, `DESTROYED`), protection level (`SOFTWARE`, `HSM`, `EXTERNAL`), algorithm, HSM attestation, creation and destruction timestamps, import job provenance, and external protection level options for keys held outside Google.","private":true,"min_provider_version":"9.0.0","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService.keyring.cryptokey.version.attestation":{"id":"gcp.project.kmsService.keyring.cryptokey.version.attestation","name":"gcp.project.kmsService.keyring.cryptokey.version.attestation","fields":{"certificateChains":{"name":"certificateChains","type":"\u001bgcp.project.kmsService.keyring.cryptokey.version.attestation.certificatechains","is_mandatory":true,"title":"Certificate chains needed to validate the attestation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certificatechains":{"name":"certificatechains","type":"\u001bgcp.project.kmsService.keyring.cryptokey.version.attestation.certificatechains","title":"Google Cloud (GCP) KMS crypto key version attestation certificate chains","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"cryptoKeyVersionName":{"name":"cryptoKeyVersionName","type":"\u0007","is_mandatory":true,"title":"Crypto key version name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"format":{"name":"format","type":"\u0007","is_mandatory":true,"title":"Format of the attestation data","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) KMS crypto key version attestation","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService.keyring.cryptokey.version.attestation.certificatechains":{"id":"gcp.project.kmsService.keyring.cryptokey.version.attestation.certificatechains","name":"gcp.project.kmsService.keyring.cryptokey.version.attestation.certificatechains","fields":{"caviumCerts":{"name":"caviumCerts","type":"\u0019\u0007","is_mandatory":true,"title":"Cavium certificate chain corresponding to the attestation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cryptoKeyVersionName":{"name":"cryptoKeyVersionName","type":"\u0007","is_mandatory":true,"title":"Crypto key version name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"googleCardCerts":{"name":"googleCardCerts","type":"\u0019\u0007","is_mandatory":true,"title":"Google card certificate chain corresponding to the attestation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"googlePartitionCerts":{"name":"googlePartitionCerts","type":"\u0019\u0007","is_mandatory":true,"title":"Google partition certificate chain corresponding to the attestation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) KMS crypto key version attestation certificate chains","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService.keyring.cryptokey.version.externalProtectionLevelOptions":{"id":"gcp.project.kmsService.keyring.cryptokey.version.externalProtectionLevelOptions","name":"gcp.project.kmsService.keyring.cryptokey.version.externalProtectionLevelOptions","fields":{"cryptoKeyVersionName":{"name":"cryptoKeyVersionName","type":"\u0007","is_mandatory":true,"title":"Crypto key version name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ekmConnectionKeyPath":{"name":"ekmConnectionKeyPath","type":"\u0007","is_mandatory":true,"title":"Path to the external key material on the EKM when using EKM connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalKeyUri":{"name":"externalKeyUri","type":"\u0007","is_mandatory":true,"title":"URI for an external resource that the crypto key version represents","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) KMS crypto key version external protection level options","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService.keyring.importJob":{"id":"gcp.project.kmsService.keyring.importJob","name":"gcp.project.kmsService.keyring.importJob","fields":{"attestation":{"name":"attestation","type":"\n","is_mandatory":true,"title":"HSM attestation produced at key creation, when the import method has an HSM protection level","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the import job was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cryptoKeyBackend":{"name":"cryptoKeyBackend","type":"\u0007","is_mandatory":true,"title":"Backend environment binding for the wrapping key (e.g., a single-tenant HSM instance), when applicable","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireEventTime":{"name":"expireEventTime","type":"\t","is_mandatory":true,"title":"Time the import job actually expired (set when `state` is EXPIRED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Time the import job is scheduled to expire (3 days after creation)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"generated":{"name":"generated","type":"\t","is_mandatory":true,"title":"Time the wrapping key was generated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"importMethod":{"name":"importMethod","type":"\u0007","is_mandatory":true,"title":"Wrapping method used for incoming key material","desc":"One of RSA_OAEP_3072_SHA1_AES_256, RSA_OAEP_4096_SHA1_AES_256, RSA_OAEP_3072_SHA256_AES_256, RSA_OAEP_4096_SHA256_AES_256, RSA_OAEP_3072_SHA256, RSA_OAEP_4096_SHA256, or IMPORT_METHOD_UNSPECIFIED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Keyring location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short import job name (the last segment of `resourcePath`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"protectionLevel":{"name":"protectionLevel","type":"\u0007","is_mandatory":true,"title":"Protection level of the import job","desc":"One of SOFTWARE, HSM, EXTERNAL, EXTERNAL_VPC, or PROTECTION_LEVEL_UNSPECIFIED. Must match the protection level of the cryptokey the job will import into.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path (projects/*/locations/*/keyRings/*/importJobs/*)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Lifecycle state","desc":"One of PENDING_GENERATION (wrapping key still being generated), ACTIVE (ready to import key material), EXPIRED (3-day expiry reached), or IMPORT_JOB_STATE_UNSPECIFIED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) KMS import job","desc":"Examine a Cloud KMS import job — the short-lived wrapping key used to bring external key material into a Cloud KMS keyring. Query its `importMethod` (the wrapping scheme, e.g. `RSA_OAEP_3072_SHA256_AES_256`), `protectionLevel` (`SOFTWARE`, `HSM`, `EXTERNAL`, `EXTERNAL_VPC`), lifecycle state (`PENDING_GENERATION`, `ACTIVE`, `EXPIRED`), creation and generation timestamps, `expireTime` / `expireEventTime`, the optional HSM `attestation` produced at key creation, and the `cryptoKeyBackend` the job's wrapping key is bound to. Import jobs expire 3 days after creation, so an `EXPIRED` job that still appears in the keyring is a candidate for cleanup.","private":true,"min_provider_version":"13.16.3","defaults":"name state importMethod","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.kmsService.retiredResource":{"id":"gcp.project.kmsService.retiredResource","name":"gcp.project.kmsService.retiredResource","fields":{"deleteTime":{"name":"deleteTime","type":"\t","is_mandatory":true,"title":"When the resource was deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"originalResource":{"name":"originalResource","type":"\u0007","is_mandatory":true,"title":"Original CryptoKey resource name before deletion","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceType":{"name":"resourceType","type":"\u0007","is_mandatory":true,"title":"Resource type (e.g., CryptoKey, CryptoKeyVersion)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) KMS retired resource (deleted key tracking)","desc":"Examine a Cloud KMS resource that has been deleted — capturing its original resource name, type (`CryptoKey` or `CryptoKeyVersion`), and the time it was deleted. Useful for auditing key-deletion events and confirming that scheduled key destruction completed.","private":true,"min_provider_version":"13.6.1","defaults":"name resourceType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.lien":{"id":"gcp.project.lien","name":"gcp.project.lien","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Time the lien was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"System-generated unique identifier for this lien (e.g. liens/1234abcd)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"origin":{"name":"origin","type":"\u0007","is_mandatory":true,"title":"Stable, user-visible string identifying the system that created the lien (e.g. compute.googleapis.com)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reason":{"name":"reason","type":"\u0007","is_mandatory":true,"title":"Concise user-visible string explaining why an action is blocked","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"restrictions":{"name":"restrictions","type":"\u0019\u0007","is_mandatory":true,"title":"IAM permissions whose corresponding operations this lien blocks (e.g. resourcemanager.projects.delete)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Resource Manager lien","desc":"Examine the encumbrances that block destructive operations on a project. A lien names the operations it blocks through `restrictions` (e.g. `resourcemanager.projects.delete`), the system that created it via `origin`, and a human-readable `reason`. Liens are deletion-protection controls — a project with a `resourcemanager.projects.delete` lien cannot be deleted until the lien is removed. Liens are selected by their system-generated `name` (e.g. `liens/1234abcd`).","private":true,"min_provider_version":"13.18.1","defaults":"name reason","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.loggingservice":{"id":"gcp.project.loggingservice","name":"gcp.project.loggingservice","fields":{"bucket":{"name":"bucket","type":"\u001bgcp.project.loggingservice.bucket","title":"Google Cloud (GCP) Cloud Logging bucket","desc":"Examine a Cloud Logging log bucket — its location, retention period, lock status, customer-managed KMS encryption key, lifecycle state, Log Analytics enablement, restricted fields, index configurations, and the views that control which log entries are visible to different principals.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"buckets":{"name":"buckets","type":"\u0019\u001bgcp.project.loggingservice.bucket","title":"List of logging buckets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cmekKmsKeyName":{"name":"cmekKmsKeyName","type":"\u0007","title":"Customer-managed KMS key the Log Router uses to encrypt newly ingested log entries (empty when Google-managed)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"exclusion":{"name":"exclusion","type":"\u001bgcp.project.loggingservice.exclusion","title":"Google Cloud (GCP) Cloud Logging exclusion filter","desc":"Examine a log exclusion configured in the project — the advanced log filter that selects entries to drop, whether the exclusion is currently disabled, its description, and creation and update timestamps. Exclusions can suppress security-relevant log entries if misconfigured; auditing them confirms that critical event categories are not silently discarded.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"exclusions":{"name":"exclusions","type":"\u0019\u001bgcp.project.loggingservice.exclusion","title":"List of log exclusions","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metric":{"name":"metric","type":"\u001bgcp.project.loggingservice.metric","title":"Google Cloud (GCP) Cloud Logging log-based metric","desc":"Examine a log-based metric defined in the project — its advanced log filter, description, and the alert policies that monitor it. The derived fields `filtersIamChanges`, `filtersAuditConfigChanges`, `filtersRouteChanges`, and `filtersFirewallChanges` indicate whether the metric covers the specific mutation categories required by CIS GCP benchmark logging controls.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"metrics":{"name":"metrics","type":"\u0019\u001bgcp.project.loggingservice.metric","title":"List of metrics","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sink":{"name":"sink","type":"\u001bgcp.project.loggingservice.sink","title":"Google Cloud (GCP) Cloud Logging sink","desc":"Examine a Cloud Logging export sink — its destination (Cloud Storage bucket, BigQuery dataset, or Pub/Sub topic), optional log filter, writer identity used for authorization, and whether the sink exports logs from child resources. The `storageBucket` field resolves the destination to a typed storage bucket resource when applicable.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sinks":{"name":"sinks","type":"\u0019\u001bgcp.project.loggingservice.sink","title":"List of log sinks","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Logging","desc":"Use this resource as the entry point for Cloud Logging in the project. It hosts `buckets` (log storage with retention and CMEK settings), `metrics` (log-based metrics for alerting on security events), `sinks` (export configurations to Cloud Storage, BigQuery, or Pub/Sub), and `exclusions` (filters that drop matching log entries before ingestion). Together these are the primary surface for CIS logging benchmark controls.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.loggingservice.bucket":{"id":"gcp.project.loggingservice.bucket","name":"gcp.project.loggingservice.bucket","fields":{"cmekSettings":{"name":"cmekSettings","type":"\n","is_mandatory":true,"title":"Raw CMEK settings dict","desc":"Deprecated in favor of `kmsKey()`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the bucket","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"indexConfig":{"name":"indexConfig","type":"\u001bgcp.project.loggingservice.bucket.indexConfig","title":"Google Cloud (GCP) Logging bucket index config","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"indexConfigs":{"name":"indexConfigs","type":"\u0019\u001bgcp.project.loggingservice.bucket.indexConfig","is_mandatory":true,"title":"List of indexed fields and related configuration data","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used to encrypt log entries in this bucket (null when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lifecycleState":{"name":"lifecycleState","type":"\u0007","is_mandatory":true,"title":"Bucket lifecycle state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location where the bucket is stored","min_provider_version":"11.2.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locked":{"name":"locked","type":"\u0004","is_mandatory":true,"title":"Whether the bucket is locked","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logAnalyticsEnabled":{"name":"logAnalyticsEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Log Analytics is enabled for the bucket","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Bucket name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"restrictedFields":{"name":"restrictedFields","type":"\u0019\u0007","is_mandatory":true,"title":"Log entry field paths that are denied access in this bucket","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retentionDays":{"name":"retentionDays","type":"\u0005","is_mandatory":true,"title":"Amount of time for which logs will be retained by default, after which they're automatically deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update timestamp of the bucket","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"view":{"name":"view","type":"\u001bgcp.project.loggingservice.bucket.view","title":"Google Cloud (GCP) Logging bucket view","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"views":{"name":"views","type":"\u0019\u001bgcp.project.loggingservice.bucket.view","title":"List of log views in this bucket","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Logging bucket","desc":"Examine a Cloud Logging log bucket — its location, retention period, lock status, customer-managed KMS encryption key, lifecycle state, Log Analytics enablement, restricted fields, index configurations, and the views that control which log entries are visible to different principals.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.loggingservice.bucket.indexConfig":{"id":"gcp.project.loggingservice.bucket.indexConfig","name":"gcp.project.loggingservice.bucket.indexConfig","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fieldPath":{"name":"fieldPath","type":"\u0007","is_mandatory":true,"title":"Log entry field path to index","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of data in this index","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Logging bucket index config","private":true,"min_provider_version":"9.0.0","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.loggingservice.bucket.view":{"id":"gcp.project.loggingservice.bucket.view","name":"gcp.project.loggingservice.bucket.view","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the view","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Filter that restricts which log entries are visible in this view","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Logging bucket view","private":true,"min_provider_version":"13.7.2","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.loggingservice.exclusion":{"id":"gcp.project.loggingservice.exclusion","name":"gcp.project.loggingservice.exclusion","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the exclusion is disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Advanced logs filter that matches log entries to be excluded","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Exclusion name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Logging exclusion filter","desc":"Examine a log exclusion configured in the project — the advanced log filter that selects entries to drop, whether the exclusion is currently disabled, its description, and creation and update timestamps. Exclusions can suppress security-relevant log entries if misconfigured; auditing them confirms that critical event categories are not silently discarded.","private":true,"min_provider_version":"13.6.1","defaults":"name disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.loggingservice.metric":{"id":"gcp.project.loggingservice.metric","name":"gcp.project.loggingservice.metric","fields":{"alertPolicies":{"name":"alertPolicies","type":"\u0019\u001bgcp.project.monitoringService.alertPolicy","title":"Alert policies for this metric","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Metric description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Advanced log filter","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filtersAuditConfigChanges":{"name":"filtersAuditConfigChanges","type":"\u0004","title":"Whether the filter matches audit-config mutations (auditConfigDelta on SetIamPolicy)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filtersFirewallChanges":{"name":"filtersFirewallChanges","type":"\u0004","title":"Whether the filter matches compute firewall mutations (compute.firewalls.{insert,patch,delete})","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filtersIamChanges":{"name":"filtersIamChanges","type":"\u0004","title":"Whether the filter matches IAM policy mutations (SetIamPolicy)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filtersRouteChanges":{"name":"filtersRouteChanges","type":"\u0004","title":"Whether the filter matches compute route mutations (compute.routes.{insert,patch,delete})","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Metric ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Logging log-based metric","desc":"Examine a log-based metric defined in the project — its advanced log filter, description, and the alert policies that monitor it. The derived fields `filtersIamChanges`, `filtersAuditConfigChanges`, `filtersRouteChanges`, and `filtersFirewallChanges` indicate whether the metric covers the specific mutation categories required by CIS GCP benchmark logging controls.","private":true,"min_provider_version":"9.0.0","defaults":"description filter","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.loggingservice.sink":{"id":"gcp.project.loggingservice.sink","name":"gcp.project.loggingservice.sink","fields":{"capturesAllLogs":{"name":"capturesAllLogs","type":"\u0004","title":"Whether the sink exports every log entry because its filter is empty","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destination":{"name":"destination","type":"\u0007","is_mandatory":true,"title":"Export destination","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Optional advanced logs filter","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Sink ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"includeChildren":{"name":"includeChildren","type":"\u0004","is_mandatory":true,"title":"Whether to allow the sink to export log entries from the organization or folder","desc":"When true, the sink also receives log entries (recursively) from any contained folders, billing accounts, or projects.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageBucket":{"name":"storageBucket","type":"\u001bgcp.project.storageService.bucket","title":"Storage bucket to which the sink exports (only set for sinks with a destination storage bucket)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"writerIdentity":{"name":"writerIdentity","type":"\u0007","is_mandatory":true,"title":"When exporting logs, logging adopts this identity for authorization","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Logging sink","desc":"Examine a Cloud Logging export sink — its destination (Cloud Storage bucket, BigQuery dataset, or Pub/Sub topic), optional log filter, writer identity used for authorization, and whether the sink exports logs from child resources. The `storageBucket` field resolves the destination to a typed storage bucket resource when applicable.","private":true,"min_provider_version":"9.0.0","defaults":"destination","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memcacheService":{"id":"gcp.project.memcacheService","name":"gcp.project.memcacheService","fields":{"instance":{"name":"instance","type":"\u001bgcp.project.memcacheService.instance","title":"Google Cloud (GCP) Memcached instance","desc":"Examine a Memorystore for Memcache instance. Inspect `nodeCount`, `nodeCpuCount`, and `nodeMemorySizeMb` for the cluster's compute allocation; `network` for the authorized VPC network; `parameters` for the effective Memcached tuning parameters; `maintenancePolicy` for the maintenance window configuration; and `state` for the instance's operational lifecycle. Individual nodes are accessible via `nodes`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.memcacheService.instance","title":"List of Memcached instances in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore for Memcached","desc":"Use this resource as the entry point for Memorystore for Memcached in the project. It hosts the project's `instances` — each exposing its node configuration, authorized network, memcached parameters, and maintenance settings for cache-tier audits.","private":true,"min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memcacheService.instance":{"id":"gcp.project.memcacheService.instance","name":"gcp.project.memcacheService.instance","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discoveryEndpoint":{"name":"discoveryEndpoint","type":"\u0007","is_mandatory":true,"title":"Endpoint for Memcached Auto Discovery","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"User-provided display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceMessages":{"name":"instanceMessages","type":"\u0019\n","is_mandatory":true,"title":"Instance-level annotation messages (each: code, message)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenancePolicy":{"name":"maintenancePolicy","type":"\n","is_mandatory":true,"title":"Maintenance policy of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceSchedule":{"name":"maintenanceSchedule","type":"\n","is_mandatory":true,"title":"Upcoming or last maintenance schedule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memcacheFullVersion":{"name":"memcacheFullVersion","type":"\u0007","is_mandatory":true,"title":"Memcached full version string","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memcacheVersion":{"name":"memcacheVersion","type":"\u0007","is_mandatory":true,"title":"Memcached major version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/P/locations/L/instances/I)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u001bgcp.project.computeService.network","title":"Authorized VPC network","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"node":{"name":"node","type":"\u001bgcp.project.memcacheService.instance.node","title":"Google Cloud (GCP) Memcached node","desc":"Examine an individual node within a Memorystore for Memcache instance. Inspect `nodeId` for the stable node identifier, `zone` for its placement, `host` and `port` for the connection endpoint, `state` for the node's operational health, and `parameters` for the Memcached tuning parameters effective on this node.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"nodeCount":{"name":"nodeCount","type":"\u0005","is_mandatory":true,"title":"Number of nodes in the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeCpuCount":{"name":"nodeCpuCount","type":"\u0005","is_mandatory":true,"title":"Per-node CPU count","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeMemorySizeMb":{"name":"nodeMemorySizeMb","type":"\u0005","is_mandatory":true,"title":"Per-node memory size in MiB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodes":{"name":"nodes","type":"\u0019\u001bgcp.project.memcacheService.instance.node","is_mandatory":true,"title":"Memcached nodes in the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parameters":{"name":"parameters","type":"\u001bgcp.project.memcacheService.instance.parameters","is_mandatory":true,"title":"Effective Memcached parameter set","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zones":{"name":"zones","type":"\u0019\u0007","is_mandatory":true,"title":"Zones in which Memcached nodes are placed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memcached instance","desc":"Examine a Memorystore for Memcache instance. Inspect `nodeCount`, `nodeCpuCount`, and `nodeMemorySizeMb` for the cluster's compute allocation; `network` for the authorized VPC network; `parameters` for the effective Memcached tuning parameters; `maintenancePolicy` for the maintenance window configuration; and `state` for the instance's operational lifecycle. Individual nodes are accessible via `nodes`.","private":true,"min_provider_version":"13.11.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memcacheService.instance.node":{"id":"gcp.project.memcacheService.instance.node","name":"gcp.project.memcacheService.instance.node","fields":{"host":{"name":"host","type":"\u0007","is_mandatory":true,"title":"Hostname or IP for this node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Parent instance resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeId":{"name":"nodeId","type":"\u0007","is_mandatory":true,"title":"Stable node identifier (e.g. node-a-1)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parameters":{"name":"parameters","type":"\u001bgcp.project.memcacheService.instance.node.parameters","is_mandatory":true,"title":"Effective Memcached parameter set for this node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"title":"Port for this node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u0007","is_mandatory":true,"title":"Zone where this node is located","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memcached node","desc":"Examine an individual node within a Memorystore for Memcache instance. Inspect `nodeId` for the stable node identifier, `zone` for its placement, `host` and `port` for the connection endpoint, `state` for the node's operational health, and `parameters` for the Memcached tuning parameters effective on this node.","private":true,"min_provider_version":"13.11.2","defaults":"nodeId zone state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memcacheService.instance.node.parameters":{"id":"gcp.project.memcacheService.instance.node.parameters","name":"gcp.project.memcacheService.instance.node.parameters","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Parameter set identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Parent instance resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeId":{"name":"nodeId","type":"\u0007","is_mandatory":true,"title":"Parent node identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"params":{"name":"params","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Parameter values","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memcached node parameter set","private":true,"min_provider_version":"13.11.2","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memcacheService.instance.parameters":{"id":"gcp.project.memcacheService.instance.parameters","name":"gcp.project.memcacheService.instance.parameters","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Parameter set identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Parent instance resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"params":{"name":"params","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Parameter values","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memcached parameter set","private":true,"min_provider_version":"13.11.2","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memorystoreService":{"id":"gcp.project.memorystoreService","name":"gcp.project.memorystoreService","fields":{"backup":{"name":"backup","type":"\u001bgcp.project.memorystoreService.backup","title":"Google Cloud (GCP) Memorystore backup","desc":"Examine a Memorystore backup snapshot. Inspect `backupType` (ON_DEMAND or AUTOMATED) and `state` for lifecycle status; `engineVersion`, `nodeType`, `shardCount`, and `replicaCount` for the cluster shape at backup time; `totalSizeBytes` for storage consumption; `encryptionInfo` for the encryption details; `expireTime` for the retention deadline; and `backupFiles` for the individual component files that make up the backup.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupCollection":{"name":"backupCollection","type":"\u001bgcp.project.memorystoreService.backupCollection","title":"Google Cloud (GCP) Memorystore backup collection","desc":"Examine a Memorystore backup collection — the container that retains all backups for a single instance. Inspect `instance` to traverse to the source instance; `totalBackupCount` and `totalBackupSizeBytes` for storage consumption; `kmsKey` for the customer-managed encryption key protecting the backups; `lastBackupTime` for the most recent backup timestamp; and `backups` to iterate the individual backup records.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupCollections":{"name":"backupCollections","type":"\u0019\u001bgcp.project.memorystoreService.backupCollection","title":"List of Memorystore backup collections in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcp.project.memorystoreService.instance","title":"Google Cloud (GCP) Memorystore instance","desc":"Examine a Memorystore instance running Valkey or Redis. Inspect `mode` (STANDALONE, CLUSTER, CLUSTER_DISABLED) and `shardCount` for the topology; `authorizationMode` and `transitEncryptionMode` for security posture; `kmsKey` for customer-managed encryption; `persistenceConfig` for RDB or AOF durability settings; `maintenancePolicy` for the maintenance window; `deletionProtectionEnabled` to check against accidental removal; and `automatedBackupConfig` for the backup schedule and retention settings.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.memorystoreService.instance","title":"List of Memorystore instances in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore","desc":"Use this resource as the entry point for the unified Memorystore service (Valkey and Redis) in the project. It hosts the project's `instances` and the `backupCollections` that retain their backups — exposing node configuration, persistence, and encryption settings for cache-tier audits.","private":true,"min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memorystoreService.backup":{"id":"gcp.project.memorystoreService.backup","name":"gcp.project.memorystoreService.backup","fields":{"backupFile":{"name":"backupFile","type":"\u001bgcp.project.memorystoreService.backup.backupFile","title":"Google Cloud (GCP) Memorystore backup file","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupFiles":{"name":"backupFiles","type":"\u0019\u001bgcp.project.memorystoreService.backup.backupFile","is_mandatory":true,"title":"Component backup files","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupType":{"name":"backupType","type":"\u0007","is_mandatory":true,"title":"Backup type: ON_DEMAND | AUTOMATED","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionInfo":{"name":"encryptionInfo","type":"\n","is_mandatory":true,"title":"Encryption info dict (encryptionType, kmsKeyVersions, kmsKeyPrimaryState)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"engineVersion":{"name":"engineVersion","type":"\u0007","is_mandatory":true,"title":"Engine version at backup time (e.g. valkey-7.5)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Expiration time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcp.project.memorystoreService.instance","title":"Source instance resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceUid":{"name":"instanceUid","type":"\u0007","is_mandatory":true,"title":"Source instance UID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/P/locations/L/backupCollections/B/backups/X)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeType":{"name":"nodeType","type":"\u0007","is_mandatory":true,"title":"Node type at backup time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaCount":{"name":"replicaCount","type":"\u0005","is_mandatory":true,"title":"Replica count at backup time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shardCount":{"name":"shardCount","type":"\u0005","is_mandatory":true,"title":"Shard count at backup time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalSizeBytes":{"name":"totalSizeBytes","type":"\u0005","is_mandatory":true,"title":"Total backup size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"System-assigned unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore backup","desc":"Examine a Memorystore backup snapshot. Inspect `backupType` (ON_DEMAND or AUTOMATED) and `state` for lifecycle status; `engineVersion`, `nodeType`, `shardCount`, and `replicaCount` for the cluster shape at backup time; `totalSizeBytes` for storage consumption; `encryptionInfo` for the encryption details; `expireTime` for the retention deadline; and `backupFiles` for the individual component files that make up the backup.","private":true,"min_provider_version":"13.11.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memorystoreService.backup.backupFile":{"id":"gcp.project.memorystoreService.backup.backupFile","name":"gcp.project.memorystoreService.backup.backupFile","fields":{"backupName":{"name":"backupName","type":"\u0007","is_mandatory":true,"title":"Parent backup resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"File creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileName":{"name":"fileName","type":"\u0007","is_mandatory":true,"title":"File name within the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sizeBytes":{"name":"sizeBytes","type":"\u0005","is_mandatory":true,"title":"File size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore backup file","private":true,"min_provider_version":"13.11.2","defaults":"fileName sizeBytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memorystoreService.backupCollection":{"id":"gcp.project.memorystoreService.backupCollection","name":"gcp.project.memorystoreService.backupCollection","fields":{"backups":{"name":"backups","type":"\u0019\u001bgcp.project.memorystoreService.backup","title":"Backups within this collection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcp.project.memorystoreService.instance","title":"Source instance resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceUid":{"name":"instanceUid","type":"\u0007","is_mandatory":true,"title":"Source instance UID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key (CMEK) used to encrypt backups","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastBackupTime":{"name":"lastBackupTime","type":"\t","is_mandatory":true,"title":"Last backup time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/P/locations/L/backupCollections/B)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalBackupCount":{"name":"totalBackupCount","type":"\u0005","is_mandatory":true,"title":"Total number of backups in this collection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalBackupSizeBytes":{"name":"totalBackupSizeBytes","type":"\u0005","is_mandatory":true,"title":"Total stored bytes for backups in this collection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"System-assigned unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore backup collection","desc":"Examine a Memorystore backup collection — the container that retains all backups for a single instance. Inspect `instance` to traverse to the source instance; `totalBackupCount` and `totalBackupSizeBytes` for storage consumption; `kmsKey` for the customer-managed encryption key protecting the backups; `lastBackupTime` for the most recent backup timestamp; and `backups` to iterate the individual backup records.","private":true,"min_provider_version":"13.11.2","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memorystoreService.instance":{"id":"gcp.project.memorystoreService.instance","name":"gcp.project.memorystoreService.instance","fields":{"authorizationMode":{"name":"authorizationMode","type":"\u0007","is_mandatory":true,"title":"Authorization mode: AUTH_DISABLED | IAM_AUTH","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"automatedBackupConfig":{"name":"automatedBackupConfig","type":"\n","is_mandatory":true,"title":"Automated backup configuration (automatedBackupMode, retention, fixedFrequencySchedule)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"availableMaintenanceVersions":{"name":"availableMaintenanceVersions","type":"\u0019\u0007","is_mandatory":true,"title":"Available maintenance versions to upgrade to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupCollection":{"name":"backupCollection","type":"\u001bgcp.project.memorystoreService.backupCollection","title":"Backup collection associated with this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"crossInstanceReplicationConfig":{"name":"crossInstanceReplicationConfig","type":"\n","is_mandatory":true,"title":"Cross-instance replication configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deletionProtectionEnabled":{"name":"deletionProtectionEnabled","type":"\u0004","is_mandatory":true,"title":"Whether deletion protection is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"effectiveMaintenanceVersion":{"name":"effectiveMaintenanceVersion","type":"\u0007","is_mandatory":true,"title":"Currently effective maintenance version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionInfo":{"name":"encryptionInfo","type":"\n","is_mandatory":true,"title":"Encryption info (encryptionType, kmsKeyVersions, kmsKeyPrimaryState, lastUpdateTime)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpoints":{"name":"endpoints","type":"\u0019\n","is_mandatory":true,"title":"Instance access endpoints (each contains a list of connections)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"engineConfigs":{"name":"engineConfigs","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Engine config parameters (e.g. maxmemory-policy)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"engineVersion":{"name":"engineVersion","type":"\u0007","is_mandatory":true,"title":"Engine version (e.g. valkey-7.5, redis-7.2)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key (CMEK)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenancePolicy":{"name":"maintenancePolicy","type":"\n","is_mandatory":true,"title":"Maintenance policy (weeklyMaintenanceWindow)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceSchedule":{"name":"maintenanceSchedule","type":"\n","is_mandatory":true,"title":"Upcoming or last maintenance schedule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceVersion":{"name":"maintenanceVersion","type":"\u0007","is_mandatory":true,"title":"Maintenance version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Deployment mode: STANDALONE | CLUSTER | CLUSTER_DISABLED","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/P/locations/L/instances/I)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeSizeGb":{"name":"nodeSizeGb","type":"\u0005","is_mandatory":true,"title":"Per-node memory size in GiB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeType":{"name":"nodeType","type":"\u0007","is_mandatory":true,"title":"Hardware node type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"persistenceConfig":{"name":"persistenceConfig","type":"\n","is_mandatory":true,"title":"Persistence configuration (mode + rdbConfig | aofConfig)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscAttachmentDetail":{"name":"pscAttachmentDetail","type":"\u001bgcp.project.memorystoreService.instance.pscAttachmentDetail","title":"Google Cloud (GCP) Memorystore instance PSC attachment detail","desc":"Examine a Private Service Connect attachment associated with a Memorystore instance. Inspect `serviceAttachment` for the service attachment resource name and `connectionType` to distinguish PRIVATE_SERVICE_CONNECT from PUBLIC_ENDPOINT access paths.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"pscAttachmentDetails":{"name":"pscAttachmentDetails","type":"\u0019\u001bgcp.project.memorystoreService.instance.pscAttachmentDetail","is_mandatory":true,"title":"Per-endpoint PSC attachment details","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaCount":{"name":"replicaCount","type":"\u0005","is_mandatory":true,"title":"Number of replica nodes per shard","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the resource satisfies PZI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the resource satisfies PZS","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCaMode":{"name":"serverCaMode","type":"\u0007","is_mandatory":true,"title":"Server CA certificate authority mode","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCaPool":{"name":"serverCaPool","type":"\u0007","is_mandatory":true,"title":"Server CA pool resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shardCount":{"name":"shardCount","type":"\u0005","is_mandatory":true,"title":"Number of shards","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stateInfo":{"name":"stateInfo","type":"\n","is_mandatory":true,"title":"Additional state info (info, updateInfo)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"transitEncryptionMode":{"name":"transitEncryptionMode","type":"\u0007","is_mandatory":true,"title":"In-transit encryption mode: TRANSIT_ENCRYPTION_DISABLED | SERVER_AUTHENTICATION","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"System-assigned unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zoneDistributionConfig":{"name":"zoneDistributionConfig","type":"\n","is_mandatory":true,"title":"Zone distribution configuration (mode, zone)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore instance","desc":"Examine a Memorystore instance running Valkey or Redis. Inspect `mode` (STANDALONE, CLUSTER, CLUSTER_DISABLED) and `shardCount` for the topology; `authorizationMode` and `transitEncryptionMode` for security posture; `kmsKey` for customer-managed encryption; `persistenceConfig` for RDB or AOF durability settings; `maintenancePolicy` for the maintenance window; `deletionProtectionEnabled` to check against accidental removal; and `automatedBackupConfig` for the backup schedule and retention settings.","private":true,"min_provider_version":"13.11.2","defaults":"name state mode","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.memorystoreService.instance.pscAttachmentDetail":{"id":"gcp.project.memorystoreService.instance.pscAttachmentDetail","name":"gcp.project.memorystoreService.instance.pscAttachmentDetail","fields":{"connectionType":{"name":"connectionType","type":"\u0007","is_mandatory":true,"title":"Connection type: PRIVATE_SERVICE_CONNECT | PUBLIC_ENDPOINT","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Parent instance resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAttachment":{"name":"serviceAttachment","type":"\u0007","is_mandatory":true,"title":"Service attachment resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore instance PSC attachment detail","desc":"Examine a Private Service Connect attachment associated with a Memorystore instance. Inspect `serviceAttachment` for the service attachment resource name and `connectionType` to distinguish PRIVATE_SERVICE_CONNECT from PUBLIC_ENDPOINT access paths.","private":true,"min_provider_version":"13.11.2","defaults":"serviceAttachment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.modelArmorService":{"id":"gcp.project.modelArmorService","name":"gcp.project.modelArmorService","fields":{"floorSetting":{"name":"floorSetting","type":"\u001bgcp.project.modelArmorService.floorSetting","title":"Floor setting (organization-level AI safety configuration)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"template":{"name":"template","type":"\u001bgcp.project.modelArmorService.template","title":"Google Cloud (GCP) Model Armor template","desc":"Examine a Model Armor safety-filter template — its filter configuration (RAI settings, SDP settings, PI and jailbreak filter, malicious URI filter) and template metadata (enforcement type, error handling, multi- language detection). Templates are applied to AI prompts and responses to enforce safety policies.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"templates":{"name":"templates","type":"\u0019\u001bgcp.project.modelArmorService.template","title":"List of Model Armor templates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Model Armor","desc":"Use this resource as the entry point for Model Armor in the project. It hosts the safety-filter `templates` and the project `floorSetting` — the minimum AI safety configuration enforced across prompts and responses.","private":true,"min_provider_version":"13.5.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.modelArmorService.floorSetting":{"id":"gcp.project.modelArmorService.floorSetting","name":"gcp.project.modelArmorService.floorSetting","fields":{"aiPlatformFloorSetting":{"name":"aiPlatformFloorSetting","type":"\n","is_mandatory":true,"title":"AI Platform floor setting configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableFloorSettingEnforcement":{"name":"enableFloorSettingEnforcement","type":"\u0004","is_mandatory":true,"title":"Whether floor setting enforcement is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filterConfig":{"name":"filterConfig","type":"\n","is_mandatory":true,"title":"ModelArmor filter configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"integratedServices":{"name":"integratedServices","type":"\u0019\u0007","is_mandatory":true,"title":"Integrated services for which the floor setting applies","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Model Armor floor setting","desc":"Examine the Model Armor floor setting — the minimum AI safety configuration enforced across the project, whether floor setting enforcement is enabled, the Google Cloud services to which it applies, and the AI Platform-specific floor setting configuration.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.modelArmorService.template":{"id":"gcp.project.modelArmorService.template","name":"gcp.project.modelArmorService.template","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filterConfig":{"name":"filterConfig","type":"\n","is_mandatory":true,"title":"Filter configuration (raiSettings, sdpSettings, piAndJailbreakFilterSettings, maliciousUriFilterSettings)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"templateMetadata":{"name":"templateMetadata","type":"\n","is_mandatory":true,"title":"Template metadata (enforcement type, error settings, multi-language detection)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Model Armor template","desc":"Examine a Model Armor safety-filter template — its filter configuration (RAI settings, SDP settings, PI and jailbreak filter, malicious URI filter) and template metadata (enforcement type, error handling, multi- language detection). Templates are applied to AI prompts and responses to enforce safety policies.","private":true,"min_provider_version":"13.5.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.monitoringService":{"id":"gcp.project.monitoringService","name":"gcp.project.monitoringService","fields":{"alertPolicies":{"name":"alertPolicies","type":"\u0019\u001bgcp.project.monitoringService.alertPolicy","title":"List of alert policies","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"alertPolicy":{"name":"alertPolicy","type":"\u001bgcp.project.monitoringService.alertPolicy","title":"Google Cloud (GCP) Cloud Monitoring alert policy","desc":"Examine a Cloud Monitoring alert policy that defines when incidents are opened. Covers the condition set (metric thresholds, log-based metrics, uptime failures) and how they are combined (AND / OR), notification channels that receive alerts, documentation attached to notifications, the alerting strategy (auto-close duration, notification rate limiting), whether the policy is enabled, and validity errors that prevent evaluation.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dashboard":{"name":"dashboard","type":"\u001bgcp.project.monitoringService.dashboard","title":"Google Cloud (GCP) Cloud Monitoring dashboard","desc":"Examine a Cloud Monitoring dashboard that visualizes metrics and data. Covers the dashboard display name, ETag for concurrency control, and the layout configuration (grid, mosaic, row, or column layout) that defines how charts and widgets are arranged.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"dashboards":{"name":"dashboards","type":"\u0019\u001bgcp.project.monitoringService.dashboard","title":"List of monitoring dashboards","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"group":{"name":"group","type":"\u001bgcp.project.monitoringService.group","title":"Google Cloud (GCP) Cloud Monitoring resource group","desc":"Examine a Cloud Monitoring resource group that organizes monitored resources by a filter expression. Covers the group's display name, parent group (for nested hierarchies), the filter that determines membership, and whether the group is a cluster group.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"groups":{"name":"groups","type":"\u0019\u001bgcp.project.monitoringService.group","title":"Resource groups","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"notificationChannel":{"name":"notificationChannel","type":"\u001bgcp.project.monitoringService.notificationChannel","title":"Google Cloud (GCP) Cloud Monitoring notification channel","desc":"Examine a Cloud Monitoring notification channel that receives alert notifications. Covers the channel type (email, sms, slack, pagerduty, webhook_tokenauth, and others), configuration labels (such as email_address or channel_name), verification status (UNVERIFIED or VERIFIED), and whether the channel is currently enabled.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"notificationChannels":{"name":"notificationChannels","type":"\u0019\u001bgcp.project.monitoringService.notificationChannel","title":"Notification channels","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"service":{"name":"service","type":"\u001bgcp.project.monitoringService.service","title":"Google Cloud (GCP) Cloud Monitoring service (for SLO tracking)","desc":"Examine a Cloud Monitoring service used to define and track service level objectives. Covers the service display name, telemetry configuration, user-defined labels, and the service's SLOs — each expressing a target (goal), measurement window (rolling period or calendar period), and the service level indicator definition.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"services":{"name":"services","type":"\u0019\u001bgcp.project.monitoringService.service","title":"List of monitored services (for SLO tracking)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uptimeCheckConfig":{"name":"uptimeCheckConfig","type":"\u001bgcp.project.monitoringService.uptimeCheckConfig","title":"Google Cloud (GCP) Cloud Monitoring uptime check configuration","desc":"Examine a Cloud Monitoring uptime check that probes an endpoint for availability. Covers the check type (HTTP or TCP), target (monitored resource or resource group), check period and timeout, checker type (STATIC_IP_CHECKERS or VPC_CHECKERS), selected geographic regions, content matchers for response validation, and whether the check is currently disabled.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"uptimeCheckConfigs":{"name":"uptimeCheckConfigs","type":"\u0019\u001bgcp.project.monitoringService.uptimeCheckConfig","title":"Uptime check configurations","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Monitoring","desc":"Use this resource as the entry point for Cloud Monitoring in the project. It hosts the observability surface: `alertPolicies`, `uptimeCheckConfigs`, `notificationChannels`, resource `groups`, `dashboards`, and the monitored `services` used for SLO tracking.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.monitoringService.alertPolicy":{"id":"gcp.project.monitoringService.alertPolicy","name":"gcp.project.monitoringService.alertPolicy","fields":{"alertStrategy":{"name":"alertStrategy","type":"\n","is_mandatory":true,"title":"Configuration for notification channels notifications","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"combiner":{"name":"combiner","type":"\u0007","is_mandatory":true,"title":"How to combine the results of multiple conditions to determine if an incident should be opened","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"conditions":{"name":"conditions","type":"\u0019\n","is_mandatory":true,"title":"List of conditions for the policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdBy":{"name":"createdBy","type":"\u0007","is_mandatory":true,"title":"Email address of the user who created the alert policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"documentation":{"name":"documentation","type":"\n","is_mandatory":true,"title":"Documentation included with notifications and incidents related to this policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the policy is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Alert policy name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"notificationChannelUrls":{"name":"notificationChannelUrls","type":"\u0019\u0007","is_mandatory":true,"title":"Notification channel URLs to which notifications should be sent when incidents are opened or closed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedBy":{"name":"updatedBy","type":"\u0007","is_mandatory":true,"title":"Email address of the user who last updated the alert policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"validity":{"name":"validity","type":"\n","is_mandatory":true,"title":"Description of how the alert policy is invalid","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Monitoring alert policy","desc":"Examine a Cloud Monitoring alert policy that defines when incidents are opened. Covers the condition set (metric thresholds, log-based metrics, uptime failures) and how they are combined (AND / OR), notification channels that receive alerts, documentation attached to notifications, the alerting strategy (auto-close duration, notification rate limiting), whether the policy is enabled, and validity errors that prevent evaluation.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.monitoringService.dashboard":{"id":"gcp.project.monitoringService.dashboard","name":"gcp.project.monitoringService.dashboard","fields":{"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Human-readable display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Etag for concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"layout":{"name":"layout","type":"\n","is_mandatory":true,"title":"Dashboard layout configuration (grid, mosaic, row, or column layout)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Monitoring dashboard","desc":"Examine a Cloud Monitoring dashboard that visualizes metrics and data. Covers the dashboard display name, ETag for concurrency control, and the layout configuration (grid, mosaic, row, or column layout) that defines how charts and widgets are arranged.","private":true,"min_provider_version":"13.7.2","defaults":"name displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.monitoringService.group":{"id":"gcp.project.monitoringService.group","name":"gcp.project.monitoringService.group","fields":{"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Filter that determines which monitored resources belong to this group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isCluster":{"name":"isCluster","type":"\u0004","is_mandatory":true,"title":"Whether this is a cluster group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parentName":{"name":"parentName","type":"\u0007","is_mandatory":true,"title":"Parent group name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Monitoring resource group","desc":"Examine a Cloud Monitoring resource group that organizes monitored resources by a filter expression. Covers the group's display name, parent group (for nested hierarchies), the filter that determines membership, and whether the group is a cluster group.","private":true,"min_provider_version":"13.6.1","defaults":"displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.monitoringService.notificationChannel":{"id":"gcp.project.monitoringService.notificationChannel","name":"gcp.project.monitoringService.notificationChannel","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the channel is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Configuration labels (e.g., email_address, channel_name)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Channel type (email, sms, slack, pagerduty, webhook_tokenauth, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userLabels":{"name":"userLabels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"verificationStatus":{"name":"verificationStatus","type":"\u0007","is_mandatory":true,"title":"Verification status (UNVERIFIED, VERIFIED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Monitoring notification channel","desc":"Examine a Cloud Monitoring notification channel that receives alert notifications. Covers the channel type (email, sms, slack, pagerduty, webhook_tokenauth, and others), configuration labels (such as email_address or channel_name), verification status (UNVERIFIED or VERIFIED), and whether the channel is currently enabled.","private":true,"min_provider_version":"13.6.1","defaults":"displayName type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.monitoringService.service":{"id":"gcp.project.monitoringService.service","name":"gcp.project.monitoringService.service","fields":{"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"slo":{"name":"slo","type":"\u001bgcp.project.monitoringService.service.slo","title":"Google Cloud (GCP) Cloud Monitoring service level objective (SLO)","desc":"Examine a service level objective defined for a Cloud Monitoring service. Covers the SLO target (goal between 0 and 0.9999), the service level indicator definition, the measurement window (rolling period in seconds or a calendar period such as DAY, WEEK, or MONTH), and user-defined labels for organizing SLOs.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"slos":{"name":"slos","type":"\u0019\u001bgcp.project.monitoringService.service.slo","title":"Service level objectives","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"telemetry":{"name":"telemetry","type":"\n","is_mandatory":true,"title":"Telemetry configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userLabels":{"name":"userLabels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Monitoring service (for SLO tracking)","desc":"Examine a Cloud Monitoring service used to define and track service level objectives. Covers the service display name, telemetry configuration, user-defined labels, and the service's SLOs — each expressing a target (goal), measurement window (rolling period or calendar period), and the service level indicator definition.","private":true,"min_provider_version":"13.7.2","defaults":"name displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.monitoringService.service.slo":{"id":"gcp.project.monitoringService.service.slo","name":"gcp.project.monitoringService.service.slo","fields":{"calendarPeriod":{"name":"calendarPeriod","type":"\u0007","is_mandatory":true,"title":"Calendar period (DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"goal":{"name":"goal","type":"\u0006","is_mandatory":true,"title":"SLO target (0 \u003c goal \u003c= 0.9999)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rollingPeriod":{"name":"rollingPeriod","type":"\u0007","is_mandatory":true,"title":"Rolling time period (e.g. \"86400s\" for 1 day)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceLevelIndicator":{"name":"serviceLevelIndicator","type":"\n","is_mandatory":true,"title":"Service level indicator definition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userLabels":{"name":"userLabels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Monitoring service level objective (SLO)","desc":"Examine a service level objective defined for a Cloud Monitoring service. Covers the SLO target (goal between 0 and 0.9999), the service level indicator definition, the measurement window (rolling period in seconds or a calendar period such as DAY, WEEK, or MONTH), and user-defined labels for organizing SLOs.","private":true,"min_provider_version":"13.7.2","defaults":"name displayName goal","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.monitoringService.uptimeCheckConfig":{"id":"gcp.project.monitoringService.uptimeCheckConfig","name":"gcp.project.monitoringService.uptimeCheckConfig","fields":{"checkerType":{"name":"checkerType","type":"\u0007","is_mandatory":true,"title":"Type of checker (STATIC_IP_CHECKERS, VPC_CHECKERS)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"contentMatchers":{"name":"contentMatchers","type":"\u0019\n","is_mandatory":true,"title":"Content matchers for response validation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the check is disabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"httpCheck":{"name":"httpCheck","type":"\n","is_mandatory":true,"title":"HTTP check configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"monitoredResource":{"name":"monitoredResource","type":"\n","is_mandatory":true,"title":"Monitored resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"period":{"name":"period","type":"\u0007","is_mandatory":true,"title":"Check period","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceGroup":{"name":"resourceGroup","type":"\n","is_mandatory":true,"title":"Resource group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selectedRegions":{"name":"selectedRegions","type":"\u0019\u0007","is_mandatory":true,"title":"Regions from which the check is run","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tcpCheck":{"name":"tcpCheck","type":"\n","is_mandatory":true,"title":"TCP check configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeout":{"name":"timeout","type":"\u0007","is_mandatory":true,"title":"Check timeout","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userLabels":{"name":"userLabels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Monitoring uptime check configuration","desc":"Examine a Cloud Monitoring uptime check that probes an endpoint for availability. Covers the check type (HTTP or TCP), target (monitored resource or resource group), check period and timeout, checker type (STATIC_IP_CHECKERS or VPC_CHECKERS), selected geographic regions, content matchers for response validation, and whether the check is currently disabled.","private":true,"min_provider_version":"13.6.1","defaults":"displayName disabled checkerType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.networkSecurityService":{"id":"gcp.project.networkSecurityService","name":"gcp.project.networkSecurityService","fields":{"addressGroup":{"name":"addressGroup","type":"\u001bgcp.project.networkSecurityService.addressGroup","title":"Network Security address group","desc":"Examine an address group: a named, reusable collection of IP addresses or ranges in `items` that firewall policy rules reference instead of inline address lists. `type` records whether the group holds IPv4 or IPv6 addresses, `capacity` is the maximum number of items, and `purpose` records where the group may be used. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"addressGroups":{"name":"addressGroups","type":"\u0019\u001bgcp.project.networkSecurityService.addressGroup","title":"Address groups referenced by firewall policy rules","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"authorizationPolicies":{"name":"authorizationPolicies","type":"\u0019\u001bgcp.project.networkSecurityService.authorizationPolicy","title":"Authorization policies governing service-to-service access","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"authorizationPolicy":{"name":"authorizationPolicy","type":"\u001bgcp.project.networkSecurityService.authorizationPolicy","title":"Network Security authorization policy","desc":"Examine an authorization policy that allows or denies traffic between workloads in a service mesh or load-balanced application: `action` records the default ALLOW or DENY decision and `rules` lists the source and destination matchers that select which requests the policy applies to. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"clientTlsPolicies":{"name":"clientTlsPolicies","type":"\u0019\u001bgcp.project.networkSecurityService.clientTlsPolicy","title":"Client-side TLS policies","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clientTlsPolicy":{"name":"clientTlsPolicy","type":"\u001bgcp.project.networkSecurityService.clientTlsPolicy","title":"Network Security client TLS policy","desc":"Examine a client-side TLS policy used for outbound connections: `sni` records the server name indication sent during the handshake, `clientCertificate` configures the certificate the client presents for mutual TLS, and `serverValidationCa` lists the certificate authorities trusted to validate the server. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverTlsPolicies":{"name":"serverTlsPolicies","type":"\u0019\u001bgcp.project.networkSecurityService.serverTlsPolicy","title":"Server-side TLS policies","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverTlsPolicy":{"name":"serverTlsPolicy","type":"\u001bgcp.project.networkSecurityService.serverTlsPolicy","title":"Network Security server TLS policy","desc":"Examine a server-side TLS policy attached to inbound traffic: the `allowOpen` predicate audits whether plaintext connections are permitted, `mtlsPolicy` configures mutual TLS client validation, and `serverCertificate` configures the certificate the server presents. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"tlsInspectionPolicies":{"name":"tlsInspectionPolicies","type":"\u0019\u001bgcp.project.networkSecurityService.tlsInspectionPolicy","title":"TLS inspection policies used to decrypt and inspect traffic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tlsInspectionPolicy":{"name":"tlsInspectionPolicy","type":"\u001bgcp.project.networkSecurityService.tlsInspectionPolicy","title":"Network Security TLS inspection policy","desc":"Examine a TLS inspection policy that lets firewall rules decrypt, inspect, and re-encrypt TLS traffic: `caPool` references the Certificate Authority Service pool used to mint intercept certificates, `minTlsVersion` and `tlsFeatureProfile` constrain the negotiated TLS parameters, and `trustConfig` supplies additional trusted certificates. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"urlList":{"name":"urlList","type":"\u001bgcp.project.networkSecurityService.urlList","title":"Network Security URL list","desc":"Examine a URL list: a named collection of URL patterns in `values` that secure web proxy and firewall rules reference to allow or block web traffic by destination. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"urlLists":{"name":"urlLists","type":"\u0019\u001bgcp.project.networkSecurityService.urlList","title":"URL lists used for URL-based filtering","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Network Security service for a project","desc":"Use this resource to reach Google Cloud Network Security resources for a project: service-mesh `authorizationPolicies`, the `serverTlsPolicies` and `clientTlsPolicies` that govern TLS behavior, the `tlsInspectionPolicies` used to decrypt and inspect traffic, the `addressGroups` referenced by firewall policy rules, and the `urlLists` used for URL-based filtering.","private":true,"min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.networkSecurityService.addressGroup":{"id":"gcp.project.networkSecurityService.addressGroup","name":"gcp.project.networkSecurityService.addressGroup","fields":{"capacity":{"name":"capacity","type":"\u0005","is_mandatory":true,"title":"Maximum number of items the group can hold","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the address group was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"items":{"name":"items","type":"\u0019\u0007","is_mandatory":true,"title":"IP addresses or CIDR ranges in the group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the address group","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"purpose":{"name":"purpose","type":"\u0019\u0007","is_mandatory":true,"title":"Where the address group may be used (DEFAULT, CLOUD_ARMOR)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Address family held by the group (IPV4, IPV6)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time the address group was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Network Security address group","desc":"Examine an address group: a named, reusable collection of IP addresses or ranges in `items` that firewall policy rules reference instead of inline address lists. `type` records whether the group holds IPv4 or IPv6 addresses, `capacity` is the maximum number of items, and `purpose` records where the group may be used. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.networkSecurityService.authorizationPolicy":{"id":"gcp.project.networkSecurityService.authorizationPolicy","name":"gcp.project.networkSecurityService.authorizationPolicy","fields":{"action":{"name":"action","type":"\u0007","is_mandatory":true,"title":"Default action applied to matching traffic (ALLOW, DENY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the policy was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the authorization policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rules":{"name":"rules","type":"\u0019\n","is_mandatory":true,"title":"Source and destination matchers selecting which requests the policy applies to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time the policy was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Network Security authorization policy","desc":"Examine an authorization policy that allows or denies traffic between workloads in a service mesh or load-balanced application: `action` records the default ALLOW or DENY decision and `rules` lists the source and destination matchers that select which requests the policy applies to. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name action","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.networkSecurityService.clientTlsPolicy":{"id":"gcp.project.networkSecurityService.clientTlsPolicy","name":"gcp.project.networkSecurityService.clientTlsPolicy","fields":{"clientCertificate":{"name":"clientCertificate","type":"\n","is_mandatory":true,"title":"Certificate provider configuration for the certificate the client presents","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the policy was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the client TLS policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverValidationCa":{"name":"serverValidationCa","type":"\u0019\n","is_mandatory":true,"title":"Certificate authorities trusted to validate the server certificate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sni":{"name":"sni","type":"\u0007","is_mandatory":true,"title":"Server name indication sent during the TLS handshake","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time the policy was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Network Security client TLS policy","desc":"Examine a client-side TLS policy used for outbound connections: `sni` records the server name indication sent during the handshake, `clientCertificate` configures the certificate the client presents for mutual TLS, and `serverValidationCa` lists the certificate authorities trusted to validate the server. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name sni","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.networkSecurityService.serverTlsPolicy":{"id":"gcp.project.networkSecurityService.serverTlsPolicy","name":"gcp.project.networkSecurityService.serverTlsPolicy","fields":{"allowOpen":{"name":"allowOpen","type":"\u0004","is_mandatory":true,"title":"Whether plaintext (non-TLS) connections are permitted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clientValidationMode":{"name":"clientValidationMode","type":"\u0007","is_mandatory":true,"title":"How connections with invalid or missing client certificates are handled","desc":"One of CLIENT_VALIDATION_MODE_UNSPECIFIED, ALLOW_INVALID_OR_MISSING_CLIENT_CERT, or REJECT_INVALID. Empty when no mTLS policy is set.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the policy was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mtlsPolicy":{"name":"mtlsPolicy","type":"\n","is_mandatory":true,"title":"Mutual TLS configuration for validating client certificates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the server TLS policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCertificate":{"name":"serverCertificate","type":"\n","is_mandatory":true,"title":"Certificate provider configuration for the certificate the server presents","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time the policy was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Network Security server TLS policy","desc":"Examine a server-side TLS policy attached to inbound traffic: the `allowOpen` predicate audits whether plaintext connections are permitted, `mtlsPolicy` configures mutual TLS client validation, and `serverCertificate` configures the certificate the server presents. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name allowOpen","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.networkSecurityService.tlsInspectionPolicy":{"id":"gcp.project.networkSecurityService.tlsInspectionPolicy","name":"gcp.project.networkSecurityService.tlsInspectionPolicy","fields":{"caPool":{"name":"caPool","type":"\u0007","is_mandatory":true,"title":"Certificate Authority Service CA pool used to mint intercept certificates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the policy was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customTlsFeatures":{"name":"customTlsFeatures","type":"\u0019\u0007","is_mandatory":true,"title":"Custom TLS features negotiated when tlsFeatureProfile is PROFILE_CUSTOM","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"excludePublicCaSet":{"name":"excludePublicCaSet","type":"\u0004","is_mandatory":true,"title":"Whether the set of public certificate authorities is excluded from the trust store","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minTlsVersion":{"name":"minTlsVersion","type":"\u0007","is_mandatory":true,"title":"Minimum accepted TLS version (TLS_VERSION_UNSPECIFIED, TLS_1_0, TLS_1_1, TLS_1_2, TLS_1_3)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the TLS inspection policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tlsFeatureProfile":{"name":"tlsFeatureProfile","type":"\u0007","is_mandatory":true,"title":"TLS feature profile constraining the negotiated cipher suites","desc":"One of: PROFILE_UNSPECIFIED, PROFILE_COMPATIBLE, PROFILE_MODERN, PROFILE_RESTRICTED, PROFILE_CUSTOM.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trustConfig":{"name":"trustConfig","type":"\u0007","is_mandatory":true,"title":"Resource name of the trust config supplying additional trusted certificates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time the policy was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Network Security TLS inspection policy","desc":"Examine a TLS inspection policy that lets firewall rules decrypt, inspect, and re-encrypt TLS traffic: `caPool` references the Certificate Authority Service pool used to mint intercept certificates, `minTlsVersion` and `tlsFeatureProfile` constrain the negotiated TLS parameters, and `trustConfig` supplies additional trusted certificates. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name minTlsVersion","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.networkSecurityService.urlList":{"id":"gcp.project.networkSecurityService.urlList","name":"gcp.project.networkSecurityService.urlList","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the URL list was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the URL list","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time the URL list was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"values":{"name":"values","type":"\u0019\u0007","is_mandatory":true,"title":"URL patterns in the list","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Network Security URL list","desc":"Examine a URL list: a named collection of URL patterns in `values` that secure web proxy and firewall rules reference to allow or block web traffic by destination. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.notebooksService":{"id":"gcp.project.notebooksService","name":"gcp.project.notebooksService","fields":{"instance":{"name":"instance","type":"\u001bgcp.project.notebooksService.instance","title":"Google Cloud (GCP) legacy Notebooks instance","desc":"Examine a User-Managed Notebooks instance: its lifecycle state, Compute Engine machine type, whether a public IP is assigned (`noPublicIp`), whether the notebook proxy is registered (`noProxyAccess`), VPC network and subnet, service account, proxy URI for Jupyter access, creator email, and creation and update timestamps.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.notebooksService.instance","title":"List of legacy User-Managed Notebooks instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Notebooks","desc":"Use this resource as the entry point for the legacy Notebooks service in the project. It hosts the user-managed notebook `instances` — each exposing its machine configuration, network settings, and public-IP exposure. New deployments should use `workbench` instead.","private":true,"min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.notebooksService.instance":{"id":"gcp.project.notebooksService.instance","name":"gcp.project.notebooksService.instance","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Instance creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"creator":{"name":"creator","type":"\u0007","is_mandatory":true,"title":"Email address of the entity that created the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"machineType":{"name":"machineType","type":"\u0007","is_mandatory":true,"title":"Compute Engine machine type of this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/instances/{instance})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"Name of the VPC that this instance is in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"noProxyAccess":{"name":"noProxyAccess","type":"\u0004","is_mandatory":true,"title":"Whether the instance is registered with the notebook proxy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"noPublicIp":{"name":"noPublicIp","type":"\u0004","is_mandatory":true,"title":"Whether no external IP is assigned to this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"proxyUri":{"name":"proxyUri","type":"\u0007","is_mandatory":true,"title":"Proxy endpoint used to access the Jupyter notebook","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u0007","is_mandatory":true,"title":"Service account on this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the instance (ACTIVE, STOPPED, PROVISIONING, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnet":{"name":"subnet","type":"\u0007","is_mandatory":true,"title":"Name of the subnet that this instance is in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Instance last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) legacy Notebooks instance","desc":"Examine a User-Managed Notebooks instance: its lifecycle state, Compute Engine machine type, whether a public IP is assigned (`noPublicIp`), whether the notebook proxy is registered (`noProxyAccess`), VPC network and subnet, service account, proxy URI for Jupyter access, creator email, and creation and update timestamps.","private":true,"min_provider_version":"13.15.1","defaults":"name state noPublicIp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.osConfigService":{"id":"gcp.project.osConfigService","name":"gcp.project.osConfigService","fields":{"osPolicyAssignment":{"name":"osPolicyAssignment","type":"\u001bgcp.project.osConfigService.osPolicyAssignment","title":"VM Manager OS policy assignment","desc":"Examine an OS policy assignment that applies a set of OS policies (`osPolicies`) to the VM instances selected by `instanceFilter`. Each assignment tracks its `rollout` strategy, its progress through `rolloutState`, the immutable `revisionId` of the applied configuration, and whether the revision is a `baseline` or has been `deleted`. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"osPolicyAssignments":{"name":"osPolicyAssignments","type":"\u0019\u001bgcp.project.osConfigService.osPolicyAssignment","title":"OS policy assignments across all zones in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"patchDeployment":{"name":"patchDeployment","type":"\u001bgcp.project.osConfigService.patchDeployment","title":"VM Manager OS patch deployment","desc":"Examine a scheduled patch rollout managed by VM Manager: the `instanceFilter` selecting which VM instances are patched, the per-package-manager behavior and reboot policy in `patchConfig`, the `oneTimeSchedule` or `recurringSchedule` that triggers it, the `rollout` strategy and disruption budget, and the `state` that audits whether the deployment is ACTIVE or PAUSED. Selected by the full resource name.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"patchDeployments":{"name":"patchDeployments","type":"\u0019\u001bgcp.project.osConfigService.patchDeployment","title":"Scheduled OS patch deployments in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"VM Manager (OS Config) service for a project","desc":"Use this resource to reach Google Cloud VM Manager resources for a project: `patchDeployments` lists scheduled OS patch rollouts and `osPolicyAssignments` lists the OS policy assignments applied to instances across every zone. Per-instance patch and vulnerability state is exposed on `gcp.project.computeService.instance` through its `inventory` and `vulnerabilityReport` fields.","private":true,"min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.osConfigService.osPolicyAssignment":{"id":"gcp.project.osConfigService.osPolicyAssignment","name":"gcp.project.osConfigService.osPolicyAssignment","fields":{"baseline":{"name":"baseline","type":"\u0004","is_mandatory":true,"title":"Whether this is the baseline revision used to roll back the rollout","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deleted":{"name":"deleted","type":"\u0004","is_mandatory":true,"title":"Whether the assignment has been deleted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceFilter":{"name":"instanceFilter","type":"\n","is_mandatory":true,"title":"Filter selecting which VM instances the policies apply to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the OS policy assignment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"osPolicies":{"name":"osPolicies","type":"\u0019\n","is_mandatory":true,"title":"OS policies applied to the selected instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconciling":{"name":"reconciling","type":"\u0004","is_mandatory":true,"title":"Whether the assignment is currently being reconciled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"revisionCreateTime":{"name":"revisionCreateTime","type":"\t","is_mandatory":true,"title":"Time this revision was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"revisionId":{"name":"revisionId","type":"\u0007","is_mandatory":true,"title":"Immutable identifier of this revision of the assignment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rollout":{"name":"rollout","type":"\n","is_mandatory":true,"title":"Rollout strategy and disruption budget for the assignment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rolloutState":{"name":"rolloutState","type":"\u0007","is_mandatory":true,"title":"Rollout state of the assignment (IN_PROGRESS, CANCELLING, CANCELLED, SUCCEEDED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"VM Manager OS policy assignment","desc":"Examine an OS policy assignment that applies a set of OS policies (`osPolicies`) to the VM instances selected by `instanceFilter`. Each assignment tracks its `rollout` strategy, its progress through `rolloutState`, the immutable `revisionId` of the applied configuration, and whether the revision is a `baseline` or has been `deleted`. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name rolloutState","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.osConfigService.patchDeployment":{"id":"gcp.project.osConfigService.patchDeployment","name":"gcp.project.osConfigService.patchDeployment","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the patch deployment was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Optional human-readable description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"duration":{"name":"duration","type":"\u0005","is_mandatory":true,"title":"Length of time the patch is allowed to run, in seconds","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceFilter":{"name":"instanceFilter","type":"\n","is_mandatory":true,"title":"Filter selecting which VM instances receive the patch","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastExecuteTime":{"name":"lastExecuteTime","type":"\t","is_mandatory":true,"title":"Time the patch deployment last ran","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the patch deployment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oneTimeSchedule":{"name":"oneTimeSchedule","type":"\n","is_mandatory":true,"title":"One-time schedule that triggers this patch deployment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"patchConfig":{"name":"patchConfig","type":"\n","is_mandatory":true,"title":"Per-package-manager patch behavior and reboot configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"recurringSchedule":{"name":"recurringSchedule","type":"\n","is_mandatory":true,"title":"Recurring schedule that triggers this patch deployment","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rollout":{"name":"rollout","type":"\n","is_mandatory":true,"title":"Rollout strategy and disruption budget for the patch","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Deployment state (ACTIVE, PAUSED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Time the patch deployment was last updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"VM Manager OS patch deployment","desc":"Examine a scheduled patch rollout managed by VM Manager: the `instanceFilter` selecting which VM instances are patched, the per-package-manager behavior and reboot policy in `patchConfig`, the `oneTimeSchedule` or `recurringSchedule` that triggers it, the `rollout` strategy and disruption budget, and the `state` that audits whether the deployment is ACTIVE or PAUSED. Selected by the full resource name.","private":true,"min_provider_version":"13.15.1","defaults":"name state lastExecuteTime","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService":{"id":"gcp.project.pubsubService","name":"gcp.project.pubsubService","fields":{"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"schema":{"name":"schema","type":"\u001bgcp.project.pubsubService.schema","title":"Google Cloud (GCP) Pub/Sub schema","desc":"Examine a Pub/Sub schema that validates message payloads published to associated topics. Exposes the schema type (`PROTOCOL_BUFFER` or `AVRO`), the full schema definition text, the current revision ID, and the time the revision was created.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"schemas":{"name":"schemas","type":"\u0019\u001bgcp.project.pubsubService.schema","title":"List of Pub/Sub schemas","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"snapshot":{"name":"snapshot","type":"\u001bgcp.project.pubsubService.snapshot","title":"Google Cloud (GCP) Pub/Sub snapshot","desc":"Examine a point-in-time Pub/Sub snapshot — the topic it was taken from and the time at which it expires and is automatically deleted. Snapshots allow subscriptions to seek back to a specific point in the message backlog.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"snapshots":{"name":"snapshots","type":"\u0019\u001bgcp.project.pubsubService.snapshot","title":"List of snapshots in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subscription":{"name":"subscription","type":"\u001bgcp.project.pubsubService.subscription","title":"Google Cloud (GCP) Pub/Sub subscription","desc":"Examine a Pub/Sub subscription's delivery configuration and IAM policy. The `config` sub-resource exposes ack deadline, message ordering, push endpoint, dead-letter policy, retry backoff, filter expression, and retention settings. The `public` field flags subscriptions accessible to `allUsers` or `allAuthenticatedUsers`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"subscriptions":{"name":"subscriptions","type":"\u0019\u001bgcp.project.pubsubService.subscription","title":"List of subscriptions in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"topic":{"name":"topic","type":"\u001bgcp.project.pubsubService.topic","title":"Google Cloud (GCP) Pub/Sub topic","desc":"Examine a Pub/Sub topic's encryption key, message storage policy, retention duration, schema validation settings, and IAM policy. The `public` field flags topics whose IAM policy grants access to `allUsers` or `allAuthenticatedUsers`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"topics":{"name":"topics","type":"\u0019\u001bgcp.project.pubsubService.topic","title":"List of topics in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub","desc":"Use this resource as the entry point for Pub/Sub in the project. It hosts the messaging surface: `topics` and their `subscriptions`, point-in-time `snapshots`, and the `schemas` that validate message payloads — each exposing IAM policy, encryption, and retention settings.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService.schema":{"id":"gcp.project.pubsubService.schema","name":"gcp.project.pubsubService.schema","fields":{"definition":{"name":"definition","type":"\u0007","is_mandatory":true,"title":"Full schema definition text","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/schemas/{schema})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"revisionCreateTime":{"name":"revisionCreateTime","type":"\t","is_mandatory":true,"title":"Revision creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"revisionId":{"name":"revisionId","type":"\u0007","is_mandatory":true,"title":"Revision ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Schema type (PROTOCOL_BUFFER, AVRO)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub schema","desc":"Examine a Pub/Sub schema that validates message payloads published to associated topics. Exposes the schema type (`PROTOCOL_BUFFER` or `AVRO`), the full schema definition text, the current revision ID, and the time the revision was created.","private":true,"min_provider_version":"13.7.2","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService.snapshot":{"id":"gcp.project.pubsubService.snapshot","name":"gcp.project.pubsubService.snapshot","fields":{"expiration":{"name":"expiration","type":"\t","is_mandatory":true,"title":"When the snapshot expires","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Subscription name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"topic":{"name":"topic","type":"\u001bgcp.project.pubsubService.topic","is_mandatory":true,"title":"The topic associated with the snapshot","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub snapshot","desc":"Examine a point-in-time Pub/Sub snapshot — the topic it was taken from and the time at which it expires and is automatically deleted. Snapshots allow subscriptions to seek back to a specific point in the message backlog.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService.subscription":{"id":"gcp.project.pubsubService.subscription","name":"gcp.project.pubsubService.subscription","fields":{"config":{"name":"config","type":"\u001bgcp.project.pubsubService.subscription.config","title":"Subscription configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy for this subscription","min_provider_version":"11.0.146","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Subscription name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether the subscription's IAM policy grants any role to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub subscription","desc":"Examine a Pub/Sub subscription's delivery configuration and IAM policy. The `config` sub-resource exposes ack deadline, message ordering, push endpoint, dead-letter policy, retry backoff, filter expression, and retention settings. The `public` field flags subscriptions accessible to `allUsers` or `allAuthenticatedUsers`.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService.subscription.config":{"id":"gcp.project.pubsubService.subscription.config","name":"gcp.project.pubsubService.subscription.config","fields":{"ackDeadline":{"name":"ackDeadline","type":"\t","is_mandatory":true,"title":"Default maximum time a subscriber can take to acknowledge a message after receiving it","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deadLetterPolicy":{"name":"deadLetterPolicy","type":"\n","is_mandatory":true,"title":"Dead-letter queue configuration (deadLetterTopic, maxDeliveryAttempts)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"detached":{"name":"detached","type":"\u0004","is_mandatory":true,"title":"Whether the subscription is detached from its topic","min_provider_version":"11.0.146","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableExactlyOnceDelivery":{"name":"enableExactlyOnceDelivery","type":"\u0004","is_mandatory":true,"title":"Whether exactly-once delivery is enabled","min_provider_version":"11.0.146","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableMessageOrdering":{"name":"enableMessageOrdering","type":"\u0004","is_mandatory":true,"title":"Whether message ordering is enabled","min_provider_version":"11.0.146","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expirationPolicy":{"name":"expirationPolicy","type":"\t","is_mandatory":true,"title":"Conditions for a subscription's expiration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Filter expression for the subscription","min_provider_version":"11.0.146","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"The labels associated with this subscription","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pushConfig":{"name":"pushConfig","type":"\u001bgcp.project.pubsubService.subscription.config.pushconfig","is_mandatory":true,"title":"Configuration for subscriptions that operate in push mode","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pushconfig":{"name":"pushconfig","type":"\u001bgcp.project.pubsubService.subscription.config.pushconfig","title":"Google Cloud (GCP) Pub/Sub configuration for subscriptions that operate in push mode","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"retainAckedMessages":{"name":"retainAckedMessages","type":"\u0004","is_mandatory":true,"title":"Whether to retain acknowledged messages","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retentionDuration":{"name":"retentionDuration","type":"\t","is_mandatory":true,"title":"How long to retain messages in the backlog after they're published","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retryPolicy":{"name":"retryPolicy","type":"\n","is_mandatory":true,"title":"Message retry backoff configuration (minimumBackoff, maximumBackoff)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the subscription (STATE_UNSPECIFIED, ACTIVE, RESOURCE_ERROR)","min_provider_version":"11.0.146","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subscriptionName":{"name":"subscriptionName","type":"\u0007","is_mandatory":true,"title":"Subscription name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"topic":{"name":"topic","type":"\u001bgcp.project.pubsubService.topic","is_mandatory":true,"title":"Topic to which the subscription points","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"topicMessageRetentionDuration":{"name":"topicMessageRetentionDuration","type":"\t","is_mandatory":true,"title":"The minimum duration the topic retains messages after publishing","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub subscription configuration","desc":"Examine the detailed delivery settings for a Pub/Sub subscription — the parent topic, acknowledgement deadline, message retention duration, push endpoint configuration, expiration policy, dead-letter queue, retry backoff, message ordering and exactly-once delivery flags, filter expression, detachment state, and the topic's own retention window.","private":true,"min_provider_version":"9.0.0","defaults":"topic.name ackDeadline expirationPolicy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService.subscription.config.pushconfig":{"id":"gcp.project.pubsubService.subscription.config.pushconfig","name":"gcp.project.pubsubService.subscription.config.pushconfig","fields":{"attributes":{"name":"attributes","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Endpoint configuration attributes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"configId":{"name":"configId","type":"\u0007","is_mandatory":true,"title":"Parent configuration ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpoint":{"name":"endpoint","type":"\u0007","is_mandatory":true,"title":"URL of the endpoint to which to push messages","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oidcTokenAudience":{"name":"oidcTokenAudience","type":"\u0007","is_mandatory":true,"title":"Audience used when generating the OIDC token for authenticated push","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oidcTokenServiceAccountEmail":{"name":"oidcTokenServiceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Service account email used to generate the OIDC token for authenticated push","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub configuration for subscriptions that operate in push mode","private":true,"min_provider_version":"9.0.0","defaults":"attributes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService.topic":{"id":"gcp.project.pubsubService.topic","name":"gcp.project.pubsubService.topic","fields":{"config":{"name":"config","type":"\u001bgcp.project.pubsubService.topic.config","title":"Topic configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy for this topic","min_provider_version":"11.0.146","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Topic name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether the topic's IAM policy grants any role to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub topic","desc":"Examine a Pub/Sub topic's encryption key, message storage policy, retention duration, schema validation settings, and IAM policy. The `public` field flags topics whose IAM policy grants access to `allUsers` or `allAuthenticatedUsers`.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService.topic.config":{"id":"gcp.project.pubsubService.topic.config","name":"gcp.project.pubsubService.topic.config","fields":{"ingestionDataSourceSettings":{"name":"ingestionDataSourceSettings","type":"\n","is_mandatory":true,"title":"Ingestion data source settings","desc":"Configuration for ingesting messages into the topic from an external source. Supported sources include AWS Kinesis, AWS MSK, Azure Event Hubs, Confluent Cloud, and Apache Kafka on Cloud Storage. Null when no ingestion source is configured.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used to protect topic messages (null when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKeyName":{"name":"kmsKeyName","type":"\u0007","is_mandatory":true,"title":"Customer-managed KMS key resource name","desc":"Deprecated in favor of `kmsKey()`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels associated with this topic","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"messageStoragePolicy":{"name":"messageStoragePolicy","type":"\u001bgcp.project.pubsubService.topic.config.messagestoragepolicy","is_mandatory":true,"title":"Message storage policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"messageTransforms":{"name":"messageTransforms","type":"\u0019\n","is_mandatory":true,"title":"Message transformation pipeline","desc":"Ordered list of transforms applied to messages published to the topic, each typically backed by a JavaScript user-defined function (UDF).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"messagestoragepolicy":{"name":"messagestoragepolicy","type":"\u001bgcp.project.pubsubService.topic.config.messagestoragepolicy","title":"Google Cloud (GCP) Pub/Sub topic message storage policy","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retentionDuration":{"name":"retentionDuration","type":"\t","is_mandatory":true,"title":"How long a published message is retained (0 means not set)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the topic satisfies Physical Zone Separation (PZS) compliance","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"schemaSettings":{"name":"schemaSettings","type":"\u001bgcp.project.pubsubService.topic.config.schemaSettings","is_mandatory":true,"title":"Schema validation settings for published messages","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the topic (STATE_UNSPECIFIED, ACTIVE, INGESTION_RESOURCE_ERROR)","min_provider_version":"11.0.146","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"topicName":{"name":"topicName","type":"\u0007","is_mandatory":true,"title":"Topic name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub topic configuration","desc":"Examine the detailed settings for a Pub/Sub topic — the customer-managed KMS key (`kmsKey`) used to encrypt messages at rest, the message storage policy restricting which regions may persist messages, message retention duration, topic lifecycle state, and the schema validation settings that govern which message formats the topic accepts.","private":true,"min_provider_version":"9.0.0","defaults":"kmsKeyName messageStoragePolicy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService.topic.config.messagestoragepolicy":{"id":"gcp.project.pubsubService.topic.config.messagestoragepolicy","name":"gcp.project.pubsubService.topic.config.messagestoragepolicy","fields":{"allowedPersistenceRegions":{"name":"allowedPersistenceRegions","type":"\u0019\u0007","is_mandatory":true,"title":"List of GCP regions where messages published to the topic can persist in storage","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"configId":{"name":"configId","type":"\u0007","is_mandatory":true,"title":"Parent configuration ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enforceInTransit":{"name":"enforceInTransit","type":"\u0004","is_mandatory":true,"title":"Whether allowedPersistenceRegions also restricts in-transit message routing","desc":"When true, publish operations on the topic and subscribe operations on any of its subscriptions fail when invoked from a region not listed in allowedPersistenceRegions.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub topic message storage policy","private":true,"min_provider_version":"9.0.0","defaults":"allowedPersistenceRegions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.pubsubService.topic.config.schemaSettings":{"id":"gcp.project.pubsubService.topic.config.schemaSettings","name":"gcp.project.pubsubService.topic.config.schemaSettings","fields":{"encoding":{"name":"encoding","type":"\u0007","is_mandatory":true,"title":"Message encoding (JSON, BINARY)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"firstRevisionId":{"name":"firstRevisionId","type":"\u0007","is_mandatory":true,"title":"First revision ID to validate against","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastRevisionId":{"name":"lastRevisionId","type":"\u0007","is_mandatory":true,"title":"Last revision ID to validate against","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"schema":{"name":"schema","type":"\u0007","is_mandatory":true,"title":"Full schema resource name (projects/{project}/schemas/{schema})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"schemaResource":{"name":"schemaResource","type":"\u001bgcp.project.pubsubService.schema","title":"Schema resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Pub/Sub topic schema settings","private":true,"min_provider_version":"13.7.2","defaults":"schema encoding","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService":{"id":"gcp.project.redisService","name":"gcp.project.redisService","fields":{"cluster":{"name":"cluster","type":"\u001bgcp.project.redisService.cluster","title":"Google Cloud (GCP) Memorystore for Redis Cluster","desc":"Examine a sharded Memorystore for Redis Cluster deployment. Surfaces the cluster `state`, shard and replica counts, `nodeType`, total memory size (`sizeGb`, `preciseSizeGb`), authorization and transit-encryption modes, deletion protection, the customer-managed encryption key via `cryptoKey()`, and operational metadata such as `maintenancePolicy`, `maintenanceSchedule`, `persistenceConfig`, and `automatedBackupConfig`. The `pscConfigs`, `pscConnections`, `clusterEndpoints`, and `discoveryEndpoints` describe the Private Service Connect topology. Use `backups()` to enumerate point-in-time cluster backups.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"clusters":{"name":"clusters","type":"\u0019\u001bgcp.project.redisService.cluster","title":"List all redis clusters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u001bgcp.project.redisService.instance","title":"Google Cloud (GCP) Memorystore for Redis instance","desc":"Examine a managed Redis instance — its version, tier, memory size, and network placement (`authorizedNetwork`, `connectMode`). Surfaces authentication posture (`authEnabled`, `transitEncryptionMode`), replica topology (`replicaCount`, `readReplicasMode`, `readEndpoint`), the customer-managed encryption key via `kmsKey()`, persistence and maintenance configuration, and the list of `serverCaCerts` used for TLS connections. The `state` and `statusMessage` fields reflect the current operational condition of the instance.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.redisService.instance","title":"List all redis instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore for Redis","desc":"Use this resource as the entry point for Memorystore for Redis in the project. It hosts the managed-Redis `instances` and the newer `clusters` (sharded Memorystore for Redis Cluster deployments) — each exposing auth mode, transit encryption, authorized network, and maintenance settings for cache-tier audits.","private":true,"min_provider_version":"11.0.79","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.cluster":{"id":"gcp.project.redisService.cluster","name":"gcp.project.redisService.cluster","fields":{"authorizationMode":{"name":"authorizationMode","type":"\u0007","is_mandatory":true,"title":"The authorization mode of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"automatedBackupConfig":{"name":"automatedBackupConfig","type":"\n","is_mandatory":true,"title":"The automated backup configuration of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backup":{"name":"backup","type":"\u001bgcp.project.redisService.cluster.backup","title":"Google Cloud (GCP) Memorystore for Redis Cluster backup","desc":"Examine a point-in-time backup of a Redis Cluster. Surfaces the backup `name`, `state`, `backupType` (ON_DEMAND or AUTOMATED), creation and expiry timestamps, total size, the engine version and cluster topology (node type, shard and replica counts) at backup time, encryption information, and the list of constituent `backupFiles`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupCollection":{"name":"backupCollection","type":"\u0007","is_mandatory":true,"title":"The backup collection full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backups":{"name":"backups","type":"\u0019\u001bgcp.project.redisService.cluster.backup","title":"Backups for this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterEndpoint":{"name":"clusterEndpoint","type":"\u001bgcp.project.redisService.cluster.clusterEndpoint","title":"Google Cloud (GCP) Redis Cluster endpoint","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"clusterEndpoints":{"name":"clusterEndpoints","type":"\u0019\u001bgcp.project.redisService.cluster.clusterEndpoint","is_mandatory":true,"title":"The cluster endpoints","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionDetail":{"name":"connectionDetail","type":"\u001bgcp.project.redisService.cluster.connectionDetail","title":"Google Cloud (GCP) Redis Cluster endpoint connection detail","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the cluster was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"crossClusterReplicationConfig":{"name":"crossClusterReplicationConfig","type":"\n","is_mandatory":true,"title":"The cross-cluster replication configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cryptoKey":{"name":"cryptoKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed encryption key (CMEK) used to encrypt the at-rest data of the cluster","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deletionProtectionEnabled":{"name":"deletionProtectionEnabled","type":"\u0004","is_mandatory":true,"title":"Whether delete protection is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"discoveryEndpoint":{"name":"discoveryEndpoint","type":"\u001bgcp.project.redisService.cluster.discoveryEndpoint","title":"Google Cloud (GCP) Redis Cluster discovery endpoint","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"discoveryEndpoints":{"name":"discoveryEndpoints","type":"\u0019\u001bgcp.project.redisService.cluster.discoveryEndpoint","is_mandatory":true,"title":"The discovery endpoints","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionInfo":{"name":"encryptionInfo","type":"\n","is_mandatory":true,"title":"Encryption information of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u0007","is_mandatory":true,"title":"Customer-managed encryption key resource ID","desc":"Deprecated in favor of `cryptoKey()`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"maintenancePolicy":{"name":"maintenancePolicy","type":"\n","is_mandatory":true,"title":"The maintenance policy of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceSchedule":{"name":"maintenanceSchedule","type":"\n","is_mandatory":true,"title":"The upcoming maintenance schedule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Unique name of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeType":{"name":"nodeType","type":"\u0007","is_mandatory":true,"title":"The node type of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"persistenceConfig":{"name":"persistenceConfig","type":"\n","is_mandatory":true,"title":"The persistence configuration of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"preciseSizeGb":{"name":"preciseSizeGb","type":"\u0006","is_mandatory":true,"title":"Precise Redis memory size in GB for the entire cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscConfig":{"name":"pscConfig","type":"\u001bgcp.project.redisService.cluster.pscConfig","title":"Google Cloud (GCP) Redis Cluster PSC configuration","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"pscConfigs":{"name":"pscConfigs","type":"\u0019\u001bgcp.project.redisService.cluster.pscConfig","is_mandatory":true,"title":"The PSC configurations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscConnection":{"name":"pscConnection","type":"\u001bgcp.project.redisService.cluster.pscConnection","title":"Google Cloud (GCP) Redis Cluster PSC connection","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"pscConnections":{"name":"pscConnections","type":"\u0019\u001bgcp.project.redisService.cluster.pscConnection","is_mandatory":true,"title":"The PSC connections","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscServiceAttachments":{"name":"pscServiceAttachments","type":"\u0019\n","is_mandatory":true,"title":"PSC service attachments","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"redisConfigs":{"name":"redisConfigs","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Redis configuration parameters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaCount":{"name":"replicaCount","type":"\u0005","is_mandatory":true,"title":"The number of replica nodes per shard","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCaMode":{"name":"serverCaMode","type":"\u0007","is_mandatory":true,"title":"The server certificate authority mode","min_provider_version":"13.3.5","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCaPool":{"name":"serverCaPool","type":"\u0007","is_mandatory":true,"title":"The CA pool resource for customer-managed CAS","min_provider_version":"13.3.5","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shardCount":{"name":"shardCount","type":"\u0005","is_mandatory":true,"title":"The number of shards in the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sizeGb":{"name":"sizeGb","type":"\u0005","is_mandatory":true,"title":"Redis memory size in GB for the entire cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"The current state of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stateInfo":{"name":"stateInfo","type":"\n","is_mandatory":true,"title":"Additional information about the state of the cluster (e.g. updateInfo with target shard/replica counts during reshard)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"transitEncryptionMode":{"name":"transitEncryptionMode","type":"\u0007","is_mandatory":true,"title":"The in-transit encryption mode of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"System-assigned unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zoneDistributionConfig":{"name":"zoneDistributionConfig","type":"\n","is_mandatory":true,"title":"The zone distribution configuration of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore for Redis Cluster","desc":"Examine a sharded Memorystore for Redis Cluster deployment. Surfaces the cluster `state`, shard and replica counts, `nodeType`, total memory size (`sizeGb`, `preciseSizeGb`), authorization and transit-encryption modes, deletion protection, the customer-managed encryption key via `cryptoKey()`, and operational metadata such as `maintenancePolicy`, `maintenanceSchedule`, `persistenceConfig`, and `automatedBackupConfig`. The `pscConfigs`, `pscConnections`, `clusterEndpoints`, and `discoveryEndpoints` describe the Private Service Connect topology. Use `backups()` to enumerate point-in-time cluster backups.","private":true,"min_provider_version":"11.1.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.cluster.backup":{"id":"gcp.project.redisService.cluster.backup","name":"gcp.project.redisService.cluster.backup","fields":{"backupFile":{"name":"backupFile","type":"\u001bgcp.project.redisService.cluster.backup.backupFile","title":"Google Cloud (GCP) Redis Cluster backup file","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupFiles":{"name":"backupFiles","type":"\u0019\u001bgcp.project.redisService.cluster.backup.backupFile","is_mandatory":true,"title":"The list of backup files","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupType":{"name":"backupType","type":"\u0007","is_mandatory":true,"title":"The type of backup (ON_DEMAND or AUTOMATED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cluster":{"name":"cluster","type":"\u0007","is_mandatory":true,"title":"Full resource path of the cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterUid":{"name":"clusterUid","type":"\u0007","is_mandatory":true,"title":"The cluster UID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the backup was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionInfo":{"name":"encryptionInfo","type":"\n","is_mandatory":true,"title":"Encryption information of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"engineVersion":{"name":"engineVersion","type":"\u0007","is_mandatory":true,"title":"Redis engine version (e.g. redis-7.2, valkey-7.5)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"The time the backup expires","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeType":{"name":"nodeType","type":"\u0007","is_mandatory":true,"title":"The node type of the cluster at backup time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaCount":{"name":"replicaCount","type":"\u0005","is_mandatory":true,"title":"The number of replicas at backup time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"shardCount":{"name":"shardCount","type":"\u0005","is_mandatory":true,"title":"The number of shards at backup time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"The current state of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"totalSizeBytes":{"name":"totalSizeBytes","type":"\u0005","is_mandatory":true,"title":"Total size of the backup in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"System-assigned unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore for Redis Cluster backup","desc":"Examine a point-in-time backup of a Redis Cluster. Surfaces the backup `name`, `state`, `backupType` (ON_DEMAND or AUTOMATED), creation and expiry timestamps, total size, the engine version and cluster topology (node type, shard and replica counts) at backup time, encryption information, and the list of constituent `backupFiles`.","private":true,"min_provider_version":"11.1.0","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.cluster.backup.backupFile":{"id":"gcp.project.redisService.cluster.backup.backupFile","name":"gcp.project.redisService.cluster.backup.backupFile","fields":{"backupName":{"name":"backupName","type":"\u0007","is_mandatory":true,"title":"Parent backup resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"File creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"fileName":{"name":"fileName","type":"\u0007","is_mandatory":true,"title":"File name within the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sizeBytes":{"name":"sizeBytes","type":"\u0005","is_mandatory":true,"title":"File size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Redis Cluster backup file","private":true,"min_provider_version":"13.12.2","defaults":"fileName sizeBytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.cluster.clusterEndpoint":{"id":"gcp.project.redisService.cluster.clusterEndpoint","name":"gcp.project.redisService.cluster.clusterEndpoint","fields":{"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connections":{"name":"connections","type":"\u0019\u001bgcp.project.redisService.cluster.connectionDetail","is_mandatory":true,"title":"The PSC connections for this endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Redis Cluster endpoint","private":true,"min_provider_version":"11.1.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.cluster.connectionDetail":{"id":"gcp.project.redisService.cluster.connectionDetail","name":"gcp.project.redisService.cluster.connectionDetail","fields":{"address":{"name":"address","type":"\u0007","is_mandatory":true,"title":"IP address of the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionOrigin":{"name":"connectionOrigin","type":"\u0007","is_mandatory":true,"title":"The origin of the connection (AUTO or USER)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionProjectId":{"name":"connectionProjectId","type":"\u0007","is_mandatory":true,"title":"The consumer project ID the PSC connection was created in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionType":{"name":"connectionType","type":"\u0007","is_mandatory":true,"title":"The type of the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"forwardingRule":{"name":"forwardingRule","type":"\u0007","is_mandatory":true,"title":"The consumer forwarding rule for the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"The consumer network the PSC connection was created in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscConnectionId":{"name":"pscConnectionId","type":"\u0007","is_mandatory":true,"title":"The PSC connection ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscConnectionStatus":{"name":"pscConnectionStatus","type":"\u0007","is_mandatory":true,"title":"The status of the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAttachment":{"name":"serviceAttachment","type":"\u0007","is_mandatory":true,"title":"The service attachment which is the target of the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Redis Cluster endpoint connection detail","private":true,"min_provider_version":"11.1.0","defaults":"pscConnectionId address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.cluster.discoveryEndpoint":{"id":"gcp.project.redisService.cluster.discoveryEndpoint","name":"gcp.project.redisService.cluster.discoveryEndpoint","fields":{"address":{"name":"address","type":"\u0007","is_mandatory":true,"title":"IP address of the exposed Redis endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"The network of the discovery endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"title":"Port number of the exposed Redis endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Redis Cluster discovery endpoint","private":true,"min_provider_version":"11.1.0","defaults":"address port","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.cluster.pscConfig":{"id":"gcp.project.redisService.cluster.pscConfig","name":"gcp.project.redisService.cluster.pscConfig","fields":{"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"The network where the IP address of the discovery endpoint will be reserved","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Redis Cluster PSC configuration","private":true,"min_provider_version":"11.1.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.cluster.pscConnection":{"id":"gcp.project.redisService.cluster.pscConnection","name":"gcp.project.redisService.cluster.pscConnection","fields":{"address":{"name":"address","type":"\u0007","is_mandatory":true,"title":"IP address of the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"clusterName":{"name":"clusterName","type":"\u0007","is_mandatory":true,"title":"Cluster name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionProjectId":{"name":"connectionProjectId","type":"\u0007","is_mandatory":true,"title":"The consumer project ID the PSC connection was created in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionType":{"name":"connectionType","type":"\u0007","is_mandatory":true,"title":"The type of the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"forwardingRule":{"name":"forwardingRule","type":"\u0007","is_mandatory":true,"title":"The consumer forwarding rule for the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"The consumer network the PSC connection was created in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscConnectionId":{"name":"pscConnectionId","type":"\u0007","is_mandatory":true,"title":"The PSC connection ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscConnectionStatus":{"name":"pscConnectionStatus","type":"\u0007","is_mandatory":true,"title":"The status of the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAttachment":{"name":"serviceAttachment","type":"\u0007","is_mandatory":true,"title":"The service attachment which is the target of the PSC connection","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Redis Cluster PSC connection","private":true,"min_provider_version":"11.1.0","defaults":"pscConnectionId address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.instance":{"id":"gcp.project.redisService.instance","name":"gcp.project.redisService.instance","fields":{"AuthorizedNetwork":{"name":"AuthorizedNetwork","type":"\u0007","is_mandatory":true,"title":"The full name of the Google Compute Engine network","desc":"The [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. If left unspecified, the `default` network will be used.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"alternativeLocationId":{"name":"alternativeLocationId","type":"\u0007","is_mandatory":true,"title":"The alternative zone where the instance will be provisioned for standard tier","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"authEnabled":{"name":"authEnabled","type":"\u0004","is_mandatory":true,"title":"Redis AUTH is enabled or not for the instance. If set to \"true\" AUTH is enabled on the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"availableMaintenanceVersions":{"name":"availableMaintenanceVersions","type":"\u0019\u0007","is_mandatory":true,"title":"The available maintenance versions that an instance could update to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectMode":{"name":"connectMode","type":"\u0007","is_mandatory":true,"title":"The network connect mode of the Redis instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the instance was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"currentLocationId":{"name":"currentLocationId","type":"\u0007","is_mandatory":true,"title":"The current zone where the Redis primary node is located","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customerManagedKey":{"name":"customerManagedKey","type":"\u0007","is_mandatory":true,"title":"Customer-managed encryption key resource ID","desc":"Deprecated in favor of `kmsKey()`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"An arbitrary and optional user-provided name for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"host":{"name":"host","type":"\u0007","is_mandatory":true,"title":"Hostname or IP address of the exposed Redis endpoint used by clients to connect to the service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed encryption key (CMEK) used to encrypt the at-rest data of the instance","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels to represent user provided metadata","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locationId":{"name":"locationId","type":"\u0007","is_mandatory":true,"title":"The zone where the instance will be provisioned","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenancePolicy":{"name":"maintenancePolicy","type":"\n","is_mandatory":true,"title":"The maintenance policy of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceSchedule":{"name":"maintenanceSchedule","type":"\n","is_mandatory":true,"title":"The upcoming maintenance schedule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceVersion":{"name":"maintenanceVersion","type":"\u0007","is_mandatory":true,"title":"The self service update maintenance version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"memorySizeGb":{"name":"memorySizeGb","type":"\u0005","is_mandatory":true,"title":"Redis memory size in GiB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Unique name of the resource in this scope including project and location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeInfo":{"name":"nodeInfo","type":"\u001bgcp.project.redisService.instance.nodeInfo","title":"Google Cloud (GCP) Redis instance node information","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"nodes":{"name":"nodes","type":"\u0019\u001bgcp.project.redisService.instance.nodeInfo","is_mandatory":true,"title":"Info per node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"persistenceConfig":{"name":"persistenceConfig","type":"\n","is_mandatory":true,"title":"The persistence configuration of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"persistenceIamIdentity":{"name":"persistenceIamIdentity","type":"\u0007","is_mandatory":true,"title":"Cloud IAM identity used by import / export operations to transfer data to/from Cloud Storage","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"title":"The port number of the exposed Redis endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"readEndpoint":{"name":"readEndpoint","type":"\u0007","is_mandatory":true,"title":"Hostname or IP address of the exposed read-only Redis endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"readEndpointPort":{"name":"readEndpointPort","type":"\u0005","is_mandatory":true,"title":"The port number of the exposed read-only Redis endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"readReplicasMode":{"name":"readReplicasMode","type":"\u0007","is_mandatory":true,"title":"The read replicas mode of the Redis instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"redisConfigs":{"name":"redisConfigs","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Redis configuration parameters, according to http://redis.io/topics/config","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"redisVersion":{"name":"redisVersion","type":"\u0007","is_mandatory":true,"title":"The version of Redis software","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaCount":{"name":"replicaCount","type":"\u0005","is_mandatory":true,"title":"The number of replica nodes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reservedIpRange":{"name":"reservedIpRange","type":"\u0007","is_mandatory":true,"title":"The CIDR range of internal addresses that are reserved for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secondaryIpRange":{"name":"secondaryIpRange","type":"\u0007","is_mandatory":true,"title":"Additional IP range for node placement","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCaCert":{"name":"serverCaCert","type":"\u001bgcp.project.redisService.instance.serverCaCert","title":"Google Cloud (GCP) Redis instance server CA certificate","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"serverCaCerts":{"name":"serverCaCerts","type":"\u0019\u001bgcp.project.redisService.instance.serverCaCert","is_mandatory":true,"title":"List of server CA certificates for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"The current state of this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"statusMessage":{"name":"statusMessage","type":"\u0007","is_mandatory":true,"title":"Additional information about the current status of this instance, if available","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"suspensionReasons":{"name":"suspensionReasons","type":"\u0019\u0007","is_mandatory":true,"title":"The reasons the instance has been suspended","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tier":{"name":"tier","type":"\u0007","is_mandatory":true,"title":"The service tier of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"transitEncryptionMode":{"name":"transitEncryptionMode","type":"\u0007","is_mandatory":true,"title":"The TLS mode of the Redis instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Memorystore for Redis instance","desc":"Examine a managed Redis instance — its version, tier, memory size, and network placement (`authorizedNetwork`, `connectMode`). Surfaces authentication posture (`authEnabled`, `transitEncryptionMode`), replica topology (`replicaCount`, `readReplicasMode`, `readEndpoint`), the customer-managed encryption key via `kmsKey()`, persistence and maintenance configuration, and the list of `serverCaCerts` used for TLS connections. The `state` and `statusMessage` fields reflect the current operational condition of the instance.","private":true,"min_provider_version":"11.0.79","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.instance.nodeInfo":{"id":"gcp.project.redisService.instance.nodeInfo","name":"gcp.project.redisService.instance.nodeInfo","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Node identifying string (e.g. `node-0`, `node-1`)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u0007","is_mandatory":true,"title":"Location of the node","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Redis instance node information","private":true,"min_provider_version":"11.0.79","defaults":"id zone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.redisService.instance.serverCaCert":{"id":"gcp.project.redisService.instance.serverCaCert","name":"gcp.project.redisService.instance.serverCaCert","fields":{"cert":{"name":"cert","type":"\u0007","is_mandatory":true,"title":"PEM representation of the certificate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"The time the certificate was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"The time the certificate expires","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serialNumber":{"name":"serialNumber","type":"\u0007","is_mandatory":true,"title":"Serial number of the certificate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sha1Fingerprint":{"name":"sha1Fingerprint","type":"\u0007","is_mandatory":true,"title":"SHA1 fingerprint of the certificate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Redis instance server CA certificate","private":true,"min_provider_version":"11.1.0","defaults":"serialNumber sha1Fingerprint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.secretmanagerService":{"id":"gcp.project.secretmanagerService","name":"gcp.project.secretmanagerService","fields":{"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secret":{"name":"secret","type":"\u001bgcp.project.secretmanagerService.secret","title":"Google Cloud (GCP) Secret Manager secret","desc":"Examine a Secret Manager secret and its security configuration. Covers the replication policy (automatic or user-managed with specific regions), customer-managed KMS encryption keys, rotation policy and whether rotation is configured, expiration time, Pub/Sub notification topics, version destroy TTL, IAM policy, and whether the secret's IAM policy grants access to allUsers or allAuthenticatedUsers.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"secrets":{"name":"secrets","type":"\u0019\u001bgcp.project.secretmanagerService.secret","title":"List of secrets in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Secret Manager","desc":"Use this resource as the entry point for Secret Manager in the project. It hosts the project's `secrets` — each exposing its replication policy, rotation schedule, expiration, version state, and IAM policy for secret-management audits.","private":true,"min_provider_version":"11.1.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.secretmanagerService.secret":{"id":"gcp.project.secretmanagerService.secret","name":"gcp.project.secretmanagerService.secret","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Custom metadata annotations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Time the secret was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customerManagedEncryption":{"name":"customerManagedEncryption","type":"\u0019\u0007","is_mandatory":true,"title":"Customer-managed KMS key resource names","desc":"Deprecated in favor of `kmsKeys()`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Etag of the secret","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Expiration time (if set)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy for this secret","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKeys":{"name":"kmsKeys","type":"\u0019\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS keys protecting this secret across all replication locations (empty when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-assigned labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Secret name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nextRotationTime":{"name":"nextRotationTime","type":"\t","is_mandatory":true,"title":"Time at which Secret Manager will send a rotation notification (empty when no rotation policy is configured)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether the secret's IAM policy grants any role to allUsers or allAuthenticatedUsers","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replication":{"name":"replication","type":"\n","is_mandatory":true,"title":"Replication policy configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicationType":{"name":"replicationType","type":"\u0007","is_mandatory":true,"title":"Replication policy kind (AUTOMATIC for Google-selected locations, USER_MANAGED for explicitly chosen replica locations)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path (projects/*/secrets/*)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rotation":{"name":"rotation","type":"\n","is_mandatory":true,"title":"Rotation policy configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rotationEnabled":{"name":"rotationEnabled","type":"\u0004","title":"Whether rotation is configured (rotation.rotationPeriod or nextRotationTime is set)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rotationPeriod":{"name":"rotationPeriod","type":"\u0007","is_mandatory":true,"title":"Frequency at which Secret Manager rotates the secret, as a duration (empty when no rotation policy is configured)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tags":{"name":"tags","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource manager tags used to organize and group resources, and to control policy evaluation","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"topics":{"name":"topics","type":"\u0019\u0007","is_mandatory":true,"title":"Pub/Sub topics for event notifications","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ttl":{"name":"ttl","type":"\u0007","is_mandatory":true,"title":"Input-only time-to-live duration after which the secret is scheduled to expire (empty when an absolute expireTime is set instead)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"version":{"name":"version","type":"\u001bgcp.project.secretmanagerService.secret.version","title":"Google Cloud (GCP) Secret Manager secret version","desc":"Examine an individual version of a Secret Manager secret. Covers the version state (ENABLED, DISABLED, or DESTROYED), creation and destruction timestamps, customer-managed encryption status, scheduled destroy time for versions pending deletion, and whether the client provided a payload checksum when the version was created.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"versionAliases":{"name":"versionAliases","type":"\u001a\u0007\u0005","is_mandatory":true,"title":"Version aliases mapping alias names to version numbers","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versionDestroyTtl":{"name":"versionDestroyTtl","type":"\t","is_mandatory":true,"title":"Version destroy TTL duration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versions":{"name":"versions","type":"\u0019\u001bgcp.project.secretmanagerService.secret.version","title":"List of secret versions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Secret Manager secret","desc":"Examine a Secret Manager secret and its security configuration. Covers the replication policy (automatic or user-managed with specific regions), customer-managed KMS encryption keys, rotation policy and whether rotation is configured, expiration time, Pub/Sub notification topics, version destroy TTL, IAM policy, and whether the secret's IAM policy grants access to allUsers or allAuthenticatedUsers.","private":true,"min_provider_version":"11.1.0","defaults":"name createTime","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.secretmanagerService.secret.version":{"id":"gcp.project.secretmanagerService.secret.version","name":"gcp.project.secretmanagerService.secret.version","fields":{"clientSpecifiedPayloadChecksum":{"name":"clientSpecifiedPayloadChecksum","type":"\u0004","is_mandatory":true,"title":"Whether the client specified a payload checksum","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the version was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customerManagedEncryption":{"name":"customerManagedEncryption","type":"\n","is_mandatory":true,"title":"Customer-managed encryption status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"destroyed":{"name":"destroyed","type":"\t","is_mandatory":true,"title":"Time the version was destroyed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Etag of the version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Version number","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourcePath":{"name":"resourcePath","type":"\u0007","is_mandatory":true,"title":"Full resource path (projects/*/secrets/*/versions/*)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scheduledDestroyTime":{"name":"scheduledDestroyTime","type":"\t","is_mandatory":true,"title":"Scheduled destroy time (for delayed destruction)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state (ENABLED, DISABLED, DESTROYED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Secret Manager secret version","desc":"Examine an individual version of a Secret Manager secret. Covers the version state (ENABLED, DISABLED, or DESTROYED), creation and destruction timestamps, customer-managed encryption status, scheduled destroy time for versions pending deletion, and whether the client provided a payload checksum when the version was created.","private":true,"min_provider_version":"11.1.0","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sourceRepositoriesService":{"id":"gcp.project.sourceRepositoriesService","name":"gcp.project.sourceRepositoriesService","fields":{"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"repo":{"name":"repo","type":"\u001bgcp.project.sourceRepositoriesService.repo","title":"Google Cloud (GCP) Cloud Source repository","desc":"Examine a Cloud Source Repositories repository. Inspect `url` for the clone endpoint; `size` for the repository's disk footprint in bytes; and `mirrorConfig` for the upstream repository URL and authentication details when the repo is mirrored from an external source such as GitHub or Bitbucket.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"repos":{"name":"repos","type":"\u0019\u001bgcp.project.sourceRepositoriesService.repo","title":"List of source repositories","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Source Repositories","desc":"Use this resource as the entry point for Cloud Source Repositories in the project. It hosts the project's `repos` — each exposing its size, mirror configuration, and IAM policy for source-control audits.","private":true,"min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sourceRepositoriesService.repo":{"id":"gcp.project.sourceRepositoriesService.repo","name":"gcp.project.sourceRepositoriesService.repo","fields":{"mirrorConfig":{"name":"mirrorConfig","type":"\u001bgcp.project.sourceRepositoriesService.repo.mirrorConfig","is_mandatory":true,"title":"Mirror configuration (if mirrored from external source)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/\u003cproject\u003e/repos/\u003crepo\u003e)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"size":{"name":"size","type":"\u0005","is_mandatory":true,"title":"Repository size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"url":{"name":"url","type":"\u0007","is_mandatory":true,"title":"Clone URL","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Source repository","desc":"Examine a Cloud Source Repositories repository. Inspect `url` for the clone endpoint; `size` for the repository's disk footprint in bytes; and `mirrorConfig` for the upstream repository URL and authentication details when the repo is mirrored from an external source such as GitHub or Bitbucket.","private":true,"min_provider_version":"13.7.2","defaults":"name url","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sourceRepositoriesService.repo.mirrorConfig":{"id":"gcp.project.sourceRepositoriesService.repo.mirrorConfig","name":"gcp.project.sourceRepositoriesService.repo.mirrorConfig","fields":{"deployKeyId":{"name":"deployKeyId","type":"\u0007","is_mandatory":true,"title":"Deploy key ID for SSH authentication","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"url":{"name":"url","type":"\u0007","is_mandatory":true,"title":"URL of the upstream repository being mirrored","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"webhookId":{"name":"webhookId","type":"\u0007","is_mandatory":true,"title":"Webhook ID for push notifications","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Source repository mirror configuration","desc":"Examine the mirror configuration for a Cloud Source repository that syncs from an external upstream. Inspect `url` for the upstream repository address; `deployKeyId` for the SSH deploy key used to authenticate; and `webhookId` for the push-notification webhook that triggers sync when the upstream changes.","private":true,"min_provider_version":"13.7.2","defaults":"url","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.spannerService":{"id":"gcp.project.spannerService","name":"gcp.project.spannerService","fields":{"instance":{"name":"instance","type":"\u001bgcp.project.spannerService.instance","title":"Google Cloud (GCP) Spanner instance","desc":"Examine a Cloud Spanner instance — the top-level billable unit that holds databases and backups. Query its compute allocation (`nodeCount`, `processingUnits`, `autoscalingConfig`), edition, state, and endpoint URIs. Drill into `databases` for schema and IAM audits, `backups` and `backupSchedules` for retention policy audits, and `instancePartitions` for geographic data-placement configuration.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceConfig":{"name":"instanceConfig","type":"\u001bgcp.project.spannerService.instanceConfig","title":"Google Cloud (GCP) Spanner instance configuration","desc":"Examine a Cloud Spanner instance configuration — the regional or multi-region placement template used when creating or comparing instances. Query the list of replica regions (`replicas`), allowed leader regions (`leaderOptions`), configuration type (`GOOGLE_MANAGED` or `USER_MANAGED`), and free-instance availability. For user-managed configurations, `baseConfig` names the Google-managed config it derives from.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceConfigs":{"name":"instanceConfigs","type":"\u0019\u001bgcp.project.spannerService.instanceConfig","title":"List of available Spanner instance configurations","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.spannerService.instance","title":"List of Spanner instances in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Spanner","desc":"Use this resource as the entry point for Spanner in the project. It hosts the project's `instances` (with their databases and backups) and the available `instanceConfigs` that determine regional and multi-region placement.","private":true,"min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.spannerService.instance":{"id":"gcp.project.spannerService.instance","name":"gcp.project.spannerService.instance","fields":{"autoscalingConfig":{"name":"autoscalingConfig","type":"\n","is_mandatory":true,"title":"Autoscaling configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backup":{"name":"backup","type":"\u001bgcp.project.spannerService.instance.backup","title":"Google Cloud (GCP) Spanner backup","desc":"Examine a Cloud Spanner backup created from a source database. Query its state, expiration time, size in bytes, encryption information, and database dialect. For incremental backups, `incrementalBackupChainId` links backups in the same chain, and `oldestVersionTime` records how far back the chain reaches. `freeableSizeBytes` and `exclusiveSizeBytes` indicate the storage reclaimed or attributed to this backup within its chain.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupSchedule":{"name":"backupSchedule","type":"\u001bgcp.project.spannerService.instance.backupSchedule","title":"Google Cloud (GCP) Spanner backup schedule","desc":"Examine an automated backup schedule attached to a Spanner database. Query the cron-like `spec`, backup `retentionDuration`, backup type (`FULL` or `INCREMENTAL`), and encryption configuration used for scheduled backups.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"backupSchedules":{"name":"backupSchedules","type":"\u0019\u001bgcp.project.spannerService.instance.backupSchedule","title":"List of backup schedules for databases in this instance","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backups":{"name":"backups","type":"\u0019\u001bgcp.project.spannerService.instance.backup","title":"List of backups in this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"config":{"name":"config","type":"\u0007","is_mandatory":true,"title":"Instance configuration reference (resource name string)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"database":{"name":"database","type":"\u001bgcp.project.spannerService.instance.database","title":"Google Cloud (GCP) Spanner database","desc":"Examine a Cloud Spanner database within an instance. Query its SQL dialect (`GOOGLE_STANDARD_SQL` or `POSTGRESQL`), state, encryption configuration and KMS keys (for CMEK multi-region databases), version retention period, and earliest restore timestamp. Access the full DDL schema via `ddl`, IAM bindings via `iamPolicy`, and fine-grained access control roles via `databaseRoles`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"databases":{"name":"databases","type":"\u0019\u001bgcp.project.spannerService.instance.database","title":"List of databases in this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultBackupScheduleType":{"name":"defaultBackupScheduleType","type":"\u0007","is_mandatory":true,"title":"Default backup schedule type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"edition":{"name":"edition","type":"\u0007","is_mandatory":true,"title":"Cloud Spanner edition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpointUris":{"name":"endpointUris","type":"\u0019\u0007","is_mandatory":true,"title":"Fully qualified endpoint URIs used to access the instance","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"freeInstanceMetadata":{"name":"freeInstanceMetadata","type":"\n","is_mandatory":true,"title":"Free-tier instance metadata (expireTime, upgradeTime, expireBehavior)","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings for the instance","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceConfig":{"name":"instanceConfig","type":"\u001bgcp.project.spannerService.instanceConfig","title":"Instance configuration resource","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instancePartition":{"name":"instancePartition","type":"\u001bgcp.project.spannerService.instance.instancePartition","title":"Google Cloud (GCP) Spanner instance partition","desc":"Examine a Cloud Spanner instance partition — a sub-allocation of compute capacity within an instance used to pin databases to specific geographic regions. Query its `nodeCount` or `processingUnits`, `autoscalingConfig`, configuration reference, state, and the list of databases that reference the partition.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instancePartitions":{"name":"instancePartitions","type":"\u0019\u001bgcp.project.spannerService.instance.instancePartition","title":"List of instance partitions","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceType":{"name":"instanceType","type":"\u0007","is_mandatory":true,"title":"Instance type (PROVISIONED or FREE_INSTANCE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Labels for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeCount":{"name":"nodeCount","type":"\u0005","is_mandatory":true,"title":"Number of nodes allocated to the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"processingUnits":{"name":"processingUnits","type":"\u0005","is_mandatory":true,"title":"Number of processing units allocated to the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaComputeCapacity":{"name":"replicaComputeCapacity","type":"\u0019\n","is_mandatory":true,"title":"Per-replica compute capacity for multi-region instances","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Spanner instance","desc":"Examine a Cloud Spanner instance — the top-level billable unit that holds databases and backups. Query its compute allocation (`nodeCount`, `processingUnits`, `autoscalingConfig`), edition, state, and endpoint URIs. Drill into `databases` for schema and IAM audits, `backups` and `backupSchedules` for retention policy audits, and `instancePartitions` for geographic data-placement configuration.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.spannerService.instance.backup":{"id":"gcp.project.spannerService.instance.backup","name":"gcp.project.spannerService.instance.backup","fields":{"backupSchedules":{"name":"backupSchedules","type":"\u0019\u0007","is_mandatory":true,"title":"Backup schedule URIs associated with creating this backup","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"database":{"name":"database","type":"\u0007","is_mandatory":true,"title":"Source database of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseDialect":{"name":"databaseDialect","type":"\u0007","is_mandatory":true,"title":"Database dialect","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionInfo":{"name":"encryptionInfo","type":"\n","is_mandatory":true,"title":"Encryption information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"exclusiveSizeBytes":{"name":"exclusiveSizeBytes","type":"\u0005","is_mandatory":true,"title":"Storage space attributable to this backup within its incremental chain","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expireTime":{"name":"expireTime","type":"\t","is_mandatory":true,"title":"Expiration time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"freeableSizeBytes":{"name":"freeableSizeBytes","type":"\u0005","is_mandatory":true,"title":"Bytes freed by deleting this backup (zero if part of an incremental chain with newer dependents)","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"incrementalBackupChainId":{"name":"incrementalBackupChainId","type":"\u0007","is_mandatory":true,"title":"Identifier linking backups in the same incremental chain","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxExpireTime":{"name":"maxExpireTime","type":"\t","is_mandatory":true,"title":"Maximum expiration time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"oldestVersionTime":{"name":"oldestVersionTime","type":"\t","is_mandatory":true,"title":"Earliest version time retained in this backup","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"referencingBackups":{"name":"referencingBackups","type":"\u0019\u0007","is_mandatory":true,"title":"Resource names of destination backups that reference this backup (copy chain)","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"referencingDatabases":{"name":"referencingDatabases","type":"\u0019\u0007","is_mandatory":true,"title":"Resource names of restored databases that reference this backup","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sizeBytes":{"name":"sizeBytes","type":"\u0005","is_mandatory":true,"title":"Size of the backup in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versionTime":{"name":"versionTime","type":"\t","is_mandatory":true,"title":"Version time of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Spanner backup","desc":"Examine a Cloud Spanner backup created from a source database. Query its state, expiration time, size in bytes, encryption information, and database dialect. For incremental backups, `incrementalBackupChainId` links backups in the same chain, and `oldestVersionTime` records how far back the chain reaches. `freeableSizeBytes` and `exclusiveSizeBytes` indicate the storage reclaimed or attributed to this backup within its chain.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.spannerService.instance.backupSchedule":{"id":"gcp.project.spannerService.instance.backupSchedule","name":"gcp.project.spannerService.instance.backupSchedule","fields":{"backupType":{"name":"backupType","type":"\u0007","is_mandatory":true,"title":"Backup type spec (FULL or INCREMENTAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database name the schedule belongs to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionConfig":{"name":"encryptionConfig","type":"\n","is_mandatory":true,"title":"Encryption configuration used for scheduled backups","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the backup schedule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retentionDuration":{"name":"retentionDuration","type":"\u0007","is_mandatory":true,"title":"Retention duration for backups created by the schedule","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"spec":{"name":"spec","type":"\n","is_mandatory":true,"title":"Schedule specification (cron-like configuration)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Spanner backup schedule","desc":"Examine an automated backup schedule attached to a Spanner database. Query the cron-like `spec`, backup `retentionDuration`, backup type (`FULL` or `INCREMENTAL`), and encryption configuration used for scheduled backups.","private":true,"min_provider_version":"13.11.2","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.spannerService.instance.database":{"id":"gcp.project.spannerService.instance.database","name":"gcp.project.spannerService.instance.database","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseDialect":{"name":"databaseDialect","type":"\u0007","is_mandatory":true,"title":"SQL dialect of the database (GOOGLE_STANDARD_SQL or POSTGRESQL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseRoles":{"name":"databaseRoles","type":"\u0019\u001bgcp.project.spannerService.instance.database.role","title":"Fine-grained database roles defined in the database","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ddl":{"name":"ddl","type":"\u0019\u0007","title":"Database DDL statements (schema definition)","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultLeader":{"name":"defaultLeader","type":"\u0007","is_mandatory":true,"title":"Default leader region","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"earliestVersionTime":{"name":"earliestVersionTime","type":"\t","is_mandatory":true,"title":"Earliest timestamp to which the database can be restored","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableDropProtection":{"name":"enableDropProtection","type":"\u0004","is_mandatory":true,"title":"Whether drop protection is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionConfig":{"name":"encryptionConfig","type":"\n","is_mandatory":true,"title":"Encryption configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionInfo":{"name":"encryptionInfo","type":"\u0019\n","is_mandatory":true,"title":"Encryption information","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy bindings for the database","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKeys":{"name":"kmsKeys","type":"\u0019\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS keys used for encryption; populated for multi-region databases that span multiple regions (empty when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the database","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconciling":{"name":"reconciling","type":"\u0004","is_mandatory":true,"title":"Whether the database is in a reconciling state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"restoreInfo":{"name":"restoreInfo","type":"\n","is_mandatory":true,"title":"Restore source information if the database was restored from a backup","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"role":{"name":"role","type":"\u001bgcp.project.spannerService.instance.database.role","title":"Google Cloud (GCP) Spanner database role (fine-grained access control)","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the database","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versionRetentionPeriod":{"name":"versionRetentionPeriod","type":"\u0007","is_mandatory":true,"title":"Version retention period","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Spanner database","desc":"Examine a Cloud Spanner database within an instance. Query its SQL dialect (`GOOGLE_STANDARD_SQL` or `POSTGRESQL`), state, encryption configuration and KMS keys (for CMEK multi-region databases), version retention period, and earliest restore timestamp. Access the full DDL schema via `ddl`, IAM bindings via `iamPolicy`, and fine-grained access control roles via `databaseRoles`.","private":true,"min_provider_version":"11.3.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.spannerService.instance.database.role":{"id":"gcp.project.spannerService.instance.database.role","name":"gcp.project.spannerService.instance.database.role","fields":{"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the database role","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Spanner database role (fine-grained access control)","private":true,"min_provider_version":"13.11.2","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.spannerService.instance.instancePartition":{"id":"gcp.project.spannerService.instance.instancePartition","name":"gcp.project.spannerService.instance.instancePartition","fields":{"autoscalingConfig":{"name":"autoscalingConfig","type":"\n","is_mandatory":true,"title":"Autoscaling configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"config":{"name":"config","type":"\u0007","is_mandatory":true,"title":"Instance configuration reference (resource name string)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name of the partition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Entity tag for concurrency control","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Parent instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name of the instance partition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"nodeCount":{"name":"nodeCount","type":"\u0005","is_mandatory":true,"title":"Number of nodes allocated to the partition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"processingUnits":{"name":"processingUnits","type":"\u0005","is_mandatory":true,"title":"Number of processing units allocated to the partition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"referencingDatabases":{"name":"referencingDatabases","type":"\u0019\u0007","is_mandatory":true,"title":"Resource names of databases referencing this partition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state of the partition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Spanner instance partition","desc":"Examine a Cloud Spanner instance partition — a sub-allocation of compute capacity within an instance used to pin databases to specific geographic regions. Query its `nodeCount` or `processingUnits`, `autoscalingConfig`, configuration reference, state, and the list of databases that reference the partition.","private":true,"min_provider_version":"13.11.2","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.spannerService.instanceConfig":{"id":"gcp.project.spannerService.instanceConfig","name":"gcp.project.spannerService.instanceConfig","fields":{"baseConfig":{"name":"baseConfig","type":"\u0007","is_mandatory":true,"title":"Base config name (for custom configs only)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"configType":{"name":"configType","type":"\u0007","is_mandatory":true,"title":"Config type (GOOGLE_MANAGED, USER_MANAGED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"Entity tag for concurrency control","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"freeInstanceAvailability":{"name":"freeInstanceAvailability","type":"\u0007","is_mandatory":true,"title":"Free instance availability (AVAILABLE, UNSUPPORTED, DISABLED, QUOTA_EXCEEDED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"leaderOptions":{"name":"leaderOptions","type":"\u0019\u0007","is_mandatory":true,"title":"Leader options (allowed leader regions)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"optionalReplicas":{"name":"optionalReplicas","type":"\u0019\n","is_mandatory":true,"title":"Replicas available to be used but not currently in the base configuration","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconciling":{"name":"reconciling","type":"\u0004","is_mandatory":true,"title":"Whether the configuration is being updated","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicas":{"name":"replicas","type":"\u0019\n","is_mandatory":true,"title":"Geographic placement of nodes (list of region configurations)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current configuration state (CREATING, READY)","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageLimitPerProcessingUnit":{"name":"storageLimitPerProcessingUnit","type":"\u0005","is_mandatory":true,"title":"Storage limit in bytes per processing unit","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Spanner instance configuration","desc":"Examine a Cloud Spanner instance configuration — the regional or multi-region placement template used when creating or comparing instances. Query the list of replica regions (`replicas`), allowed leader regions (`leaderOptions`), configuration type (`GOOGLE_MANAGED` or `USER_MANAGED`), and free-instance availability. For user-managed configurations, `baseConfig` names the Google-managed config it derives from.","private":true,"min_provider_version":"13.7.2","defaults":"name displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService":{"id":"gcp.project.sqlService","name":"gcp.project.sqlService","fields":{"backupRun":{"name":"backupRun","type":"\u001bgcp.project.sqlService.backupRun","title":"Google Cloud SQL backup run","desc":"Examine a Cloud SQL backup run's status, timing, and storage configuration. Surfaces the `backupKind` (SNAPSHOT or PHYSICAL), `status` (ENQUEUED, RUNNING, FAILED, SUCCESSFUL, SKIPPED, DELETED), `startTime`, `endTime`, `enqueuedTime`, `location`, `databaseVersion` at backup time, disk-encryption configuration, and any `error` details for failed runs. The `type` field distinguishes AUTOMATED, ON_DEMAND, and FINAL backups.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instance":{"name":"instance","type":"\u001bgcloud.sql.instance","title":"Google Cloud SQL managed database instance","desc":"Examine a Cloud SQL instance's configuration, connectivity, and security posture. Surfaces the `databaseVersion`, `state`, `region`, `zone()`, instance `settings` (backup configuration, IP configuration, database flags, password policy, maintenance window), assigned `ipAddresses`, CMEK disk-encryption key (`kmsKey()`), replica configuration, and PSC / private networking attributes. Derived predicates include `publicIpEnabled()`, `backupConfigurationEnabled()`, `pointInTimeRecoveryEnabled()`, `hasBuiltInUsers()`, and `localRootEnabled()`. Child collections expose `databases()`, `users()`, `sslCerts()`, and `backupRuns()`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.sqlService.instance","title":"List of Cloud SQL instances in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud SQL","desc":"Use this resource as the entry point for Cloud SQL in the project. It hosts the managed-database `instances` — each exposing its database engine and version, connection settings, automated backup configuration, SSL/TLS enforcement, authorized networks, and database flags for relational-database audits.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.backupRun":{"id":"gcp.project.sqlService.backupRun","name":"gcp.project.sqlService.backupRun","fields":{"backupKind":{"name":"backupKind","type":"\u0007","is_mandatory":true,"title":"The type of backup kind (SNAPSHOT or PHYSICAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseVersion":{"name":"databaseVersion","type":"\u0007","is_mandatory":true,"title":"Instance database version at the time this backup was made","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the run (on-demand backups only)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskEncryptionConfiguration":{"name":"diskEncryptionConfiguration","type":"\n","is_mandatory":true,"title":"Backup-specific encryption configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskEncryptionStatus":{"name":"diskEncryptionStatus","type":"\n","is_mandatory":true,"title":"Backup-specific encryption status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endTime":{"name":"endTime","type":"\t","is_mandatory":true,"title":"Time the backup operation completed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enqueuedTime":{"name":"enqueuedTime","type":"\t","is_mandatory":true,"title":"Time the run was enqueued","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"error":{"name":"error","type":"\n","is_mandatory":true,"title":"Error information if the run failed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier for this backup run (unique per instance)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Name of the database instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location where the backup is stored","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxChargeableBytes":{"name":"maxChargeableBytes","type":"\u0005","is_mandatory":true,"title":"Maximum chargeable bytes for the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"selfLink":{"name":"selfLink","type":"\u0007","is_mandatory":true,"title":"URI of this resource (self link)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"startTime":{"name":"startTime","type":"\t","is_mandatory":true,"title":"Time the backup operation actually started","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of this run (ENQUEUED, RUNNING, FAILED, SUCCESSFUL, SKIPPED, DELETED, ...)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeZone":{"name":"timeZone","type":"\u0007","is_mandatory":true,"title":"Backup time zone (SQL Server only)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of this run (AUTOMATED, ON_DEMAND, or FINAL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"windowStartTime":{"name":"windowStartTime","type":"\t","is_mandatory":true,"title":"Start of the backup window during which this backup was attempted","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud SQL backup run","desc":"Examine a Cloud SQL backup run's status, timing, and storage configuration. Surfaces the `backupKind` (SNAPSHOT or PHYSICAL), `status` (ENQUEUED, RUNNING, FAILED, SUCCESSFUL, SKIPPED, DELETED), `startTime`, `endTime`, `enqueuedTime`, `location`, `databaseVersion` at backup time, disk-encryption configuration, and any `error` details for failed runs. The `type` field distinguishes AUTOMATED, ON_DEMAND, and FINAL backups.","private":true,"min_provider_version":"13.11.2","defaults":"id status type startTime","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance":{"id":"gcp.project.sqlService.instance","name":"gcp.project.sqlService.instance","fields":{"availableMaintenanceVersions":{"name":"availableMaintenanceVersions","type":"\u0019\u0007","is_mandatory":true,"title":"All maintenance versions applicable on the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backendType":{"name":"backendType","type":"\u0007","is_mandatory":true,"title":"Backend type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupConfigurationEnabled":{"name":"backupConfigurationEnabled","type":"\u0004","title":"Whether automated backups are enabled — flat hoist of settings.backupConfiguration.enabled","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupRuns":{"name":"backupRuns","type":"\u0019\u001bgcp.project.sqlService.backupRun","title":"List of backup runs for the current SQL instance","min_provider_version":"13.11.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectionName":{"name":"connectionName","type":"\u0007","is_mandatory":true,"title":"Connection name of the instance used in connection strings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"currentDiskSize":{"name":"currentDiskSize","type":"\u0005","is_mandatory":true,"title":"Current disk usage of the instance in bytes","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"database":{"name":"database","type":"\u001bgcp.project.sqlService.instance.database","title":"Google Cloud (GCP) SQL instance database","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"databaseInstalledVersion":{"name":"databaseInstalledVersion","type":"\u0007","is_mandatory":true,"title":"Current database version running on the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseVersion":{"name":"databaseVersion","type":"\u0007","is_mandatory":true,"title":"Database engine type and version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databases":{"name":"databases","type":"\u0019\u001bgcp.project.sqlService.instance.database","title":"List of the databases in the current SQL instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskEncryptionConfiguration":{"name":"diskEncryptionConfiguration","type":"\n","is_mandatory":true,"title":"Disk encryption configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"diskEncryptionStatus":{"name":"diskEncryptionStatus","type":"\n","is_mandatory":true,"title":"Disk encryption status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsName":{"name":"dnsName","type":"\u0007","is_mandatory":true,"title":"The DNS name of the instance","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsNames":{"name":"dnsNames","type":"\u0019\n","is_mandatory":true,"title":"DNS names for this instance (`{name, connectionType, dnsScope, recordManager}`)","desc":"Each entry exposes the DNS name, its connection type (PUBLIC, PRIVATE_SERVICES_ACCESS, PRIVATE_SERVICE_CONNECT), DNS scope (INSTANCE, CLUSTER), and record manager (CUSTOMER, CLOUD_SQL_AUTOMATION).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag for optimistic locking","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"failoverReplica":{"name":"failoverReplica","type":"\n","is_mandatory":true,"title":"Name and status of the failover replica","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gceZone":{"name":"gceZone","type":"\u0007","is_mandatory":true,"title":"Raw GCE zone name","desc":"Deprecated in favor of `zone`.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"hasBuiltInUsers":{"name":"hasBuiltInUsers","type":"\u0004","title":"Whether the instance has any built-in (non-IAM) database users","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceType":{"name":"instanceType","type":"\u0007","is_mandatory":true,"title":"Instance type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipAddresses":{"name":"ipAddresses","type":"\u0019\u001bgcp.project.sqlService.instance.ipMapping","is_mandatory":true,"title":"Assigned IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipMapping":{"name":"ipMapping","type":"\u001bgcp.project.sqlService.instance.ipMapping","title":"Google Cloud (GCP) SQL instance IP mapping","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed KMS key used for disk encryption (null when Google-managed)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"localRootEnabled":{"name":"localRootEnabled","type":"\u0004","title":"Whether a built-in 'root' user exists (the most common SQL hardening finding)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceVersion":{"name":"maintenanceVersion","type":"\u0007","is_mandatory":true,"title":"Current software version on the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"masterInstanceName":{"name":"masterInstanceName","type":"\u0007","is_mandatory":true,"title":"Name of the instance that acts as primary in the replica","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxDiskSize":{"name":"maxDiskSize","type":"\u0005","is_mandatory":true,"title":"Maximum disk size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pointInTimeRecoveryEnabled":{"name":"pointInTimeRecoveryEnabled","type":"\u0004","title":"Whether point-in-time recovery is enabled — flat hoist of settings.backupConfiguration.pointInTimeRecoveryEnabled","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"primaryDnsName":{"name":"primaryDnsName","type":"\u0007","is_mandatory":true,"title":"Primary DNS name for the replication group","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscServiceAttachmentLink":{"name":"pscServiceAttachmentLink","type":"\u0007","is_mandatory":true,"title":"PSC service attachment link","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicIpEnabled":{"name":"publicIpEnabled","type":"\u0004","title":"Whether the instance is reachable on a public IP — flat hoist of settings.ipConfiguration.ipv4Enabled","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"region":{"name":"region","type":"\u0007","is_mandatory":true,"title":"Cloud SQL region the instance is deployed in","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaConfiguration":{"name":"replicaConfiguration","type":"\n","is_mandatory":true,"title":"Replica configuration (failoverTarget, cascadableReplica, mysqlReplicaConfiguration)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicaNames":{"name":"replicaNames","type":"\u0019\u0007","is_mandatory":true,"title":"Names of read-replica instances of this primary","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicationCluster":{"name":"replicationCluster","type":"\n","is_mandatory":true,"title":"Primary/DR replica pairing for the instance (`{drReplica, failoverDrReplicaName, psaWriteEndpoint}`)","desc":"Cross-region DR replication is an Enterprise Plus feature for MySQL and PostgreSQL. `drReplica` is true on the DR replica side; `failoverDrReplicaName` is set on the primary to designate the DR replica.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies Google's Protected Zone Integration requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the instance satisfies Google's Protected Zone Separation requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"scheduledMaintenance":{"name":"scheduledMaintenance","type":"\n","is_mandatory":true,"title":"Upcoming scheduled maintenance window (`{startTime, canDefer, canReschedule, scheduleDeadlineTime}`)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"secondaryZone":{"name":"secondaryZone","type":"\u001bgcp.project.computeService.zone","title":"Compute Engine zone of the failover instance","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCaCertExpiration":{"name":"serverCaCertExpiration","type":"\t","is_mandatory":true,"title":"Expiration time of the instance's server CA certificate used for TLS","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmailAddress":{"name":"serviceAccountEmailAddress","type":"\u0007","is_mandatory":true,"title":"Service account email address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"settings":{"name":"settings","type":"\u001bgcp.project.sqlService.instance.settings","is_mandatory":true,"title":"Detailed Cloud SQL instance configuration (tier, flags, backups, network, IAM)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sqlNetworkArchitecture":{"name":"sqlNetworkArchitecture","type":"\u0007","is_mandatory":true,"title":"The SQL network architecture for the instance (NEW_NETWORK_ARCHITECTURE or OLD_NETWORK_ARCHITECTURE)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslCert":{"name":"sslCert","type":"\u001bgcp.project.sqlService.instance.sslCert","title":"Google Cloud SQL instance SSL/TLS client certificate","desc":"Examine a Cloud SQL client certificate used for SSL/TLS mutual authentication. Surfaces the `commonName`, `sha1Fingerprint`, `certSerialNumber`, the PEM-encoded `cert` body, `createTime`, and `expirationTime`. Use `expirationTime` to audit certificates approaching their expiry.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"sslCerts":{"name":"sslCerts","type":"\u0019\u001bgcp.project.sqlService.instance.sslCert","title":"List of SSL/TLS certificates for the current SQL instance","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Instance state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"suspensionReason":{"name":"suspensionReason","type":"\u0019\u0007","is_mandatory":true,"title":"If the instance state is SUSPENDED, the reason for the suspension","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"switchTransactionLogsToCloudStorageEnabled":{"name":"switchTransactionLogsToCloudStorageEnabled","type":"\u0004","is_mandatory":true,"title":"Whether transaction logs can switch to Cloud Storage","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"upgradableDatabaseVersions":{"name":"upgradableDatabaseVersions","type":"\u0019\n","is_mandatory":true,"title":"Database versions available for upgrade (`{name, majorVersion, displayName}`)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"user":{"name":"user","type":"\u001bgcp.project.sqlService.instance.user","title":"Google Cloud SQL database user","desc":"Examine a Cloud SQL database user's authentication type and access configuration. Surfaces the `name`, `host` (MySQL-specific connection restriction), `type` (BUILT_IN, CLOUD_IAM_USER, CLOUD_IAM_SERVICE_ACCOUNT, CLOUD_IAM_GROUP, CLOUD_IAM_GROUP_USER, CLOUD_IAM_GROUP_SERVICE_ACCOUNT), `iamEmail` for Cloud IAM principals, `databaseRoles` (PostgreSQL and SQL Server), `dualPasswordType`, and `passwordPolicy`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"users":{"name":"users","type":"\u0019\u001bgcp.project.sqlService.instance.user","title":"List of users in the current SQL instance","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"writeEndpoint":{"name":"writeEndpoint","type":"\u0007","is_mandatory":true,"title":"Write endpoint DNS name","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zone":{"name":"zone","type":"\u001bgcp.project.computeService.zone","title":"Compute Engine zone that the instance is currently serviced from","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud SQL managed database instance","desc":"Examine a Cloud SQL instance's configuration, connectivity, and security posture. Surfaces the `databaseVersion`, `state`, `region`, `zone()`, instance `settings` (backup configuration, IP configuration, database flags, password policy, maintenance window), assigned `ipAddresses`, CMEK disk-encryption key (`kmsKey()`), replica configuration, and PSC / private networking attributes. Derived predicates include `publicIpEnabled()`, `backupConfigurationEnabled()`, `pointInTimeRecoveryEnabled()`, `hasBuiltInUsers()`, and `localRootEnabled()`. Child collections expose `databases()`, `users()`, `sslCerts()`, and `backupRuns()`.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.database":{"id":"gcp.project.sqlService.instance.database","name":"gcp.project.sqlService.instance.database","fields":{"charset":{"name":"charset","type":"\u0007","is_mandatory":true,"title":"Character set value","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"collation":{"name":"collation","type":"\u0007","is_mandatory":true,"title":"Sort/collation order for the database","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instance":{"name":"instance","type":"\u0007","is_mandatory":true,"title":"Name of the Cloud SQL instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the database","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sqlserverDatabaseDetails":{"name":"sqlserverDatabaseDetails","type":"\n","is_mandatory":true,"title":"SQL Server database details","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance database","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.ipMapping":{"id":"gcp.project.sqlService.instance.ipMapping","name":"gcp.project.sqlService.instance.ipMapping","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipAddress":{"name":"ipAddress","type":"\u0007","is_mandatory":true,"title":"Assigned IP address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeToRetire":{"name":"timeToRetire","type":"\t","is_mandatory":true,"title":"Due time for this IP to retire","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of this IP address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance IP mapping","private":true,"min_provider_version":"9.0.0","defaults":"ipAddress","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.settings":{"id":"gcp.project.sqlService.instance.settings","name":"gcp.project.sqlService.instance.settings","fields":{"activationPolicy":{"name":"activationPolicy","type":"\u0007","is_mandatory":true,"title":"When the instance is activated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"activeDirectory":{"name":"activeDirectory","type":"\u001bgcp.project.sqlService.instance.settings.activeDirectory","is_mandatory":true,"title":"Entra ID (formerly Active Directory) configuration; relevant only for Cloud SQL for SQL Server","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"activeDirectoryConfig":{"name":"activeDirectoryConfig","type":"\n","is_mandatory":true,"title":"Raw Active Directory config dict","desc":"Deprecated in favor of `activeDirectory`, which exposes the same fields (domain, mode, and DNS servers) as a typed sub-resource.","provider":"go.mondoo.com/cnquery/v9/providers/gcp","maturity":"deprecated"},"availabilityType":{"name":"availabilityType","type":"\u0007","is_mandatory":true,"title":"Availability type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupConfiguration":{"name":"backupConfiguration","type":"\u001bgcp.project.sqlService.instance.settings.backupconfiguration","is_mandatory":true,"title":"Daily backup configuration for the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupconfiguration":{"name":"backupconfiguration","type":"\u001bgcp.project.sqlService.instance.settings.backupconfiguration","title":"Google Cloud (GCP) SQL instance settings backup configuration","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"collation":{"name":"collation","type":"\u0007","is_mandatory":true,"title":"Name of the server collation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"connectorEnforcement":{"name":"connectorEnforcement","type":"\u0007","is_mandatory":true,"title":"Whether connections must use Cloud SQL connectors","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"crashSafeReplicationEnabled":{"name":"crashSafeReplicationEnabled","type":"\u0004","is_mandatory":true,"title":"Whether database flags for crash-safe replication are enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataApiAccess":{"name":"dataApiAccess","type":"\u0007","is_mandatory":true,"title":"Whether ExecuteSql API access is allowed","desc":"One of DATA_API_ACCESS_UNSPECIFIED, DISALLOW_DATA_API, or ALLOW_DATA_API. When ALLOW_DATA_API is set on a private-IP instance, authorized users can reach it from the public internet via the ExecuteSql API.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataCacheConfig":{"name":"dataCacheConfig","type":"\n","is_mandatory":true,"title":"Data cache configuration (`{dataCacheEnabled}`); applicable to Enterprise Plus","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataDiskSizeGb":{"name":"dataDiskSizeGb","type":"\u0005","is_mandatory":true,"title":"Size of the data disk, in GB","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataDiskType":{"name":"dataDiskType","type":"\u0007","is_mandatory":true,"title":"Type of the data disk","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseFlags":{"name":"databaseFlags","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Database flags passed to the instance at startup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"databaseReplicationEnabled":{"name":"databaseReplicationEnabled","type":"\u0004","is_mandatory":true,"title":"Whether replication is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deletionProtectionEnabled":{"name":"deletionProtectionEnabled","type":"\u0004","is_mandatory":true,"title":"Whether to protect against accidental instance deletion","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"denyMaintenancePeriod":{"name":"denyMaintenancePeriod","type":"\u001bgcp.project.sqlService.instance.settings.denyMaintenancePeriod","title":"Google Cloud (GCP) SQL instance settings deny maintenance period","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"denyMaintenancePeriods":{"name":"denyMaintenancePeriods","type":"\u0019\u001bgcp.project.sqlService.instance.settings.denyMaintenancePeriod","is_mandatory":true,"title":"Deny maintenance periods","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"edition":{"name":"edition","type":"\u0007","is_mandatory":true,"title":"Edition type of the Cloud SQL instance","desc":"One of EDITION_UNSPECIFIED, ENTERPRISE, ENTERPRISE_PLUS, or DEVELOPER.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableDataplexIntegration":{"name":"enableDataplexIntegration","type":"\u0004","is_mandatory":true,"title":"Whether Dataplex schema extraction is enabled","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableGoogleMlIntegration":{"name":"enableGoogleMlIntegration","type":"\u0004","is_mandatory":true,"title":"Whether Vertex AI integration is enabled (MySQL and PostgreSQL only)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"entraidConfig":{"name":"entraidConfig","type":"\n","is_mandatory":true,"title":"Microsoft Entra ID configuration for SQL Server (`{applicationId, tenantId}`)","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"insightsConfig":{"name":"insightsConfig","type":"\n","is_mandatory":true,"title":"Insights configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipConfiguration":{"name":"ipConfiguration","type":"\u001bgcp.project.sqlService.instance.settings.ipConfiguration","is_mandatory":true,"title":"IP management settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locationPreference":{"name":"locationPreference","type":"\n","is_mandatory":true,"title":"Location preference settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maintenanceWindow":{"name":"maintenanceWindow","type":"\u001bgcp.project.sqlService.instance.settings.maintenanceWindow","is_mandatory":true,"title":"Maintenance window","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"passwordValidationPolicy":{"name":"passwordValidationPolicy","type":"\u001bgcp.project.sqlService.instance.settings.passwordValidationPolicy","is_mandatory":true,"title":"Local user password validation policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pricingPlan":{"name":"pricingPlan","type":"\u0007","is_mandatory":true,"title":"Pricing plan","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"replicationType":{"name":"replicationType","type":"\u0007","is_mandatory":true,"title":"Replication type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"settingsVersion":{"name":"settingsVersion","type":"\u0005","is_mandatory":true,"title":"Instance settings version","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sqlServerAuditConfig":{"name":"sqlServerAuditConfig","type":"\n","is_mandatory":true,"title":"SQL-server-specific audit configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageAutoResize":{"name":"storageAutoResize","type":"\u0004","is_mandatory":true,"title":"Whether to increase storage size automatically","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageAutoResizeLimit":{"name":"storageAutoResizeLimit","type":"\u0005","is_mandatory":true,"title":"Maximum size to which storage capacity can be automatically increased","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tier":{"name":"tier","type":"\u0007","is_mandatory":true,"title":"Service tier for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"timeZone":{"name":"timeZone","type":"\u0007","is_mandatory":true,"title":"Server timezone","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userLabels":{"name":"userLabels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance settings","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.settings.activeDirectory":{"id":"gcp.project.sqlService.instance.settings.activeDirectory","name":"gcp.project.sqlService.instance.settings.activeDirectory","fields":{"adminCredentialSecretName":{"name":"adminCredentialSecretName","type":"\u0007","is_mandatory":true,"title":"Secret Manager resource name (`projects/{p}/secrets/{s}`) holding the administrator credential; populated only for customer-managed AD","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dnsServers":{"name":"dnsServers","type":"\u0019\u0007","is_mandatory":true,"title":"Domain controller IPv4 addresses used to bootstrap Active Directory; populated only for customer-managed AD","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"domain":{"name":"domain","type":"\u0007","is_mandatory":true,"title":"Fully-qualified Active Directory / Entra ID domain (e.g., corp.example.com); empty when no binding is configured","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Active Directory mode","desc":"One of MANAGED_ACTIVE_DIRECTORY (Google-managed), CUSTOMER_MANAGED_ACTIVE_DIRECTORY, ACTIVE_DIRECTORY_MODE_UNSPECIFIED, or the deprecated SELF_MANAGED_ACTIVE_DIRECTORY.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance Entra ID / Active Directory configuration","desc":"Examine the Active Directory (now Entra ID) binding on a Cloud SQL for SQL Server instance. `domain` is the FQDN the instance is joined to; `mode` selects between Google-managed (`MANAGED_ACTIVE_DIRECTORY`) and customer-managed (`CUSTOMER_MANAGED_ACTIVE_DIRECTORY`) directory services; `dnsServers` lists the domain controller IPv4 addresses used to bootstrap the join. A SQL Server instance with no AD binding (or a binding to an unexpected domain) is the audit hot spot.","private":true,"min_provider_version":"13.16.3","defaults":"domain mode","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.settings.backupconfiguration":{"id":"gcp.project.sqlService.instance.settings.backupconfiguration","name":"gcp.project.sqlService.instance.settings.backupconfiguration","fields":{"backupRetentionSettings":{"name":"backupRetentionSettings","type":"\n","is_mandatory":true,"title":"Backup retention settings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"backupTier":{"name":"backupTier","type":"\u0007","is_mandatory":true,"title":"Backup tier managing the backups for this instance","desc":"One of BACKUP_TIER_UNSPECIFIED, STANDARD (managed by Cloud SQL), or ENHANCED (managed by Google Cloud Backup and DR Service).","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"binaryLogEnabled":{"name":"binaryLogEnabled","type":"\u0004","is_mandatory":true,"title":"Whether binary log is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether this configuration is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location of the backup","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pointInTimeRecoveryEnabled":{"name":"pointInTimeRecoveryEnabled","type":"\u0004","is_mandatory":true,"title":"Whether point-in-time recovery is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"startTime":{"name":"startTime","type":"\u0007","is_mandatory":true,"title":"Start time for the daily backup configuration (in UTC timezone, in the 24 hour format)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"transactionLogRetentionDays":{"name":"transactionLogRetentionDays","type":"\u0005","is_mandatory":true,"title":"Number of days of transaction logs retained for point-in-time restore","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"transactionalLogStorageState":{"name":"transactionalLogStorageState","type":"\u0007","is_mandatory":true,"title":"Storage location of the transactional logs used for point-in-time recovery","desc":"One of TRANSACTIONAL_LOG_STORAGE_STATE_UNSPECIFIED, DISK, SWITCHING_TO_CLOUD_STORAGE, SWITCHED_TO_CLOUD_STORAGE, or CLOUD_STORAGE.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance settings backup configuration","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.settings.denyMaintenancePeriod":{"id":"gcp.project.sqlService.instance.settings.denyMaintenancePeriod","name":"gcp.project.sqlService.instance.settings.denyMaintenancePeriod","fields":{"endDate":{"name":"endDate","type":"\u0007","is_mandatory":true,"title":"Deny maintenance period end date","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"startDate":{"name":"startDate","type":"\u0007","is_mandatory":true,"title":"Deny maintenance period start date","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"time":{"name":"time","type":"\u0007","is_mandatory":true,"title":"Time in UTC when the deny maintenance period starts and ends","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance settings deny maintenance period","private":true,"min_provider_version":"9.0.0","defaults":"startDate endDate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.settings.ipConfiguration":{"id":"gcp.project.sqlService.instance.settings.ipConfiguration","name":"gcp.project.sqlService.instance.settings.ipConfiguration","fields":{"allocatedIpRange":{"name":"allocatedIpRange","type":"\u0007","is_mandatory":true,"title":"Name of the allocated IP range for the private IP Cloud SQL instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"authorizedNetworks":{"name":"authorizedNetworks","type":"\u0019\n","is_mandatory":true,"title":"List of external networks that are allowed to connect to the instance using the IP","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customSubjectAlternativeNames":{"name":"customSubjectAlternativeNames","type":"\u0019\u0007","is_mandatory":true,"title":"Custom Subject Alternative Names (SANs) presented on the instance server certificate","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enablePrivatePathForGoogleCloudServices":{"name":"enablePrivatePathForGoogleCloudServices","type":"\u0004","is_mandatory":true,"title":"Whether the service uses an internal direct path instead of the private IP address inside of the VPC","desc":"Controls connectivity to private IP instances from Google services, such as BigQuery.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasOpenAuthorizedNetworks":{"name":"hasOpenAuthorizedNetworks","type":"\u0004","title":"Whether any authorized network entry uses 0.0.0.0/0 or ::/0 (public internet)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipv4Enabled":{"name":"ipv4Enabled","type":"\u0004","is_mandatory":true,"title":"Whether the instance is assigned a public IP address","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateNetwork":{"name":"privateNetwork","type":"\u0007","is_mandatory":true,"title":"Resource link for the VPC network from which the private IPs can access the Cloud SQL instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscConfig":{"name":"pscConfig","type":"\u001bgcp.project.sqlService.instance.settings.ipConfiguration.pscConfig","is_mandatory":true,"title":"Private Service Connect configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"requireSsl":{"name":"requireSsl","type":"\u0004","is_mandatory":true,"title":"Whether SSL connections over IP are enforced","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCaMode":{"name":"serverCaMode","type":"\u0007","is_mandatory":true,"title":"Specifies how the server CA certificate is signed (GOOGLE_MANAGED_INTERNAL_CA, GOOGLE_MANAGED_CAS_CA, CUSTOMER_MANAGED_CAS_CA)","min_provider_version":"13.2.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCaPool":{"name":"serverCaPool","type":"\u0007","is_mandatory":true,"title":"Resource name of the server CA pool when `serverCaMode` is `CUSTOMER_MANAGED_CAS_CA`","desc":"Format: `projects/{PROJECT}/locations/{REGION}/caPools/{CA_POOL_ID}`.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serverCertificateRotationMode":{"name":"serverCertificateRotationMode","type":"\u0007","is_mandatory":true,"title":"Server certificate auto-rotation mode","desc":"Controls whether the server certificate is automatically rotated during Cloud SQL scheduled maintenance up to six months before it expires. Only settable when `serverCaMode` is `GOOGLE_MANAGED_CAS_CA` or `CUSTOMER_MANAGED_CAS_CA`.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sslMode":{"name":"sslMode","type":"\u0007","is_mandatory":true,"title":"Specifies how SSL/TLS is enforced in database connections.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance settings IP configuration","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.settings.ipConfiguration.pscConfig":{"id":"gcp.project.sqlService.instance.settings.ipConfiguration.pscConfig","name":"gcp.project.sqlService.instance.settings.ipConfiguration.pscConfig","fields":{"allowedConsumerProjects":{"name":"allowedConsumerProjects","type":"\u0019\u0007","is_mandatory":true,"title":"List of consumer projects that are allow-listed to create a PSC endpoint to the Cloud SQL instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscAutoConnections":{"name":"pscAutoConnections","type":"\u0019\n","is_mandatory":true,"title":"Whether auto-creation of PSC DNS records for the Cloud SQL instance is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pscEnabled":{"name":"pscEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Private Service Connect is enabled on the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance Private Service Connect configuration","private":true,"min_provider_version":"13.10.1","defaults":"pscEnabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.settings.maintenanceWindow":{"id":"gcp.project.sqlService.instance.settings.maintenanceWindow","name":"gcp.project.sqlService.instance.settings.maintenanceWindow","fields":{"day":{"name":"day","type":"\u0005","is_mandatory":true,"title":"Day of week (1-7, 1 is Monday)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hour":{"name":"hour","type":"\u0005","is_mandatory":true,"title":"Hour of day (0 to 23)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTrack":{"name":"updateTrack","type":"\u0007","is_mandatory":true,"title":"Maintenance time setting: canary (earlier) or stable (later)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance settings maintenance window","private":true,"min_provider_version":"9.0.0","defaults":"day hour","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.settings.passwordValidationPolicy":{"id":"gcp.project.sqlService.instance.settings.passwordValidationPolicy","name":"gcp.project.sqlService.instance.settings.passwordValidationPolicy","fields":{"complexity":{"name":"complexity","type":"\u0007","is_mandatory":true,"title":"Password complexity","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disallowUsernameSubstring":{"name":"disallowUsernameSubstring","type":"\u0004","is_mandatory":true,"title":"Whether username is forbidden as a part of the password","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enabledPasswordPolicy":{"name":"enabledPasswordPolicy","type":"\u0004","is_mandatory":true,"title":"Whether the password policy is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minLength":{"name":"minLength","type":"\u0005","is_mandatory":true,"title":"Minimum number of characters required in passwords","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"passwordChangeInterval":{"name":"passwordChangeInterval","type":"\u0007","is_mandatory":true,"title":"Minimum interval after which the password can be changed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reuseInterval":{"name":"reuseInterval","type":"\u0005","is_mandatory":true,"title":"Number of previous passwords that cannot be reused","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) SQL instance settings password validation policy","private":true,"min_provider_version":"9.0.0","defaults":"enabledPasswordPolicy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.sslCert":{"id":"gcp.project.sqlService.instance.sslCert","name":"gcp.project.sqlService.instance.sslCert","fields":{"cert":{"name":"cert","type":"\u0007","is_mandatory":true,"title":"PEM representation of the certificate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"certSerialNumber":{"name":"certSerialNumber","type":"\u0007","is_mandatory":true,"title":"Serial number extracted from the certificate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"commonName":{"name":"commonName","type":"\u0007","is_mandatory":true,"title":"User-supplied name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"expirationTime":{"name":"expirationTime","type":"\t","is_mandatory":true,"title":"Expiration time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sha1Fingerprint":{"name":"sha1Fingerprint","type":"\u0007","is_mandatory":true,"title":"SHA-1 fingerprint of the certificate","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud SQL instance SSL/TLS client certificate","desc":"Examine a Cloud SQL client certificate used for SSL/TLS mutual authentication. Surfaces the `commonName`, `sha1Fingerprint`, `certSerialNumber`, the PEM-encoded `cert` body, `createTime`, and `expirationTime`. Use `expirationTime` to audit certificates approaching their expiry.","private":true,"min_provider_version":"13.7.2","defaults":"commonName sha1Fingerprint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.sqlService.instance.user":{"id":"gcp.project.sqlService.instance.user","name":"gcp.project.sqlService.instance.user","fields":{"databaseRoles":{"name":"databaseRoles","type":"\u0019\u0007","is_mandatory":true,"title":"Database role memberships (PostgreSQL and SQL Server)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dualPasswordType":{"name":"dualPasswordType","type":"\u0007","is_mandatory":true,"title":"Dual password status","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"host":{"name":"host","type":"\u0007","is_mandatory":true,"title":"Host from which the user can connect (MySQL only)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamEmail":{"name":"iamEmail","type":"\u0007","is_mandatory":true,"title":"IAM email for Cloud IAM users","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceName":{"name":"instanceName","type":"\u0007","is_mandatory":true,"title":"Instance name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"passwordPolicy":{"name":"passwordPolicy","type":"\n","is_mandatory":true,"title":"Password validation policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"User type (BUILT_IN, CLOUD_IAM_USER, CLOUD_IAM_SERVICE_ACCOUNT, CLOUD_IAM_GROUP, CLOUD_IAM_GROUP_USER, CLOUD_IAM_GROUP_SERVICE_ACCOUNT)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud SQL database user","desc":"Examine a Cloud SQL database user's authentication type and access configuration. Surfaces the `name`, `host` (MySQL-specific connection restriction), `type` (BUILT_IN, CLOUD_IAM_USER, CLOUD_IAM_SERVICE_ACCOUNT, CLOUD_IAM_GROUP, CLOUD_IAM_GROUP_USER, CLOUD_IAM_GROUP_SERVICE_ACCOUNT), `iamEmail` for Cloud IAM principals, `databaseRoles` (PostgreSQL and SQL Server), `dualPasswordType`, and `passwordPolicy`.","private":true,"min_provider_version":"13.7.2","defaults":"name type host","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.storageService":{"id":"gcp.project.storageService","name":"gcp.project.storageService","fields":{"bucket":{"name":"bucket","type":"\u001bgcloud.storage.bucket","title":"Google Cloud Storage bucket","desc":"Examine a Cloud Storage bucket's configuration, access controls, and data-protection settings. Surfaces the `storageClass`, `location` and `locationType`, `labels`, IAM policy (including `public()` which flags any `allUsers` / `allAuthenticatedUsers` grant), `iamConfiguration` (uniform bucket-level access, public access prevention), `retentionPolicy` and `retentionPolicyLocked`, object `versioningEnabled`, default CMEK encryption key (`defaultKmsKey()`), lifecycle management rules (`lifecycle`), and soft-delete policy. The `loggingEnabled` predicate indicates whether access logs are being exported to another bucket. Cloud DLP integration surfaces the bucket's `dlpDataProfile()` when enabled.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"buckets":{"name":"buckets","type":"\u0019\u001bgcp.project.storageService.bucket","title":"List all buckets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Storage","desc":"Use this resource as the entry point for Cloud Storage in the project. It hosts the project's `buckets`, each exposing its IAM policy, uniform bucket-level access setting, public-access prevention, retention and versioning policies, default encryption key, and lifecycle rules for object-storage audits.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.storageService.bucket":{"id":"gcp.project.storageService.bucket","name":"gcp.project.storageService.bucket","fields":{"acl":{"name":"acl","type":"\u0019\n","title":"Bucket-level access control list (legacy, only populated when uniform bucket-level access is disabled)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"autoclass":{"name":"autoclass","type":"\n","is_mandatory":true,"title":"Automatic storage class management (enabled, toggleTime, terminalStorageClass)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"billing":{"name":"billing","type":"\n","is_mandatory":true,"title":"Billing configuration","desc":"Shape: `{requesterPays}`. When `requesterPays` is true, the caller (not the bucket owner) is billed for requests and egress.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cors":{"name":"cors","type":"\u0019\n","is_mandatory":true,"title":"Cross-Origin Resource Sharing (CORS) rules","desc":"Each rule is shaped `{origin, method, responseHeader, maxAgeSeconds}`. `origin` and `method` lists permit `\"*\"` to mean any origin or method. Used to audit static-site buckets for overly permissive CORS.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customPlacementConfig":{"name":"customPlacementConfig","type":"\n","is_mandatory":true,"title":"Custom placement configuration for dual-region buckets","desc":"Shape: `{dataLocations}`. `dataLocations` is the list of regional locations where data is replicated for this bucket's dual-region placement.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultEventBasedHold":{"name":"defaultEventBasedHold","type":"\u0004","is_mandatory":true,"title":"Whether a default event-based hold is enabled for newly created objects","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultKmsKey":{"name":"defaultKmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Default Cloud KMS encryption key for new objects in this bucket","min_provider_version":"13.2.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"defaultObjectAcl":{"name":"defaultObjectAcl","type":"\u0019\n","title":"Default access control list applied to newly-created objects (legacy, only populated when uniform bucket-level access is disabled)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dlpDataProfile":{"name":"dlpDataProfile","type":"\u001bgcp.project.dlpService.fileStoreDataProfile","title":"Cloud DLP file-store data profile for this bucket","desc":"Reports sensitivity score, risk level, and detected infoTypes. Null when discovery has not profiled this bucket or DLP is not enabled in the project.","min_provider_version":"13.14.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryption":{"name":"encryption","type":"\n","is_mandatory":true,"title":"Encryption configuration","desc":"Includes the default CMEK key (`defaultKmsKeyName`) and the per-type enforcement configs that gate which encryption types may be used for newly-written objects: `customerManagedEncryptionEnforcementConfig`, `customerSuppliedEncryptionEnforcementConfig`, and `googleManagedEncryptionEnforcementConfig`. Each enforcement entry has `effectiveTime` and `restrictionMode` (`NotRestricted` or `FullyRestricted`).","min_provider_version":"11.0.57","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hierarchicalNamespace":{"name":"hierarchicalNamespace","type":"\n","is_mandatory":true,"title":"Hierarchical namespace configuration","desc":"Shape: `{enabled}`. When enabled, the bucket uses folder-based filesystem semantics instead of flat object naming. Policies often want to flag hierarchical-namespace buckets because object and folder operations differ from a standard flat bucket.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamConfiguration":{"name":"iamConfiguration","type":"\n","is_mandatory":true,"title":"IAM configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"iamPolicy":{"name":"iamPolicy","type":"\u0019\u001bgcp.resourcemanager.binding","title":"IAM policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Bucket ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"ipFilter":{"name":"ipFilter","type":"\n","is_mandatory":true,"title":"IP filter configuration","desc":"Restricts which networks may access the bucket and its objects. Shape: `{mode, allowAllServiceAgentAccess, allowCrossOrgVpcs, publicNetworkSource, vpcNetworkSources}`. `mode` is `Enabled` or `Disabled` and the filter is only enforced when `Enabled`. `publicNetworkSource` lists allowed public CIDR ranges; `vpcNetworkSources` lists allowed VPC networks with their CIDR ranges.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lifecycle":{"name":"lifecycle","type":"\u0019\u001bgcp.project.storageService.bucket.lifecycleRule","is_mandatory":true,"title":"Lifecycle configuration","min_provider_version":"11.0.79","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lifecycleRule":{"name":"lifecycleRule","type":"\u001bgcp.project.storageService.bucket.lifecycleRule","title":"Google Cloud bucket's lifecycle configuration","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"lifecycleRuleAction":{"name":"lifecycleRuleAction","type":"\u001bgcp.project.storageService.bucket.lifecycleRuleAction","title":"Lifecycle management rule action and conditions","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"lifecycleRuleCondition":{"name":"lifecycleRuleCondition","type":"\u001bgcp.project.storageService.bucket.lifecycleRuleCondition","title":"The condition(s) under which the action will be taken","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Bucket location","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"locationType":{"name":"locationType","type":"\u0007","is_mandatory":true,"title":"Bucket location type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logging":{"name":"logging","type":"\n","is_mandatory":true,"title":"Access-log destination configuration","desc":"Shape: `{logBucket, logObjectPrefix}`. `logBucket` is the destination bucket that receives this bucket's access logs; `logObjectPrefix` is an optional prefix applied to log object names. Use this to find where logs go; the `loggingEnabled` predicate is the simple is-it-on check.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"loggingEnabled":{"name":"loggingEnabled","type":"\u0004","is_mandatory":true,"title":"Whether bucket access logs are configured (logging.logBucket is set)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metageneration":{"name":"metageneration","type":"\u0005","is_mandatory":true,"title":"Metadata generation of the bucket","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Bucket name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"objectRetentionMode":{"name":"objectRetentionMode","type":"\u0007","is_mandatory":true,"title":"Object retention mode (Enabled or empty)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"owner":{"name":"owner","type":"\n","is_mandatory":true,"title":"Bucket owner","desc":"Shape: `{entity, entityId}`. `entity` is typically `project-owner-\u003cprojectId\u003e`; `entityId` is the entity's stable ID.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectNumber":{"name":"projectNumber","type":"\u0007","is_mandatory":true,"title":"Project number","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"public":{"name":"public","type":"\u0004","title":"Whether the bucket is publicly accessible via any mechanism","desc":"Reflects IAM policy, bucket ACL, or default object ACL. Returns false when iamConfiguration.publicAccessPrevention is \"enforced\".","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicAccessPrevention":{"name":"publicAccessPrevention","type":"\u0007","is_mandatory":true,"title":"Public access prevention setting (inherited, enforced, unspecified)","min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retentionPolicy":{"name":"retentionPolicy","type":"\n","is_mandatory":true,"title":"Retention policy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"retentionPolicyLocked":{"name":"retentionPolicyLocked","type":"\u0004","is_mandatory":true,"title":"Whether the bucket's retention policy is locked (retentionPolicy.isLocked == true)","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"rpo":{"name":"rpo","type":"\u0007","is_mandatory":true,"title":"Recovery Point Objective for cross-region replication (DEFAULT, ASYNC_TURBO)","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPZI":{"name":"satisfiesPZI","type":"\u0004","is_mandatory":true,"title":"Whether the bucket satisfies Google's Protected Zone Isolation requirements","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPZS":{"name":"satisfiesPZS","type":"\u0004","is_mandatory":true,"title":"Whether the bucket satisfies Google's Protected Zone Separation requirements","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"softDeletePolicy":{"name":"softDeletePolicy","type":"\n","is_mandatory":true,"title":"Soft delete policy (retentionDurationSeconds, effectiveTime)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"softDeletePolicyEnabled":{"name":"softDeletePolicyEnabled","type":"\u0004","title":"Whether soft-delete is enabled — true when softDeletePolicy.retentionDurationSeconds \u003e 0","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"softDeleteTime":{"name":"softDeleteTime","type":"\t","is_mandatory":true,"title":"Effective soft-delete timestamp","desc":"The time at which the bucket itself was soft-deleted, separate from `softDeletePolicy` which configures object-level soft-delete retention. Null on live buckets.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"storageClass":{"name":"storageClass","type":"\u0007","is_mandatory":true,"title":"Default storage class","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uniformBucketLevelAccess":{"name":"uniformBucketLevelAccess","type":"\n","is_mandatory":true,"title":"Uniform bucket-level access configuration (enabled, lockedTime)","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uniformBucketLevelAccessEnabled":{"name":"uniformBucketLevelAccessEnabled","type":"\u0004","title":"Whether uniform bucket-level access is enabled — flat hoist of uniformBucketLevelAccess.enabled","min_provider_version":"13.12.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versioningEnabled":{"name":"versioningEnabled","type":"\u0004","is_mandatory":true,"title":"Whether object versioning is enabled","min_provider_version":"11.6.6","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"website":{"name":"website","type":"\n","is_mandatory":true,"title":"Static-website hosting configuration","desc":"Shape: `{mainPageSuffix, notFoundPage}`. `mainPageSuffix` is appended to directory-like requests (typically `index.html`); `notFoundPage` is the object returned for 404 responses. Presence indicates the bucket is serving as a static website.","min_provider_version":"13.16.3","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Storage bucket","desc":"Examine a Cloud Storage bucket's configuration, access controls, and data-protection settings. Surfaces the `storageClass`, `location` and `locationType`, `labels`, IAM policy (including `public()` which flags any `allUsers` / `allAuthenticatedUsers` grant), `iamConfiguration` (uniform bucket-level access, public access prevention), `retentionPolicy` and `retentionPolicyLocked`, object `versioningEnabled`, default CMEK encryption key (`defaultKmsKey()`), lifecycle management rules (`lifecycle`), and soft-delete policy. The `loggingEnabled` predicate indicates whether access logs are being exported to another bucket. Cloud DLP integration surfaces the bucket's `dlpDataProfile()` when enabled.","private":true,"min_provider_version":"9.0.0","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.storageService.bucket.lifecycleRule":{"id":"gcp.project.storageService.bucket.lifecycleRule","name":"gcp.project.storageService.bucket.lifecycleRule","fields":{"action":{"name":"action","type":"\u001bgcp.project.storageService.bucket.lifecycleRuleAction","is_mandatory":true,"title":"The action to take","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"condition":{"name":"condition","type":"\u001bgcp.project.storageService.bucket.lifecycleRuleCondition","is_mandatory":true,"title":"The condition(s) under which the action will be taken","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud bucket's lifecycle configuration","private":true,"min_provider_version":"11.0.79","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.storageService.bucket.lifecycleRuleAction":{"id":"gcp.project.storageService.bucket.lifecycleRuleAction","name":"gcp.project.storageService.bucket.lifecycleRuleAction","fields":{"storageClass":{"name":"storageClass","type":"\u0007","is_mandatory":true,"title":"Target storage class. Required iff the type of the action is SetStorageClass","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of the action","desc":"Currently, only Delete, SetStorageClass, and AbortIncompleteMultipartUpload are supported.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Lifecycle management rule action and conditions","private":true,"min_provider_version":"11.0.79","defaults":"type storageClass","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.storageService.bucket.lifecycleRuleCondition":{"id":"gcp.project.storageService.bucket.lifecycleRuleCondition","name":"gcp.project.storageService.bucket.lifecycleRuleCondition","fields":{"age":{"name":"age","type":"\u0005","is_mandatory":true,"title":"Age of an object (in days)","desc":"This condition is satisfied when an object reaches the specified age.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdBefore":{"name":"createdBefore","type":"\u0007","is_mandatory":true,"title":"CreatedBefore: A date in RFC 3339 format with only the date part","desc":"For instance, \"2013-01-15\". This condition is satisfied when an object is created before midnight of the specified date in UTC.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"customTimeBefore":{"name":"customTimeBefore","type":"\u0007","is_mandatory":true,"title":"CustomTimeBefore: A date in RFC 3339 format with only the date part","desc":"For instance, \"2013-01-15\". This condition is satisfied when the custom time on an object is before this date in UTC.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"daysSinceCustomTime":{"name":"daysSinceCustomTime","type":"\u0005","is_mandatory":true,"title":"DaysSinceCustomTime: Number of days elapsed since the user-specified timestamp","desc":"The condition is satisfied if the days elapsed is at least this number. If no custom timestamp is specified on an object, the condition does not apply.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"daysSinceNoncurrentTime":{"name":"daysSinceNoncurrentTime","type":"\u0005","is_mandatory":true,"title":"DaysSinceNoncurrentTime: Number of days elapsed since the noncurrent timestamp of an object","desc":"The condition is satisfied if the days elapsed is at least this number. This condition is relevant only for versioned objects. The value of the field must be a nonnegative integer. If it's zero, the object version will become eligible for Lifecycle action as soon as it becomes noncurrent.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isLive":{"name":"isLive","type":"\u0004","is_mandatory":true,"title":"IsLive: Relevant only for versioned objects","desc":"If the value is true, this condition matches live objects; if the value is false, it matches archived objects.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"matchesPattern":{"name":"matchesPattern","type":"\u0007","is_mandatory":true,"title":"MatchesPattern: A regular expression that satisfies the RE2 syntax","desc":"This condition is satisfied when the name of the object matches the RE2 pattern.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"matchesPrefix":{"name":"matchesPrefix","type":"\u0019\u0007","is_mandatory":true,"title":"MatchesPrefix: List of object name prefixes","desc":"This condition will be satisfied when at least one of the prefixes exactly matches the beginning of the object name.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"matchesStorageClass":{"name":"matchesStorageClass","type":"\u0019\u0007","is_mandatory":true,"title":"MatchesStorageClass: storage classes selected for this condition","desc":"Objects having any of the storage classes specified by this condition will be matched.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"matchesSuffix":{"name":"matchesSuffix","type":"\u0019\u0007","is_mandatory":true,"title":"MatchesSuffix: List of object name suffixes","desc":"This condition will be satisfied when at least one of the suffixes exactly matches the end of the object name.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"noncurrentTimeBefore":{"name":"noncurrentTimeBefore","type":"\u0007","is_mandatory":true,"title":"NoncurrentTimeBefore: A date in RFC 3339 format with only the date part","desc":"For instance, \"2013-01-15\". This condition is satisfied when the noncurrent time on an object is before this date in UTC. This condition is relevant only for versioned objects.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"numNewerVersions":{"name":"numNewerVersions","type":"\u0005","is_mandatory":true,"title":"NumNewerVersions: Relevant only for versioned objects","desc":"If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"The condition(s) under which the action will be taken","private":true,"min_provider_version":"11.0.79","defaults":"age numNewerVersions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.tagBinding":{"id":"gcp.project.tagBinding","name":"gcp.project.tagBinding","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the tag binding","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resource":{"name":"resource","type":"\u0007","is_mandatory":true,"title":"Full resource name the tag value is bound to (e.g. //cloudresourcemanager.googleapis.com/projects/123)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tagValue":{"name":"tagValue","type":"\u0007","is_mandatory":true,"title":"Permanent ID of the bound tag value (e.g. tagValues/456)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tagValueNamespacedName":{"name":"tagValueNamespacedName","type":"\u0007","is_mandatory":true,"title":"Namespaced name of the bound tag value (e.g. 123/environment/production)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Resource Manager tag binding","desc":"Examine the connection between a tag value and the project. A tag binding applies a `tagValue` to the bound resource and all of its descendants, and tags drive conditional IAM and organization-policy enforcement. The `tagValueNamespacedName` gives the human-readable key/value path and `resource` identifies the bound resource. Tag bindings are selected by their `name`.","private":true,"min_provider_version":"13.18.1","defaults":"tagValueNamespacedName resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService":{"id":"gcp.project.vertexaiService","name":"gcp.project.vertexaiService","fields":{"customJob":{"name":"customJob","type":"\u001bgcp.project.vertexaiService.customJob","title":"Google Cloud (GCP) Vertex AI custom training job","desc":"Examine a Vertex AI custom training job — its current state (QUEUED, PENDING, RUNNING, SUCCEEDED, FAILED, CANCELLING, CANCELLED, PAUSED, EXPIRED), worker pool job specification, encryption specification, error details, and execution timestamps. Use these fields to audit training infrastructure configuration and job lifecycle.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"customJobs":{"name":"customJobs","type":"\u0019\u001bgcp.project.vertexaiService.customJob","title":"Custom training jobs","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataset":{"name":"dataset","type":"\u001bgcp.project.vertexaiService.dataset","title":"Google Cloud (GCP) Vertex AI dataset","desc":"Examine a Vertex AI dataset — its metadata schema URI, user-defined metadata payload, encryption specification (CMEK), and labels. Datasets hold training data for AutoML and custom model workflows; audit them to verify encryption posture and metadata compliance.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"datasets":{"name":"datasets","type":"\u0019\u001bgcp.project.vertexaiService.dataset","title":"List of datasets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpoint":{"name":"endpoint","type":"\u001bgcp.project.vertexaiService.endpoint","title":"Google Cloud (GCP) Vertex AI endpoint","desc":"Examine a Vertex AI endpoint — its deployed models, traffic split percentages, network attachment for private endpoints, whether public endpoint access is enabled, encryption specification (CMEK), and labels. Use these fields to audit model serving configuration and network exposure.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"endpoints":{"name":"endpoints","type":"\u0019\u001bgcp.project.vertexaiService.endpoint","title":"List of endpoints","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"featureOnlineStore":{"name":"featureOnlineStore","type":"\u001bgcp.project.vertexaiService.featureOnlineStore","title":"Google Cloud (GCP) Vertex AI Feature Online Store","desc":"Examine a Vertex AI Feature Online Store — its backend type (Bigtable or Optimized), dedicated serving endpoint, encryption specification, Physical Zone Separation and Isolation compliance flags, and current lifecycle state. Feature Online Stores serve low-latency feature values to models at prediction time.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"featureOnlineStores":{"name":"featureOnlineStores","type":"\u0019\u001bgcp.project.vertexaiService.featureOnlineStore","title":"List of feature online stores","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"index":{"name":"index","type":"\u001bgcp.project.vertexaiService.index","title":"Google Cloud (GCP) Vertex AI vector search index","desc":"Examine a Vertex AI vector search index — its metadata schema URI, index update method (BATCH_UPDATE or STREAM_UPDATE), deployed index references, index statistics (vector count, shard count), and encryption specification. Vector search indexes enable approximate nearest-neighbor search over high-dimensional embeddings.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"indexEndpoint":{"name":"indexEndpoint","type":"\u001bgcp.project.vertexaiService.indexEndpoint","title":"Google Cloud (GCP) Vertex AI vector search index endpoint","desc":"Examine a Vertex AI vector search index endpoint — its deployed indexes, VPC network for private endpoints, whether public endpoint access is enabled, the public endpoint domain name, and encryption specification. Index endpoints serve online vector similarity queries against deployed indexes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"indexEndpoints":{"name":"indexEndpoints","type":"\u0019\u001bgcp.project.vertexaiService.indexEndpoint","title":"Vector search index endpoints","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"indexes":{"name":"indexes","type":"\u0019\u001bgcp.project.vertexaiService.index","title":"Vector search indexes","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadataStore":{"name":"metadataStore","type":"\u001bgcp.project.vertexaiService.metadataStore","title":"Google Cloud (GCP) Vertex AI metadata store","desc":"Examine a Vertex AI Metadata Store — its current state, encryption specification, and Dataplex integration configuration. Metadata stores track ML artifacts, executions, and lineage for reproducibility and governance audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"metadataStores":{"name":"metadataStores","type":"\u0019\u001bgcp.project.vertexaiService.metadataStore","title":"Metadata stores","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"model":{"name":"model","type":"\u001bgcp.project.vertexaiService.model","title":"Google Cloud (GCP) Vertex AI model","desc":"Examine a Vertex AI model — its version ID and aliases, container serving spec, supported deployment resource types, input/output storage formats, artifact URI, training pipeline reference, encryption specification (CMEK), and labels. Use these fields to audit model provenance, encryption posture, and deployment readiness.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"models":{"name":"models","type":"\u0019\u001bgcp.project.vertexaiService.model","title":"List of models","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pipelineJob":{"name":"pipelineJob","type":"\u001bgcp.project.vertexaiService.pipelineJob","title":"Google Cloud (GCP) Vertex AI pipeline job","desc":"Examine a Vertex AI pipeline job — its current state (QUEUED, RUNNING, SUCCEEDED, FAILED, CANCELLING, CANCELLED, PAUSED), pipeline and runtime configuration, service account, VPC network, encryption specification, template URI, and execution timestamps. Use these fields to audit ML pipeline security posture and job lifecycle.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"pipelineJobs":{"name":"pipelineJobs","type":"\u0019\u001bgcp.project.vertexaiService.pipelineJob","title":"List of pipeline jobs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tensorboard":{"name":"tensorboard","type":"\u001bgcp.project.vertexaiService.tensorboard","title":"Google Cloud (GCP) Vertex AI Tensorboard instance","desc":"Examine a Vertex AI Tensorboard instance — its display name, whether it is the default Tensorboard for the project, encryption specification, and labels. Tensorboard instances store and visualize ML experiment metrics and model training runs.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"tensorboards":{"name":"tensorboards","type":"\u0019\u001bgcp.project.vertexaiService.tensorboard","title":"Tensorboard instances","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI","desc":"Use this resource as the entry point for Vertex AI in the project. It hosts the machine-learning surface: `models`, `endpoints`, `datasets`, `customJobs`, `pipelineJobs`, `featureOnlineStores`, `tensorboards`, `metadataStores`, and the vector-search `indexes` and `indexEndpoints`.","private":true,"min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.customJob":{"id":"gcp.project.vertexaiService.customJob","name":"gcp.project.vertexaiService.customJob","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endTime":{"name":"endTime","type":"\t","is_mandatory":true,"title":"End time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"error":{"name":"error","type":"\n","is_mandatory":true,"title":"Error details (if failed)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"jobSpec":{"name":"jobSpec","type":"\n","is_mandatory":true,"title":"Job spec (worker pool specs, scheduling, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"startTime":{"name":"startTime","type":"\t","is_mandatory":true,"title":"Start time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Job state","desc":"One of: JOB_STATE_QUEUED, JOB_STATE_PENDING, JOB_STATE_RUNNING, JOB_STATE_SUCCEEDED, JOB_STATE_FAILED, JOB_STATE_CANCELLING, JOB_STATE_CANCELLED, JOB_STATE_PAUSED, JOB_STATE_EXPIRED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI custom training job","desc":"Examine a Vertex AI custom training job — its current state (QUEUED, PENDING, RUNNING, SUCCEEDED, FAILED, CANCELLING, CANCELLED, PAUSED, EXPIRED), worker pool job specification, encryption specification, error details, and execution timestamps. Use these fields to audit training infrastructure configuration and job lifecycle.","private":true,"min_provider_version":"13.6.1","defaults":"displayName state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.dataset":{"id":"gcp.project.vertexaiService.dataset","name":"gcp.project.vertexaiService.dataset","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadata":{"name":"metadata","type":"\n","is_mandatory":true,"title":"User-defined metadata payload conforming to metadataSchemaUri","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadataSchemaUri":{"name":"metadataSchemaUri","type":"\u0007","is_mandatory":true,"title":"Metadata schema URI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI dataset","desc":"Examine a Vertex AI dataset — its metadata schema URI, user-defined metadata payload, encryption specification (CMEK), and labels. Datasets hold training data for AutoML and custom model workflows; audit them to verify encryption posture and metadata compliance.","private":true,"min_provider_version":"13.1.2","defaults":"name displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.endpoint":{"id":"gcp.project.vertexaiService.endpoint","name":"gcp.project.vertexaiService.endpoint","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deployedModels":{"name":"deployedModels","type":"\u0019\n","is_mandatory":true,"title":"Deployed models","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enablePrivateServiceConnect":{"name":"enablePrivateServiceConnect","type":"\u0004","is_mandatory":true,"title":"Whether private service connect is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec (CMEK)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"Network for private endpoints","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trafficSplit":{"name":"trafficSplit","type":"\u001a\u0007\u0005","is_mandatory":true,"title":"Traffic split (model ID to traffic percentage)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI endpoint","desc":"Examine a Vertex AI endpoint — its deployed models, traffic split percentages, network attachment for private endpoints, whether public endpoint access is enabled, encryption specification (CMEK), and labels. Use these fields to audit model serving configuration and network exposure.","private":true,"min_provider_version":"13.1.2","defaults":"name displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.featureOnlineStore":{"id":"gcp.project.vertexaiService.featureOnlineStore","name":"gcp.project.vertexaiService.featureOnlineStore","fields":{"bigtable":{"name":"bigtable","type":"\n","is_mandatory":true,"title":"Bigtable configuration (if Bigtable backend)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dedicatedServingEndpoint":{"name":"dedicatedServingEndpoint","type":"\n","is_mandatory":true,"title":"Dedicated serving endpoint","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"optimized":{"name":"optimized","type":"\n","is_mandatory":true,"title":"Optimized configuration (if optimized backend)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzi":{"name":"satisfiesPzi","type":"\u0004","is_mandatory":true,"title":"Whether the resource satisfies PZI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"satisfiesPzs":{"name":"satisfiesPzs","type":"\u0004","is_mandatory":true,"title":"Whether the resource satisfies PZS","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI Feature Online Store","desc":"Examine a Vertex AI Feature Online Store — its backend type (Bigtable or Optimized), dedicated serving endpoint, encryption specification, Physical Zone Separation and Isolation compliance flags, and current lifecycle state. Feature Online Stores serve low-latency feature values to models at prediction time.","private":true,"min_provider_version":"13.1.2","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.index":{"id":"gcp.project.vertexaiService.index","name":"gcp.project.vertexaiService.index","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deployedIndexes":{"name":"deployedIndexes","type":"\u0019\n","is_mandatory":true,"title":"Deployed indexes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"indexStats":{"name":"indexStats","type":"\n","is_mandatory":true,"title":"Index stats (vectors count, shards count)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"indexUpdateMethod":{"name":"indexUpdateMethod","type":"\u0007","is_mandatory":true,"title":"Index update method (BATCH_UPDATE, STREAM_UPDATE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadata":{"name":"metadata","type":"\n","is_mandatory":true,"title":"Index metadata","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadataSchemaUri":{"name":"metadataSchemaUri","type":"\u0007","is_mandatory":true,"title":"Metadata schema URI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI vector search index","desc":"Examine a Vertex AI vector search index — its metadata schema URI, index update method (BATCH_UPDATE or STREAM_UPDATE), deployed index references, index statistics (vector count, shard count), and encryption specification. Vector search indexes enable approximate nearest-neighbor search over high-dimensional embeddings.","private":true,"min_provider_version":"13.6.1","defaults":"displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.indexEndpoint":{"id":"gcp.project.vertexaiService.indexEndpoint","name":"gcp.project.vertexaiService.indexEndpoint","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"deployedIndexes":{"name":"deployedIndexes","type":"\u0019\n","is_mandatory":true,"title":"Deployed indexes","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"Network for private endpoints","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicEndpointDomainName":{"name":"publicEndpointDomainName","type":"\u0007","is_mandatory":true,"title":"Public endpoint domain name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"publicEndpointEnabled":{"name":"publicEndpointEnabled","type":"\u0004","is_mandatory":true,"title":"Whether public endpoint is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI vector search index endpoint","desc":"Examine a Vertex AI vector search index endpoint — its deployed indexes, VPC network for private endpoints, whether public endpoint access is enabled, the public endpoint domain name, and encryption specification. Index endpoints serve online vector similarity queries against deployed indexes.","private":true,"min_provider_version":"13.6.1","defaults":"displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.metadataStore":{"id":"gcp.project.vertexaiService.metadataStore","name":"gcp.project.vertexaiService.metadataStore","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataplexConfig":{"name":"dataplexConfig","type":"\n","is_mandatory":true,"title":"Dataplex integration config","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\n","is_mandatory":true,"title":"State information of the metadata store","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI metadata store","desc":"Examine a Vertex AI Metadata Store — its current state, encryption specification, and Dataplex integration configuration. Metadata stores track ML artifacts, executions, and lineage for reproducibility and governance audits.","private":true,"min_provider_version":"13.15.1","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.model":{"id":"gcp.project.vertexaiService.model","name":"gcp.project.vertexaiService.model","fields":{"artifactUri":{"name":"artifactUri","type":"\u0007","is_mandatory":true,"title":"Artifact URI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"containerSpec":{"name":"containerSpec","type":"\n","is_mandatory":true,"title":"Container spec for serving","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec (CMEK)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag used for concurrency control on resource updates","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"modelSourceInfo":{"name":"modelSourceInfo","type":"\n","is_mandatory":true,"title":"Model source info","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"supportedDeploymentResourcesTypes":{"name":"supportedDeploymentResourcesTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Supported deployment resources types","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"supportedInputStorageFormats":{"name":"supportedInputStorageFormats","type":"\u0019\u0007","is_mandatory":true,"title":"Supported input storage formats","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"supportedOutputStorageFormats":{"name":"supportedOutputStorageFormats","type":"\u0019\u0007","is_mandatory":true,"title":"Supported output storage formats","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"trainingPipeline":{"name":"trainingPipeline","type":"\u0007","is_mandatory":true,"title":"Training pipeline resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versionAliases":{"name":"versionAliases","type":"\u0019\u0007","is_mandatory":true,"title":"Version aliases","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versionDescription":{"name":"versionDescription","type":"\u0007","is_mandatory":true,"title":"Version description","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"versionId":{"name":"versionId","type":"\u0007","is_mandatory":true,"title":"Version ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI model","desc":"Examine a Vertex AI model — its version ID and aliases, container serving spec, supported deployment resource types, input/output storage formats, artifact URI, training pipeline reference, encryption specification (CMEK), and labels. Use these fields to audit model provenance, encryption posture, and deployment readiness.","private":true,"min_provider_version":"13.1.2","defaults":"name displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.pipelineJob":{"id":"gcp.project.vertexaiService.pipelineJob","name":"gcp.project.vertexaiService.pipelineJob","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endTime":{"name":"endTime","type":"\t","is_mandatory":true,"title":"End time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"VPC network the resource is attached to","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pipelineSpec":{"name":"pipelineSpec","type":"\n","is_mandatory":true,"title":"Pipeline spec","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"runtimeConfig":{"name":"runtimeConfig","type":"\n","is_mandatory":true,"title":"Runtime config","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u0007","is_mandatory":true,"title":"Service account email used by the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"startTime":{"name":"startTime","type":"\t","is_mandatory":true,"title":"Start time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state (PIPELINE_STATE_QUEUED, RUNNING, SUCCEEDED, FAILED, CANCELLING, CANCELLED, PAUSED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"templateMetadata":{"name":"templateMetadata","type":"\n","is_mandatory":true,"title":"Template metadata","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"templateUri":{"name":"templateUri","type":"\u0007","is_mandatory":true,"title":"Template URI","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI pipeline job","desc":"Examine a Vertex AI pipeline job — its current state (QUEUED, RUNNING, SUCCEEDED, FAILED, CANCELLING, CANCELLED, PAUSED), pipeline and runtime configuration, service account, VPC network, encryption specification, template URI, and execution timestamps. Use these fields to audit ML pipeline security posture and job lifecycle.","private":true,"min_provider_version":"13.1.2","defaults":"name displayName state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.vertexaiService.tensorboard":{"id":"gcp.project.vertexaiService.tensorboard","name":"gcp.project.vertexaiService.tensorboard","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"encryptionSpec":{"name":"encryptionSpec","type":"\n","is_mandatory":true,"title":"Encryption spec","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isDefault":{"name":"isDefault","type":"\u0004","is_mandatory":true,"title":"Whether this is the default Tensorboard","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"kmsKey":{"name":"kmsKey","type":"\u001bgcp.project.kmsService.keyring.cryptokey","title":"Customer-managed Cloud KMS key used to encrypt this resource at rest","min_provider_version":"13.19.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined key/value labels for organizing the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI Tensorboard instance","desc":"Examine a Vertex AI Tensorboard instance — its display name, whether it is the default Tensorboard for the project, encryption specification, and labels. Tensorboard instances store and visualize ML experiment metrics and model training runs.","private":true,"min_provider_version":"13.6.1","defaults":"displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.workbenchService":{"id":"gcp.project.workbenchService","name":"gcp.project.workbenchService","fields":{"instance":{"name":"instance","type":"\u001bgcp.project.workbenchService.instance","title":"Google Cloud (GCP) Vertex AI Workbench instance","desc":"Examine a Vertex AI Workbench managed notebook instance: its lifecycle state, health state (HEALTHY, UNHEALTHY, AGENT_NOT_INSTALLED), proxy endpoint for Jupyter access, instance owners, whether proxy access and public IP are disabled, whether deletion protection is enabled, Compute Engine setup details (including network interfaces and disk configuration), and creation and update timestamps.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.workbenchService.instance","title":"List of Vertex AI Workbench instances","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI Workbench","desc":"Use this resource as the entry point for Vertex AI Workbench in the project. It hosts the managed notebook `instances` — each exposing its machine configuration, network and access settings, health state, and public-IP exposure for data-science environment audits.","private":true,"min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.workbenchService.instance":{"id":"gcp.project.workbenchService.instance","name":"gcp.project.workbenchService.instance","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Instance creation time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"creator":{"name":"creator","type":"\u0007","is_mandatory":true,"title":"Email address of the entity that created the instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disableProxyAccess":{"name":"disableProxyAccess","type":"\u0004","is_mandatory":true,"title":"Whether the instance is registered with the notebook proxy","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"disablePublicIp":{"name":"disablePublicIp","type":"\u0004","is_mandatory":true,"title":"Whether the instance has no external IP address assigned","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableDeletionProtection":{"name":"enableDeletionProtection","type":"\u0004","is_mandatory":true,"title":"Whether deletion protection is enabled for this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableThirdPartyIdentity":{"name":"enableThirdPartyIdentity","type":"\u0004","is_mandatory":true,"title":"Whether third party identity provider access is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gceSetup":{"name":"gceSetup","type":"\n","is_mandatory":true,"title":"Compute Engine setup for the notebook, including disablePublicIp and network interfaces","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"healthState":{"name":"healthState","type":"\u0007","is_mandatory":true,"title":"Instance health state (HEALTHY, UNHEALTHY, AGENT_NOT_INSTALLED, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instanceOwners":{"name":"instanceOwners","type":"\u0019\u0007","is_mandatory":true,"title":"Owners of this instance","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (projects/{project}/locations/{location}/instances/{instance})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"proxyUri":{"name":"proxyUri","type":"\u0007","is_mandatory":true,"title":"Proxy endpoint used to access the Jupyter notebook","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State of the instance (ACTIVE, STOPPED, PROVISIONING, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Instance last update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI Workbench instance","desc":"Examine a Vertex AI Workbench managed notebook instance: its lifecycle state, health state (HEALTHY, UNHEALTHY, AGENT_NOT_INSTALLED), proxy endpoint for Jupyter access, instance owners, whether proxy access and public IP are disabled, whether deletion protection is enabled, Compute Engine setup details (including network interfaces and disk configuration), and creation and update timestamps.","private":true,"min_provider_version":"13.15.1","defaults":"name state healthState","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.workflowsService":{"id":"gcp.project.workflowsService","name":"gcp.project.workflowsService","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the Workflows API is enabled for the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"workflow":{"name":"workflow","type":"\u001bgcp.project.workflowsService.workflow","title":"Google Cloud Workflows workflow","desc":"Examine a workflow definition and its execution settings. Surfaces the `state`, the `serviceAccount` identity executions run as, the `sourceContents` (the workflow definition), the active `revisionId`, `callLogLevel` and `executionHistoryLevel` logging settings, the customer-managed encryption key (`cryptoKeyName`) and `allKmsKeys` in effect, and user-defined environment variables. Selected by its full resource name, for example `projects/my-project/locations/us-central1/workflows/my-workflow`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"workflows":{"name":"workflows","type":"\u0019\u001bgcp.project.workflowsService.workflow","title":"Workflows across all locations in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Workflows","desc":"Use this resource as the entry point for Workflows in the project. It hosts the `workflows` — serverless orchestrations that chain together services and APIs — and `enabled` reports whether the Workflows API is turned on for the project.","private":true,"min_provider_version":"13.18.1","defaults":"projectId","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.workflowsService.workflow":{"id":"gcp.project.workflowsService.workflow","name":"gcp.project.workflowsService.workflow","fields":{"allKmsKeys":{"name":"allKmsKeys","type":"\u0019\u0007","is_mandatory":true,"title":"All KMS key resource names in use by the workflow and its revisions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"callLogLevel":{"name":"callLogLevel","type":"\u0007","is_mandatory":true,"title":"Severity of calls logged to Cloud Logging during executions","desc":"One of LOG_ALL_CALLS, LOG_ERRORS_ONLY, LOG_NONE, or CALL_LOG_LEVEL_UNSPECIFIED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Creation timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"cryptoKeyName":{"name":"cryptoKeyName","type":"\u0007","is_mandatory":true,"title":"Resource name of the customer-managed encryption key, if configured","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"User-provided description of the workflow","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"executionHistoryLevel":{"name":"executionHistoryLevel","type":"\u0007","is_mandatory":true,"title":"Granularity of execution history retained for the workflow","desc":"One of EXECUTION_HISTORY_BASIC, EXECUTION_HISTORY_DETAILED, or EXECUTION_HISTORY_LEVEL_UNSPECIFIED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Full resource name of the workflow","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-provided labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"location":{"name":"location","type":"\u0007","is_mandatory":true,"title":"Location (region) where the workflow resides","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Short name of the workflow","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"revisionCreated":{"name":"revisionCreated","type":"\t","is_mandatory":true,"title":"Time the current revision was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"revisionId":{"name":"revisionId","type":"\u0007","is_mandatory":true,"title":"Revision ID of the deployed workflow definition","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u001bgcp.project.iamService.serviceAccount","title":"Service account executions run as","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccountEmail":{"name":"serviceAccountEmail","type":"\u0007","is_mandatory":true,"title":"Email of the service account executions run as","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceContents":{"name":"sourceContents","type":"\u0007","is_mandatory":true,"title":"Source definition of the workflow (YAML or JSON)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Workflow lifecycle state","desc":"One of ACTIVE, UNAVAILABLE, or STATE_UNSPECIFIED.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"stateError":{"name":"stateError","type":"\n","is_mandatory":true,"title":"Detail of the last state error, if any","desc":"Exposes `type` (the kind of error, for example KMS_ERROR) and `details` (a human-readable message). Null when the workflow is healthy.","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updated":{"name":"updated","type":"\t","is_mandatory":true,"title":"Last update timestamp","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"userEnvVars":{"name":"userEnvVars","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"User-defined environment variables available to executions","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Workflows workflow","desc":"Examine a workflow definition and its execution settings. Surfaces the `state`, the `serviceAccount` identity executions run as, the `sourceContents` (the workflow definition), the active `revisionId`, `callLogLevel` and `executionHistoryLevel` logging settings, the customer-managed encryption key (`cryptoKeyName`) and `allKmsKeys` in effect, and user-defined environment variables. Selected by its full resource name, for example `projects/my-project/locations/us-central1/workflows/my-workflow`.","private":true,"min_provider_version":"13.18.1","defaults":"name state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.workstationsService":{"id":"gcp.project.workstationsService","name":"gcp.project.workstationsService","fields":{"cluster":{"name":"cluster","type":"\u001bgcp.project.workstationsService.cluster","title":"Google Cloud (GCP) Cloud Workstations cluster","desc":"Examine a Cloud Workstations cluster: its VPC network and subnetwork, the private control-plane IP address, whether the cluster is in degraded mode, whether it is currently reconciling toward its intended state, private cluster configuration (endpoint enablement, cluster hostname, service attachment URI, allowed projects), resource labels, client annotations, and creation and update timestamps.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"clusters":{"name":"clusters","type":"\u0019\u001bgcp.project.workstationsService.cluster","title":"List of Cloud Workstations clusters","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Workstations","desc":"Use this resource as the entry point for Cloud Workstations in the project. It hosts the workstation `clusters` — each exposing its network configuration, private-cluster settings, and degraded state for managed-development-environment audits.","private":true,"min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.project.workstationsService.cluster":{"id":"gcp.project.workstationsService.cluster","name":"gcp.project.workstationsService.cluster","fields":{"annotations":{"name":"annotations","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Client-specified annotations","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"controlPlaneIp":{"name":"controlPlaneIp","type":"\u0007","is_mandatory":true,"title":"Private IP address of the control plane for this workstation cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Time when this workstation cluster was created","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"degraded":{"name":"degraded","type":"\u0004","is_mandatory":true,"title":"Whether this workstation cluster is in degraded mode","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Human-readable name for this workstation cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"labels":{"name":"labels","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Resource labels","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name of the workstation cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"network":{"name":"network","type":"\u0007","is_mandatory":true,"title":"URL of the Compute Engine network for instances in this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"privateClusterConfig":{"name":"privateClusterConfig","type":"\n","is_mandatory":true,"title":"Configuration for a private workstation cluster (enablePrivateEndpoint, clusterHostname, serviceAttachmentUri, allowedProjects)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"reconciling":{"name":"reconciling","type":"\u0004","is_mandatory":true,"title":"Whether this workstation cluster is currently being updated to match its intended state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"subnetwork":{"name":"subnetwork","type":"\u0007","is_mandatory":true,"title":"URL of the Compute Engine subnetwork for instances in this cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"uid":{"name":"uid","type":"\u0007","is_mandatory":true,"title":"System-assigned unique identifier for this workstation cluster","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Time when this workstation cluster was most recently updated","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Workstations cluster","desc":"Examine a Cloud Workstations cluster: its VPC network and subnetwork, the private control-plane IP address, whether the cluster is in degraded mode, whether it is currently reconciling toward its intended state, private cluster configuration (endpoint enablement, cluster hostname, service attachment URI, allowed projects), resource labels, client annotations, and creation and update timestamps.","private":true,"min_provider_version":"13.15.1","defaults":"name displayName degraded","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.projects":{"id":"gcp.projects","name":"gcp.projects","fields":{"children":{"name":"children","type":"\u0019\u001bgcp.project","title":"List of the children projects only (non-recursive)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"list":{"name":"list","type":"\u0019\u001bgcp.project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parentId":{"name":"parentId","type":"\u0007","is_mandatory":true,"title":"Parent ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"list_type":"\u001bgcp.project","title":"Google Cloud (GCP) projects","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.recommendation":{"id":"gcp.recommendation","name":"gcp.recommendation","fields":{"additionalImpact":{"name":"additionalImpact","type":"\u0019\n","is_mandatory":true,"title":"Optional set of additional impact that this recommendation can have","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"category":{"name":"category","type":"\u0007","is_mandatory":true,"title":"Category of primary impact","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"content":{"name":"content","type":"\n","is_mandatory":true,"title":"Recommended changes to resources","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"ID of recommendation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"lastRefreshTime":{"name":"lastRefreshTime","type":"\t","is_mandatory":true,"title":"Last time this recommendation was refreshed","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Description of the recommendation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"primaryImpact":{"name":"primaryImpact","type":"\n","is_mandatory":true,"title":"The primary impact that this recommendation can have","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"priority":{"name":"priority","type":"\u0007","is_mandatory":true,"title":"Recommendation's priority","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"recommender":{"name":"recommender","type":"\u0007","is_mandatory":true,"title":"ID of the recommender that produced this recommendation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\n","is_mandatory":true,"title":"State and metadata of recommendation","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"zoneName":{"name":"zoneName","type":"\u0007","is_mandatory":true,"title":"Zone name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud recommendation","desc":"Examine a single recommendation and the action Recommender suggests taking. Surfaces the recommendation `id`, the `recommender` that produced it (for example `google.compute.instance.IdleResourceRecommender`), the recommendation `category` and `priority`, the proposed resource changes in `content`, the `primaryImpact` and `additionalImpact` projections (cost, security, performance, reliability, etc.), the `lastRefreshTime`, and the lifecycle `state` reflecting whether the recommendation is active, claimed, dismissed, or applied.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.resourcemanager":{"id":"gcp.resourcemanager","fields":{"auditConfig":{"name":"auditConfig","type":"\u001bgcp.resourcemanager.auditConfig","title":"Google Cloud (GCP) audit logging configuration for a service","desc":"Examine the Cloud Audit Logs configuration for a single GCP service within a project, folder, or organization IAM policy. `service` is either `allServices` (a catch-all) or a specific service hostname such as `storage.googleapis.com`. Drill into `auditLogConfigs` to see which log types (`ADMIN_READ`, `DATA_READ`, `DATA_WRITE`) are enabled and which principals are exempted.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"binding":{"name":"binding","type":"\u001bgcp.resourcemanager.binding","title":"Google Cloud (GCP) Resource Manager binding","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"is_extension":true},"gcp.resourcemanager.auditConfig":{"id":"gcp.resourcemanager.auditConfig","name":"gcp.resourcemanager.auditConfig","fields":{"auditLogConfigs":{"name":"auditLogConfigs","type":"\u0019\u001bgcp.resourcemanager.auditConfig.logConfig","is_mandatory":true,"title":"Audit log configurations per log type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logConfig":{"name":"logConfig","type":"\u001bgcp.resourcemanager.auditConfig.logConfig","title":"Google Cloud (GCP) audit log configuration for a specific log type","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"service":{"name":"service","type":"\u0007","is_mandatory":true,"title":"Service name (e.g., \"allServices\", \"storage.googleapis.com\")","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) audit logging configuration for a service","desc":"Examine the Cloud Audit Logs configuration for a single GCP service within a project, folder, or organization IAM policy. `service` is either `allServices` (a catch-all) or a specific service hostname such as `storage.googleapis.com`. Drill into `auditLogConfigs` to see which log types (`ADMIN_READ`, `DATA_READ`, `DATA_WRITE`) are enabled and which principals are exempted.","private":true,"min_provider_version":"11.5.1","defaults":"service","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.resourcemanager.auditConfig.logConfig":{"id":"gcp.resourcemanager.auditConfig.logConfig","name":"gcp.resourcemanager.auditConfig.logConfig","fields":{"exemptedMembers":{"name":"exemptedMembers","type":"\u0019\u0007","is_mandatory":true,"title":"Principals exempt from this log type","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"logType":{"name":"logType","type":"\u0007","is_mandatory":true,"title":"Log type (ADMIN_READ, DATA_READ, DATA_WRITE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) audit log configuration for a specific log type","private":true,"min_provider_version":"11.5.1","defaults":"logType","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.resourcemanager.binding":{"id":"gcp.resourcemanager.binding","name":"gcp.resourcemanager.binding","fields":{"conditionDescription":{"name":"conditionDescription","type":"\u0007","is_mandatory":true,"title":"Description of the IAM condition that scopes this binding","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"conditionExpression":{"name":"conditionExpression","type":"\u0007","is_mandatory":true,"title":"CEL expression of the IAM condition that scopes this binding (empty when the binding is unconditional)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"conditionTitle":{"name":"conditionTitle","type":"\u0007","is_mandatory":true,"title":"Title of the IAM condition that scopes this binding (empty when the binding is unconditional)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"grantsImpersonation":{"name":"grantsImpersonation","type":"\u0004","title":"Whether the bound role grants service-account impersonation","desc":"True when the role is one of roles/iam.serviceAccountTokenCreator, roles/iam.serviceAccountUser, roles/iam.workloadIdentityUser, or roles/iam.serviceAccountKeyAdmin — the roles that surface impersonation and privilege-escalation paths.","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"hasExternalMembers":{"name":"hasExternalMembers","type":"\u0004","title":"Whether any member is allUsers or allAuthenticatedUsers, exposing the binding to the public","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID for this resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"isPrimitiveRole":{"name":"isPrimitiveRole","type":"\u0004","title":"Whether the bound role is a primitive role (roles/owner, roles/editor, or roles/viewer)","min_provider_version":"13.18.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"members":{"name":"members","type":"\u0019\u0007","is_mandatory":true,"title":"Principals requesting access for a Google Cloud resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"role":{"name":"role","type":"\u0007","is_mandatory":true,"title":"Role assigned to the list of members or principals","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Resource Manager binding","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.retryConfig":{"id":"gcp.retryConfig","name":"gcp.retryConfig","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Internal ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxAttempts":{"name":"maxAttempts","type":"\u0005","is_mandatory":true,"title":"Maximum number of attempts (0 means unlimited)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxBackoff":{"name":"maxBackoff","type":"\u0007","is_mandatory":true,"title":"Maximum time between retries","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxDoublings":{"name":"maxDoublings","type":"\u0005","is_mandatory":true,"title":"Maximum number of times the retry interval will be doubled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"maxRetryDuration":{"name":"maxRetryDuration","type":"\u0007","is_mandatory":true,"title":"Maximum total time to retry a failed task or job","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"minBackoff":{"name":"minBackoff","type":"\u0007","is_mandatory":true,"title":"Minimum time between retries","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) retry configuration (shared across Cloud Tasks and Cloud Scheduler)","private":true,"min_provider_version":"11.6.6","defaults":"maxAttempts maxDoublings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.scc":{"id":"gcp.scc","fields":{"bigQueryExport":{"name":"bigQueryExport","type":"\u001bgcp.scc.bigQueryExport","title":"Google Cloud Security Command Center BigQuery export config","desc":"Examine a Security Command Center BigQuery export configuration — the target BigQuery dataset, the CEL filter expression that selects which findings are exported, and the identity of the most recent editor. BigQuery exports stream matching findings into a dataset for analysis and long-term retention.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"finding":{"name":"finding","type":"\u001bgcp.scc.finding","title":"Google Cloud Security Command Center finding","desc":"Examine a Security Command Center finding — its category (e.g., OPEN_FIREWALL, PUBLIC_BUCKET_ACL), severity (CRITICAL, HIGH, MEDIUM, LOW), state (ACTIVE, INACTIVE), mute state, finding class (THREAT, VULNERABILITY, MISCONFIGURATION), affected resource name, event and create times, source-specific properties, security marks, and external exposure details including toxic combination and chokepoint analysis.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"muteConfig":{"name":"muteConfig","type":"\u001bgcp.scc.muteConfig","title":"Google Cloud Security Command Center mute config","desc":"Examine a Security Command Center mute configuration — its display name, CEL filter expression that determines which findings are muted, and the identity of the most recent editor. Mute configs suppress findings that match the filter from appearing as active in the console.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"notificationConfig":{"name":"notificationConfig","type":"\u001bgcp.scc.notificationConfig","title":"Google Cloud Security Command Center notification config","desc":"Examine a Security Command Center notification configuration — its Pub/Sub topic target, the service account used to publish messages, and the CEL filter expression that controls which findings trigger notifications.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"organizationSettings":{"name":"organizationSettings","type":"\u001bgcp.scc.organizationSettings","title":"Google Cloud Security Command Center organization settings","desc":"Examine the Security Command Center organization-level settings — whether Cloud asset discovery is enabled and the asset discovery configuration that controls which project types and regions are included in the inventory.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"source":{"name":"source","type":"\u001bgcp.scc.source","title":"Google Cloud Security Command Center source","desc":"Examine a Security Command Center finding source — its display name, description, and canonical name. Sources represent the security tools or services (built-in or third-party) that generate findings surfaced in Security Command Center.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true}},"is_extension":true},"gcp.scc.bigQueryExport":{"id":"gcp.scc.bigQueryExport","name":"gcp.scc.bigQueryExport","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Create time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataset":{"name":"dataset","type":"\u0007","is_mandatory":true,"title":"BigQuery dataset (projects/{project}/datasets/{dataset})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Filter expression for findings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mostRecentEditor":{"name":"mostRecentEditor","type":"\u0007","is_mandatory":true,"title":"Most recent editor","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Security Command Center BigQuery export config","desc":"Examine a Security Command Center BigQuery export configuration — the target BigQuery dataset, the CEL filter expression that selects which findings are exported, and the identity of the most recent editor. BigQuery exports stream matching findings into a dataset for analysis and long-term retention.","private":true,"min_provider_version":"13.3.4","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.scc.finding":{"id":"gcp.scc.finding","name":"gcp.scc.finding","fields":{"category":{"name":"category","type":"\u0007","is_mandatory":true,"title":"Category (e.g., OPEN_FIREWALL, PUBLIC_BUCKET_ACL)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"chokepoint":{"name":"chokepoint","type":"\n","is_mandatory":true,"title":"Chokepoint analysis for the finding","min_provider_version":"13.3.5","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Create time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"eventTime":{"name":"eventTime","type":"\t","is_mandatory":true,"title":"Event time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalExposure":{"name":"externalExposure","type":"\n","is_mandatory":true,"title":"External exposure details for the finding","min_provider_version":"13.3.5","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"externalUri":{"name":"externalUri","type":"\u0007","is_mandatory":true,"title":"URI to the finding in SCC console","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"findingClass":{"name":"findingClass","type":"\u0007","is_mandatory":true,"title":"Finding class (THREAT, VULNERABILITY, MISCONFIGURATION, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mute":{"name":"mute","type":"\u0007","is_mandatory":true,"title":"Mute state (MUTED, UNMUTED, UNDEFINED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parent":{"name":"parent","type":"\u0007","is_mandatory":true,"title":"Parent source resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"resourceName":{"name":"resourceName","type":"\u0007","is_mandatory":true,"title":"Full resource name of the affected resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"securityMarks":{"name":"securityMarks","type":"\n","is_mandatory":true,"title":"Security marks","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"severity":{"name":"severity","type":"\u0007","is_mandatory":true,"title":"Severity (CRITICAL, HIGH, MEDIUM, LOW, UNSPECIFIED)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"sourceProperties":{"name":"sourceProperties","type":"\n","is_mandatory":true,"title":"Source-specific properties","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"State (ACTIVE, INACTIVE)","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"toxicCombination":{"name":"toxicCombination","type":"\n","is_mandatory":true,"title":"Toxic combination details (attack exposure score and related findings)","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Security Command Center finding","desc":"Examine a Security Command Center finding — its category (e.g., OPEN_FIREWALL, PUBLIC_BUCKET_ACL), severity (CRITICAL, HIGH, MEDIUM, LOW), state (ACTIVE, INACTIVE), mute state, finding class (THREAT, VULNERABILITY, MISCONFIGURATION), affected resource name, event and create times, source-specific properties, security marks, and external exposure details including toxic combination and chokepoint analysis.","private":true,"min_provider_version":"13.3.4","defaults":"name category severity","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.scc.muteConfig":{"id":"gcp.scc.muteConfig","name":"gcp.scc.muteConfig","fields":{"createTime":{"name":"createTime","type":"\t","is_mandatory":true,"title":"Create time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Filter expression","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"mostRecentEditor":{"name":"mostRecentEditor","type":"\u0007","is_mandatory":true,"title":"Most recent editor","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"updateTime":{"name":"updateTime","type":"\t","is_mandatory":true,"title":"Update time","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Security Command Center mute config","desc":"Examine a Security Command Center mute configuration — its display name, CEL filter expression that determines which findings are muted, and the identity of the most recent editor. Mute configs suppress findings that match the filter from appearing as active in the console.","private":true,"min_provider_version":"13.3.4","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.scc.notificationConfig":{"id":"gcp.scc.notificationConfig","name":"gcp.scc.notificationConfig","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"filter":{"name":"filter","type":"\u0007","is_mandatory":true,"title":"Filter expression for findings","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pubsubTopic":{"name":"pubsubTopic","type":"\u0007","is_mandatory":true,"title":"Pub/Sub topic for notifications","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"serviceAccount":{"name":"serviceAccount","type":"\u0007","is_mandatory":true,"title":"Service account for topic publishing","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Security Command Center notification config","desc":"Examine a Security Command Center notification configuration — its Pub/Sub topic target, the service account used to publish messages, and the CEL filter expression that controls which findings trigger notifications.","private":true,"min_provider_version":"13.3.4","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.scc.organizationSettings":{"id":"gcp.scc.organizationSettings","name":"gcp.scc.organizationSettings","fields":{"assetDiscoveryConfig":{"name":"assetDiscoveryConfig","type":"\n","is_mandatory":true,"title":"Asset discovery configuration","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"enableAssetDiscovery":{"name":"enableAssetDiscovery","type":"\u0004","is_mandatory":true,"title":"Whether Cloud SCC asset discovery is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Security Command Center organization settings","desc":"Examine the Security Command Center organization-level settings — whether Cloud asset discovery is enabled and the asset discovery configuration that controls which project types and regions are included in the inventory.","private":true,"min_provider_version":"13.6.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.scc.source":{"id":"gcp.scc.source","name":"gcp.scc.source","fields":{"canonicalName":{"name":"canonicalName","type":"\u0007","is_mandatory":true,"title":"Canonical name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description of the resource","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Full resource name (organizations/{orgId}/sources/{sourceId})","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud Security Command Center source","desc":"Examine a Security Command Center finding source — its display name, description, and canonical name. Sources represent the security tools or services (built-in or third-party) that generate findings surfaced in Security Command Center.","private":true,"min_provider_version":"13.3.4","defaults":"name displayName","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.service":{"id":"gcp.service","name":"gcp.service","fields":{"enabled":{"name":"enabled","type":"\u0004","title":"Whether the service is enabled","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Service name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"parentName":{"name":"parentName","type":"\u0007","is_mandatory":true,"title":"Service parent name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Service state","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"title":{"name":"title","type":"\u0007","is_mandatory":true,"title":"Service title","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud service API","desc":"Examine a single Google Cloud service API (compute.googleapis.com, iam.googleapis.com, etc.) and whether it is enabled for the parent project. Surfaces the canonical service `name`, the `title` Google uses for the service, the parent project, the service `state`, and the `enabled` predicate that audits whether the API has been turned on. The parent `gcp.project.services()` collection lists every available and enabled service for a project.","min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.spanner":{"id":"gcp.project.spannerService","name":"gcp.project.spannerService","fields":{"instance":{"name":"instance","type":"\u001bgcp.project.spannerService.instance","title":"Google Cloud (GCP) Spanner instance","desc":"Examine a Cloud Spanner instance — the top-level billable unit that holds databases and backups. Query its compute allocation (`nodeCount`, `processingUnits`, `autoscalingConfig`), edition, state, and endpoint URIs. Drill into `databases` for schema and IAM audits, `backups` and `backupSchedules` for retention policy audits, and `instancePartitions` for geographic data-placement configuration.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceConfig":{"name":"instanceConfig","type":"\u001bgcp.project.spannerService.instanceConfig","title":"Google Cloud (GCP) Spanner instance configuration","desc":"Examine a Cloud Spanner instance configuration — the regional or multi-region placement template used when creating or comparing instances. Query the list of replica regions (`replicas`), allowed leader regions (`leaderOptions`), configuration type (`GOOGLE_MANAGED` or `USER_MANAGED`), and free-instance availability. For user-managed configurations, `baseConfig` names the Google-managed config it derives from.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instanceConfigs":{"name":"instanceConfigs","type":"\u0019\u001bgcp.project.spannerService.instanceConfig","title":"List of available Spanner instance configurations","min_provider_version":"13.7.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.spannerService.instance","title":"List of Spanner instances in the project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Spanner","desc":"Use this resource as the entry point for Spanner in the project. It hosts the project's `instances` (with their databases and backups) and the available `instanceConfigs` that determine regional and multi-region placement.","private":true,"min_provider_version":"11.3.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.sql":{"id":"gcp.project.sqlService","name":"gcp.project.sqlService","fields":{"backupRun":{"name":"backupRun","type":"\u001bgcp.project.sqlService.backupRun","title":"Google Cloud SQL backup run","desc":"Examine a Cloud SQL backup run's status, timing, and storage configuration. Surfaces the `backupKind` (SNAPSHOT or PHYSICAL), `status` (ENQUEUED, RUNNING, FAILED, SUCCESSFUL, SKIPPED, DELETED), `startTime`, `endTime`, `enqueuedTime`, `location`, `databaseVersion` at backup time, disk-encryption configuration, and any `error` details for failed runs. The `type` field distinguishes AUTOMATED, ON_DEMAND, and FINAL backups.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instance":{"name":"instance","type":"\u001bgcloud.sql.instance","title":"Google Cloud SQL managed database instance","desc":"Examine a Cloud SQL instance's configuration, connectivity, and security posture. Surfaces the `databaseVersion`, `state`, `region`, `zone()`, instance `settings` (backup configuration, IP configuration, database flags, password policy, maintenance window), assigned `ipAddresses`, CMEK disk-encryption key (`kmsKey()`), replica configuration, and PSC / private networking attributes. Derived predicates include `publicIpEnabled()`, `backupConfigurationEnabled()`, `pointInTimeRecoveryEnabled()`, `hasBuiltInUsers()`, and `localRootEnabled()`. Child collections expose `databases()`, `users()`, `sslCerts()`, and `backupRuns()`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"instances":{"name":"instances","type":"\u0019\u001bgcp.project.sqlService.instance","title":"List of Cloud SQL instances in the current project","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud SQL","desc":"Use this resource as the entry point for Cloud SQL in the project. It hosts the managed-database `instances` — each exposing its database engine and version, connection settings, automated backup configuration, SSL/TLS enforcement, authorized networks, and database flags for relational-database audits.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.storage":{"id":"gcp.project.storageService","name":"gcp.project.storageService","fields":{"bucket":{"name":"bucket","type":"\u001bgcloud.storage.bucket","title":"Google Cloud Storage bucket","desc":"Examine a Cloud Storage bucket's configuration, access controls, and data-protection settings. Surfaces the `storageClass`, `location` and `locationType`, `labels`, IAM policy (including `public()` which flags any `allUsers` / `allAuthenticatedUsers` grant), `iamConfiguration` (uniform bucket-level access, public access prevention), `retentionPolicy` and `retentionPolicyLocked`, object `versioningEnabled`, default CMEK encryption key (`defaultKmsKey()`), lifecycle management rules (`lifecycle`), and soft-delete policy. The `loggingEnabled` predicate indicates whether access logs are being exported to another bucket. Cloud DLP integration surfaces the bucket's `dlpDataProfile()` when enabled.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"buckets":{"name":"buckets","type":"\u0019\u001bgcp.project.storageService.bucket","title":"List all buckets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Cloud Storage","desc":"Use this resource as the entry point for Cloud Storage in the project. It hosts the project's `buckets`, each exposing its IAM policy, uniform bucket-level access setting, public-access prevention, retention and versioning policies, default encryption key, and lifecycle rules for object-storage audits.","private":true,"min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"gcp.vertexai":{"id":"gcp.project.vertexaiService","name":"gcp.project.vertexaiService","fields":{"customJob":{"name":"customJob","type":"\u001bgcp.project.vertexaiService.customJob","title":"Google Cloud (GCP) Vertex AI custom training job","desc":"Examine a Vertex AI custom training job — its current state (QUEUED, PENDING, RUNNING, SUCCEEDED, FAILED, CANCELLING, CANCELLED, PAUSED, EXPIRED), worker pool job specification, encryption specification, error details, and execution timestamps. Use these fields to audit training infrastructure configuration and job lifecycle.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"customJobs":{"name":"customJobs","type":"\u0019\u001bgcp.project.vertexaiService.customJob","title":"Custom training jobs","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"dataset":{"name":"dataset","type":"\u001bgcp.project.vertexaiService.dataset","title":"Google Cloud (GCP) Vertex AI dataset","desc":"Examine a Vertex AI dataset — its metadata schema URI, user-defined metadata payload, encryption specification (CMEK), and labels. Datasets hold training data for AutoML and custom model workflows; audit them to verify encryption posture and metadata compliance.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"datasets":{"name":"datasets","type":"\u0019\u001bgcp.project.vertexaiService.dataset","title":"List of datasets","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"endpoint":{"name":"endpoint","type":"\u001bgcp.project.vertexaiService.endpoint","title":"Google Cloud (GCP) Vertex AI endpoint","desc":"Examine a Vertex AI endpoint — its deployed models, traffic split percentages, network attachment for private endpoints, whether public endpoint access is enabled, encryption specification (CMEK), and labels. Use these fields to audit model serving configuration and network exposure.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"endpoints":{"name":"endpoints","type":"\u0019\u001bgcp.project.vertexaiService.endpoint","title":"List of endpoints","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"featureOnlineStore":{"name":"featureOnlineStore","type":"\u001bgcp.project.vertexaiService.featureOnlineStore","title":"Google Cloud (GCP) Vertex AI Feature Online Store","desc":"Examine a Vertex AI Feature Online Store — its backend type (Bigtable or Optimized), dedicated serving endpoint, encryption specification, Physical Zone Separation and Isolation compliance flags, and current lifecycle state. Feature Online Stores serve low-latency feature values to models at prediction time.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"featureOnlineStores":{"name":"featureOnlineStores","type":"\u0019\u001bgcp.project.vertexaiService.featureOnlineStore","title":"List of feature online stores","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"index":{"name":"index","type":"\u001bgcp.project.vertexaiService.index","title":"Google Cloud (GCP) Vertex AI vector search index","desc":"Examine a Vertex AI vector search index — its metadata schema URI, index update method (BATCH_UPDATE or STREAM_UPDATE), deployed index references, index statistics (vector count, shard count), and encryption specification. Vector search indexes enable approximate nearest-neighbor search over high-dimensional embeddings.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"indexEndpoint":{"name":"indexEndpoint","type":"\u001bgcp.project.vertexaiService.indexEndpoint","title":"Google Cloud (GCP) Vertex AI vector search index endpoint","desc":"Examine a Vertex AI vector search index endpoint — its deployed indexes, VPC network for private endpoints, whether public endpoint access is enabled, the public endpoint domain name, and encryption specification. Index endpoints serve online vector similarity queries against deployed indexes.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"indexEndpoints":{"name":"indexEndpoints","type":"\u0019\u001bgcp.project.vertexaiService.indexEndpoint","title":"Vector search index endpoints","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"indexes":{"name":"indexes","type":"\u0019\u001bgcp.project.vertexaiService.index","title":"Vector search indexes","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"metadataStore":{"name":"metadataStore","type":"\u001bgcp.project.vertexaiService.metadataStore","title":"Google Cloud (GCP) Vertex AI metadata store","desc":"Examine a Vertex AI Metadata Store — its current state, encryption specification, and Dataplex integration configuration. Metadata stores track ML artifacts, executions, and lineage for reproducibility and governance audits.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"metadataStores":{"name":"metadataStores","type":"\u0019\u001bgcp.project.vertexaiService.metadataStore","title":"Metadata stores","min_provider_version":"13.15.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"model":{"name":"model","type":"\u001bgcp.project.vertexaiService.model","title":"Google Cloud (GCP) Vertex AI model","desc":"Examine a Vertex AI model — its version ID and aliases, container serving spec, supported deployment resource types, input/output storage formats, artifact URI, training pipeline reference, encryption specification (CMEK), and labels. Use these fields to audit model provenance, encryption posture, and deployment readiness.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"models":{"name":"models","type":"\u0019\u001bgcp.project.vertexaiService.model","title":"List of models","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"pipelineJob":{"name":"pipelineJob","type":"\u001bgcp.project.vertexaiService.pipelineJob","title":"Google Cloud (GCP) Vertex AI pipeline job","desc":"Examine a Vertex AI pipeline job — its current state (QUEUED, RUNNING, SUCCEEDED, FAILED, CANCELLING, CANCELLED, PAUSED), pipeline and runtime configuration, service account, VPC network, encryption specification, template URI, and execution timestamps. Use these fields to audit ML pipeline security posture and job lifecycle.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"pipelineJobs":{"name":"pipelineJobs","type":"\u0019\u001bgcp.project.vertexaiService.pipelineJob","title":"List of pipeline jobs","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"projectId":{"name":"projectId","type":"\u0007","is_mandatory":true,"title":"Project ID","provider":"go.mondoo.com/cnquery/v9/providers/gcp"},"tensorboard":{"name":"tensorboard","type":"\u001bgcp.project.vertexaiService.tensorboard","title":"Google Cloud (GCP) Vertex AI Tensorboard instance","desc":"Examine a Vertex AI Tensorboard instance — its display name, whether it is the default Tensorboard for the project, encryption specification, and labels. Tensorboard instances store and visualize ML experiment metrics and model training runs.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/gcp","is_implicit_resource":true},"tensorboards":{"name":"tensorboards","type":"\u0019\u001bgcp.project.vertexaiService.tensorboard","title":"Tensorboard instances","min_provider_version":"13.6.1","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}},"title":"Google Cloud (GCP) Vertex AI","desc":"Use this resource as the entry point for Vertex AI in the project. It hosts the machine-learning surface: `models`, `endpoints`, `datasets`, `customJobs`, `pipelineJobs`, `featureOnlineStores`, `tensorboards`, `metadataStores`, and the vector-search `indexes` and `indexEndpoints`.","private":true,"min_provider_version":"13.1.2","provider":"go.mondoo.com/cnquery/v9/providers/gcp"}}}