v0.17.0: Snapshots, share with cloud, workspace profiles

tl;dr

→ Save and view local snapshots
→ Share snapshots with Steampipe Cloud
→ Define workspace profiles
→ More quality-of-life improvements
→ Even more goodies in the full release notes.

Save and view local snapshots

A snapshot captures a point-in-time rendering of an official mod, or your own custom mod, or a mixture of these ingredients. It's a JSON file that contains queries, the data they yield, and metadata such as inputs, layout, and tags.

We've shown how to View dashboards and run benchmarks in Steampipe Cloud, then Take and share snapshots of those dashboards and benchmarks. Now, with the v0.17 release of the Steampipe CLI, you can create and view snapshots locally.

To take a local snapshot, Steampipe now provides a Snap button that saves a snapshot to your filesystem. To load a saved snapshot from your filesystem, use Open snapshot to review saved snapshots and select one.

Share snapshots with Steampipe Cloud

You can now also push snapshots from the command line to Steampipe Cloud, where your team can view them without having to install Steampipe, install and configure plugins, then install and run mods.

In a mod directory, use the new steampipe login command to acquire the necessary token.

steampipe login

Verify login at https://cloud.steampipe.io/login/token?r=spttr_cdkkpdq8klvs7fabcd7g_14fkjm6eb0oq58o97xsrh7y8i

Enter verification code: 796565

Logged in as: Bob Tordella

Then use the new steampipe dashboard list sub-command to see the names of its dashboards. (Or use steampipe check list to see the names of its benchmarks.)

steampipe dashboard list

+---------------------------------------------------------+---------------------------------------+
| Name                                                    | Title                                 |
+---------------------------------------------------------+---------------------------------------+
| dashboard.acm_certificate_age_report                    | AWS ACM Certificate Age Report        |
| dashboard.acm_certificate_detail                        | AWS ACM Certificate Detail            |
| dashboard.aws_account_report                            | AWS Account Report                    |
...

Select a name, and append it to a steampipe dashboard command along with one of two new arguments:

• --snapshot publishes to a cloud workspace with visibility restricted to that workspace.

• --share publishes to a cloud workspace using Anyone with link (unauthenticated) visibility.

This command uses --share to push a snapshot of an AWS Insights dashboard to a personal cloud workspace. It customizes the snapshot's title with --snapshot-title and selects a specific ARN.

steampipe dashboard dashboard.aws_ec2_instance_detail \
  --snapshot-title "What's up with this instance?" \
  --dashboard-input instance_arn=arn:aws:ec2:us-west-1:605491513981:instance/i-02a4257fe2f08496f \
  --snapshot

The command renders the dashboard, publishes it to a personal workspace, and reports the snapshot URL. Click the Details button there to see the snapshot metadata, including the instance_arn input.

This command uses --share to publish another dashboard to the same cloud workspace, but with Anyone with link visibility.

steampipe dashboard dashboard.aws_s3_bucket_age_report --share

You can do the same for benchmarks using steampipe check.

steampipe check benchmark.aws_tags --snapshot

And you can even upload a snapshot of any query!

steampipe query "select name, creation_date, region from aws_s3_bucket" --snapshot

Define workspace profiles

If you add --snapshot or --share to a Steampipe command, you'll use the local database by default and save snapshots to your personal cloud workspace. If you mention a cloud workspace, for example --workspace acme/dev, then you'll use a cloud database and save to the specified cloud workspace.

You can use --workspace-database and/or --snapshot-location to vary these settings in a more granular way, in combination with other settings. To help you manage these options, and to simplify the commands you run, there's a new config file, /.steampipe/config/workspaces.spc, to specify one or more workspace profiles. In this example, the aws_insights workspace specifies the mod_location, overrides the default snapshot_location, and specifies a cloud database.

workspace "default" {
  snapshot_location = "~/mysnaps"
}

workspace "my_aws_insights" {
  mod_location = "~/steampipe-mod-aws-insights"
  snapshot_location = "acme/dev"
  workspace_database = "acme/dev"
}

So instead of typing this command:

steampipe query \ 
  --mod-location ~/steampipe-mod-aws-insights \
  --snapshot-location acme/dev
  --workspace-database acme/dev
  "select * from aws_account"

You can just type:

steampipe query --workspace my_aws_insights "select * from aws_account"

See Managing Workspaces for details and more examples.

More quality-of-life improvements

As always, this release includes many other improvements and fixes. Here are some notable ones.

.autocomplete off

The .inspect command autocompletes the names of schemas and tables. It's handy but can take a bit of time when you've installed many plugins, and/or when some of them provide many tables. Use .autocomplete off if you want to inspect a schema or table without autocompletion. Thanks, @MeetGor21, for the contribution!

Configurable query timeout

Steampipe enforces a timeout for control queries, but not for other queries. Now you can use the query_timeout argument in an options "connection" block to enforce a timeout for all queries.

Return exit status of zero after successful runs

The exit status formerly reported data -- for example, the number of alarms raised by a benchmark. But if you're running Steampipe in a CI/CD Pipeline that looks like a failure. Now successful runs always exit with zero.

Let's get building!

Do you want to help us expand the open source documentation and control coverage for CIS, PCI, HIPAA, and NIST? Add tables to existing plugins? Create plugins to bring new APIs into the mix? Create dashboards to visualize those APIs? The best way to get started is to join our Slack workspace and raise your hand. We would love to talk to you!

For even more good stuff in v0.17.0, check out the full release notes on GitHub.