The extensible SQL interface to your favorite cloud APIs.

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

When running steampipe in service mode, the password for connecting is printed to stdout. This can lead to a security issue, especially when using log collectors like fluentd or datadog.

Describe the solution you'd like A clear and concise description of what you want to happen.

I'd like to pass in a flag or set an environment variable to disable printing the password. For example, something like steampipe service start --hide-password.

I would even consider hiding the password to be the default, and explicitly enable password logging, e.g. steampipe service start --show-password.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

I have considered piping the output to a file with tight access permissions.

Additional context Add any other context or screenshots about the feature request here.

Steampipe hard coded some performance related runtime flags in the server start configuration. This means they aren't editable after the binary is compiled.

This commit appends the all flags which were previously not modifyable to a steampipe.conf file, and adds a postgresql.conf file, which loads the steampipe.conf and all files in the postgresql.conf.d folder.

Custom settings or overrides of the default values can be set in any file ending in ".conf" in the postgresql.conf.d folder if the user chooses to do so afterwords.

The flags which are editable in a steampipe config, such as SSL and log location (as an extension of data location) remain.

Signed-off-by: Tyler Ramer [email protected]

Describe the bug I'm trying to build a mod where I can specify which CSV file I want to pull data from. If I statically set the CSV "table", Steampipe works just. I try to put in a variable, parameter and ${var.account}, I get an error that says:

ERROR: prepared statement "migration_checks_iam_turbot_grants_vs_aws_c30be" does not exist (SQLSTATE 26000)

I was unable to find anything meaningful in the Steampipe logs for today. They are attached.

Steampipe version (steampipe -v) ❯ steampipe -v steampipe version 0.13.0 ❯ steampipe plugin list +--------------------------------------------------+---------+----------------------------------------------+ | Name | Version | Connections | +--------------------------------------------------+---------+----------------------------------------------+ | hub.steampipe.io/plugins/turbot/aws@latest | 0.50.1 | sso_aab,test_aab,sso_aaa,sso_sandbox,sso_aac | | hub.steampipe.io/plugins/turbot/csv@latest | 0.2.0 | csv | | hub.steampipe.io/plugins/turbot/steampipe@latest | 0.2.0 | steampipe | +--------------------------------------------------+---------+----------------------------------------------+

To reproduce Reproduction Steps using the attached ZIP file. mod.sp, *.sql files are in the zip.

1. Setup the aws.spc to point to a valid AWS profile.
2. Setup the csv.spc file to point at the data directory. We need to be able to see aab in the CSV connections.
3. Run the steampipe check all. There is presently only one control, so this should go quickly.
4. Verify correct results.
5. Uncomment lines 20-22 and lines 25-27 in mod.sp. The param and variable blocks should be uncommented.
6. Uncomment line 5 from iam_turbot_grants_vs_aws.sql. Comment line 6. We want to switch from the staticly set table to whatever is specified in the account parameter.
7. Run steampipe check all.

Expected behavior The query will "compile" properly and execute based on the account variable I specify.

Additional context hcl_variable_interpolation.zip plugin-2022-03-16.log

My organization recently made the switch from aws iam user to aws sso credentials(compliance reasons). As such, when using sso credentials steampipe fails to work.

~ >>> aws sso login --profile myprofile                                                                                                                           
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.us-west-2.amazonaws.com/

Then enter the code:

SAMPLE-CODE
Opening in existing browser session.
Successully logged into Start URL: https://sampleurl.awsapps.com/start#/
~ >>> steampipe query                                                                                                                                                       
Welcome to Steampipe v0.2.2
For more information, type .help
> select * from aws_account
Error: pq: rpc error: code = Unknown desc = NoCredentialProviders: no valid providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors
>

Describe the bug Uninstall and re-install of steampipe did not create any of the needed configuration files. Almost all commands fail with "Error: workspace profile /Users/jack/.steampipe/workspace does not exist"

Uninstall and re-install were both done with Brew. Uninstalled version: steampipe version 0.8.4 Newly installed version: steampipe version 0.17.2

$ ll ~/.steampipe
ls: /Users/jack/.steampipe: No such file or directory

Steampipe version (steampipe -v) $ steampipe -v steampipe version 0.17.2

To reproduce

brew uninstall steampipe
brew update
brew tap turbot/tap
brew install steampipe
steampipe plugin list

Expected behavior steampipe lists no installed plugins

Actual behavior "Error: workspace profile /Users/jack/.steampipe/workspace does not exist"

Additional context

Describe the bug For some reason, when steampipe is initialized on Ubuntu, an unused directory ~/~/.steampipe is created. This empty directory is harmless but looks suspicious to any security investigator.

Steampipe version (steampipe -v) steampipe version 0.17.0-alpha.23

To reproduce Install the steampipe_linux_arm64.deb on an Ubuntu 22.04 instance run steampipe plugin install aws Notice a new directory is created '~'

Expected behavior Steampipe and the plugin are properly initialized in the ~/.steampipe directory. the ~/~/.steampipe directory is created but not populated.

Additional context

ubuntu@ip-10-64-10-229:~$ ls
steampipe.deb
ubuntu@ip-10-64-10-229:~$ steampipe plugin install aws

aws                  [====================================================================] Done

Installed plugin: aws@latest v0.78.0
Documentation:    https://hub.steampipe.io/plugins/turbot/aws

ubuntu@ip-10-64-10-229:~$ ls
 steampipe.deb  '~'
ubuntu@ip-10-64-10-229:~$ find '~'
~
~/.steampipe
ubuntu@ip-10-64-10-229:~$ ls -al .steampipe/
total 28
drwxr-xr-x 7 ubuntu ubuntu 4096 Oct 13 21:47 .
drwxr-x--- 6 ubuntu ubuntu 4096 Oct 13 21:47 ..
drwxr-xr-x 2 ubuntu ubuntu 4096 Oct 13 21:47 config
drwxr-xr-x 3 ubuntu ubuntu 4096 Oct 13 21:47 db
drwxr-xr-x 2 ubuntu ubuntu 4096 Oct 13 21:47 internal
drwxr-xr-x 2 ubuntu ubuntu 4096 Oct 13 21:47 logs
drwxr-xr-x 3 ubuntu ubuntu 4096 Oct 13 21:47 plugins
ubuntu@ip-10-64-10-229:~$ steampipe --version
steampipe version 0.17.0-alpha.23
ubuntu@ip-10-64-10-229:~$ rm -rf ~/~/.steampipe/
ubuntu@ip-10-64-10-229:~$ rm -rf ~/~
ubuntu@ip-10-64-10-229:~$ ls
steampipe.deb
ubuntu@ip-10-64-10-229:~$

If I saw a fake '~' directory on one of my machines, I'd begin an investigation. That looks exactly how an attacker would attempt to hide malware or a rootkit.

Describe the bug the installation never finish

Steampipe version (steampipe -v) steampipe version 0.14.1

To reproduce follow instructions to install on windows with wsl ubuntu run command: sudo /bin/sh -c "$(curl -fsSL https://raw.githubusercontent.com/turbot/steampipe/main/install.sh)"

check version using: steampipe -v steampipe version 0.14.1

and after running this command: $ steampipe plugin install steampipe however when the plugin installation still in "⠧ Configuring database..." for hours until the command broken

I try remove .steampipe directory and binary on /usr/local/bin and run all commands again and got the same issue.

Additional context Did happens on Windows 11 PRO 21H2 with WSL Ubuntu 20.04.4 LTS - kernel 4.4.0-22000-Microsoft

Describe the bug Authentication with AWS SSO does not work with expired token message. The AWS SSO session is authenticated (other AWS CLI commands work) but Steampipe queries return error

Steampipe version (steampipe -v) 0.13.0

To reproduce Add the profile argument with the name of your AWS SSO profile to the steampipe config file ~/.steampipe/config/aws.spc

connection "aws" {
  plugin    = "aws"
  profile = "management"
  regions   = ["us-east-1","eu-west-1"]
}

Login with AWS SSO to the management profile aws sso login -profile management

Check the AWS SSO login is working aws sts get-caller-identity --profile management

{ "UserId": "XXXXXXXXXXXXXXXXXXXXX:user@domain", "Account": "123456789010", "Arn": "arn:aws:sts::123456789010:assumed-role/AWSReservedSSO_AWSAdministratorAccess_xxxxxxxxxxxxxxxx/user@domain" }

start steampipe query steampipe query

Run query This takes a long time to return

Welcome to Steampipe v0.13.0
> select
  title,
  create_date,
  mfa_enabled
from
  aws_iam_user
Error: ExpiredToken: The security token included in the request is expired
        status code: 403, request id: xxxxxxxx-9b31-48d4-b764-733792607bc2 (SQLSTATE HV000)

Expected behavior The query should complete and return the results

Additional context AWS CLI at latest version aws-cli/2.4.27 Python/3.8.8 Linux/5.10.60.1-microsoft-standard-WSL2 exe/x86_64.ubuntu.20 prompt/off

Is your feature request related to a problem? Please describe. I would like an option to layout a report table resource similar to line mode in steampipe query, where each row is a label (the column name) and value. This is useful for reports that provide details about a single resource

| | | |-|- | title | my-instance | instance_id | i-0123456789abcdef | instance_type | t2.small | account_id | 123456789012 | region | us-east-1

Describe the bug I installed steampipe on a Ubuntu Linux subsystem on Windows. Just went through the site's documentation. Worked well with no errors. installed the steampipe and aws plugins. No when I just run steampipe query it fails with :

Error: failed to create reflection tables: pq: invalid byte sequence for encoding "UTF8": 0xff

Steampipe version (steampipe -v) v0.8.0

To reproduce As described above. Fresh install, trying to run steampipe query immediately fails without even allowing to run a command

Expected behavior Well, just get me the input line for queries :)

Is your feature request related to a problem? Please describe. As briefly discussed in #226 looking to also have a feature where configuration files can be added and referenced at/before run/query time... the idea is that upon each new request we want to be able to write the config files for different accounts dynamically before making the query. (*we do realize that cache wont help here but thats ok)

Describe the solution you'd like as mentioned by @e-gineer "steampipe --config-dir /path/to/my/configs", with dir containing config files, and allow queries like: select * from config001.aws_s3_bucket

Is your feature request related to a problem? Please describe. When updating a connection config for a dynamic plugin, the schema is not updated.

Describe the solution you'd like For plugins that have dynamic plugin schemas, when the config is updated, the schemas/tables should be updated as well. This allows plugins like CSV, Google Sheets, Prometheus, Salesforce, and potentially others to update the schemas as the config changes.

Describe alternatives you've considered Restarting Steampipe after making changes.

Additional context Add any other context or screenshots about the feature request here.

0: no runtime errors, no control alarms or errors
1: no runtime errors, 1 or more control alarms, no control errors
2: no runtime errors, 1 or more control errors
3+: runtime error

Refer to community slack thread: https://steampipe.slack.com/archives/C01UECB59A7/p1668613929383289

Bumps github.com/mattn/go-isatty from 0.0.16 to 0.0.17.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Description I see there is a new formula on homebrew-core:

• Web: https://formulae.brew.sh/formula/steampipe#default
• GitHub: https://github.com/Homebrew/homebrew-core/blob/master/Formula/steampipe.rb

Official

Is this an official brew formula now?