Alternatively, if you are running the Steampipe CLI, you can get the key column information from the [`steampipe_plugin_column` table](#introspecting-key-columns). ### Required Key Columns There are times when listing ALL the elements represented by a table is impossible or prohibitively slow. In such cases, a table may *require* you to specify a qualifier on a key column. For example, the Github `ListUsers` API will enumerate ALL Github users. It is not reasonable to page through hundreds of thousands of users to find what you are looking for. Instead, Steampipe requires that you specify `where login =` to find the user directly, for example: ```sql select * from github_user where login = 'torvalds'; ``` Alternatively, you join on the key column (login) in a where or join clause: ```sql select u.login, o.login as organization, u.name, u.company, u.location from github_user as u, github_my_organization as o, jsonb_array_elements_text(o.member_logins) as member_login where u.login = member_login; ``` or ```sql select u.login, o.login as organization, u.name, u.company, u.location from github_my_organization as o, jsonb_array_elements_text(o.member_logins) as member_login join github_user as u on u.login = member_login; ``` The [Hub documentation](https://hub.steampipe.io/plugins) will include information about which key columns are required. If you don't pass a required qualifier, Steampipe will let you know though: ```sql > select * from github_user Error: rpc error: code = Internal desc = 'List' call for table 'github_user' is missing 1 required qual: column:'login' operator: = (SQLSTATE HV000) ``` ### Supported Operators **Not all key columns support all operators** and the [Hub documentation](https://hub.steampipe.io/plugins) will tell you which are supported for a given column. When using the Steampipe CLI, [Postgres FDWs](/docs/steampipe_postgres/overview) or [SQLite Extensions](/docs/steampipe_sqlite/overview) you can use operators in your SQL query that are not supported by the key column, but the data will be filtered on the client side after all the data has been retrieved (like any other non-key column). When using the [Export CLIs](/docs/steampipe_export/overview), however, you may only use the operators that are supported for the key column. #### Key Column Operators | Operator | Description | Abbreviation |-----------------|----------------------|------- | `=` | Equals | `=` | `<>`, `!=` | Not equal to | `ne` | `<` | Less than | `lt` | `<=` | Less than or equal to| `le` | `>` | Greater than | `gt` | `>=` | Greater than or equal to | `ge` | `~~` | Like | `~~` | `!~~` | Not Like | `!~~` | `~~*` | ILike | `~~*` | `!~~*` | Not ILike | `!~~*` | `~` | Matches regex | `~` | `!~` | Does not match regex | `!~` | `~*` | Matches iregex | `~*` | `!~*` | Does not match iregex| `!~*` | `is null` | is null | `is null` | `is not null` | is not null | `is not null` ## How it (basically) works When you run a database query, the database engine parses the query and generates one or more query plans and then selects the plan that it believes is most optimal. It then translates the query into function calls to fetch the data. After the data is fetched, the database engine may do additional filtering, formatting, and aggregation. Key columns are used in both the planning and the execution phases. In the planning phase, Steampipe assigns a lower cost to plans that filter on key columns. This serves to influence the planner to choose query plans that will leverage the key columns. In the execution phase, the database will call the appropriate [List, Get, and Hydrate functions](/docs/develop/writing-plugins#hydrate-functions) in the plugin. The plugin will then make API calls using the key columns to fetch data only for the rows it needs. After the data is fetched, the database engine will do additional filtering for the qualifiers that are not key columns, as well as any sorting, formatting, or aggregation that is required. ## Introspecting Key Columns If you are running the Steampipe CLI, you can get the key column information from the `steampipe_plugin_column` table: ```sql select name, type, (coalesce(get_config, '{}') || coalesce(list_config, '{}')) -> 'operators' as operators, coalesce((get_config || list_config) ->> 'require', 'optional') as required from steampipe_plugin_column where (coalesce(get_config, '{}') || coalesce(list_config, '{}')) -> 'operators' is not null and table_name = 'aws_vpc'; ``` ```sql +-----------------+--------+------------+----------+ | name | type | operators | required | +-----------------+--------+------------+----------+ | vpc_id | STRING | ["="] | optional | | cidr_block | CIDR | ["="] | optional | | state | STRING | ["="] | optional | | is_default | BOOL | ["=","!="] | optional | | dhcp_options_id | STRING | ["="] | optional | | owner_id | STRING | ["="] | optional | +-----------------+--------+------------+----------+ ``` --- --- title: Users Guide to Concurrency & Rate Limiting sidebar_label: Concurrency & Rate Limiting --- # Concurrency & Rate Limiting Steampipe is designed to be fast. It provides parallel execution at multiple layers: - It runs controls in parallel. - It runs queries in parallel. - For a given query it runs [List, Get, and Hydrate functions](/docs/develop/writing-plugins#hydrate-functions) in parallel. This high degree of concurrency results in low latency and high throughput, but may at times overwhelm the underlying service or API. Features like exponential back-off & retry and [caching](/docs/guides/caching) markedly improve the situation, but at large scale you may still run out of local or remote resources. The steampipe `limiter` was created to help solve these types of problems. Limiters provide a simple, flexible interface to implement client-site rate limiting and concurrency thresholds at compile time or run time. You can use limiters to: - Smooth the request rate from steampipe to reduce load on the remote API or service - Limit the number of parallel requests to reduce contention for client and network resources - Avoid hitting server limits and throttling ## Defining limiters Limiters may be defined in Go code and compiled into a plugin, or they may be defined in HCL in `.spc` configuration files. In either case, the possible settings are the same. Each limiter must have a name. In the case of an HCL definition, the label on the `limiter` block is used as the rate limiter name. For a limiter defined in Go, you must include a `Name`. A limiter may specify a `max_concurrency` which sets a ceiling on the number of [List, Get, and Hydrate functions](/docs/develop/writing-plugins#hydrate-functions) that can run in parallel. ```hcl # run up to 250 hydrate/list/get functions concurrently plugin "aws" { limiter "aws_global_concurrency" { max_concurrency = 250 } } ``` A limiter may also specify a `bucket_size` and `fill_rate` to limit the rate at which List, Get, and Hydrate functions may run. The rate limiter uses a token-bucket algorithm, where the `bucket_size` specifies the maximum number of tokens that may accrue (the burst size) and the `fill_rate` specifies how many tokens are refilled each second. ```hcl plugin "aws" { # run up to 1000 hydrate/list/get functions per second limiter "aws_global_rate_limit" { bucket_size = 1000 fill_rate = 1000 } } ``` Every limiter has a **scope**. The scope defines the context for the limit: which resources are subject to / counted against the limit. There are built-in scopes for `connection`, `table`, `function_name`, and any matrix qualifiers that the plugin may include. A plugin author may also add [function tags](#function-tags) that can also be used as scopes. If no scope is specified, then the limiter applies to all functions in the plugin. For instance, this limiter will allow 1000 hydrate/list/get functions per second *across all connections*: ```hcl plugin "aws" { # run up to 1000 hydrate/list/get functions per second across all aws connections limiter "aws_regional_rate_limit" { bucket_size = 1000 fill_rate = 1000 } } ``` If you specify a list of scopes, then *a limiter instance is created for each unique combination of scope values*. It acts much like `group by` in a SQL statement. For example, to limit to 1000 hydrate/list/get functions per second in *each region of each connection*: ```hcl plugin "aws" { # run up to 1000 hydrate/list/get functions per second in each region of each connection limiter "aws_regional_rate_limit" { bucket_size = 1000 fill_rate = 1000 scope = ["connection", "region"] } } ``` You can use a `where` clause to further filter the scopes to specific values. For example, we can restrict the limiter so that it only applies to a specific region: ```hcl plugin "aws" { # run up to 1000 hydrate/list/get functions per second in us-east-1 for each connection limiter "aws_rate_limit_us_east_1" { bucket_size = 1000 fill_rate = 1000 scope = ["connection", "region"] where = "region = 'us-east-1'" } } ``` You can define multiple limiters. If a function is included in the scope of multiple rate limiters, they will all apply. The function will wait until every rate limiter that applies to it has available bucket tokens and is below its max concurrency. ```hcl plugin "aws" { # run up to 250 functions concurrently across all connections limiter "aws_global_concurrency" { max_concurrency = 250 } # run up to 1000 functions per second in us-east-1 for each connection limiter "aws_rate_limit_us_east_1" { bucket_size = 1000 fill_rate = 1000 scope = ["connection", "region"] where = "region = 'us-east-1'" } # run up to 200 functions per second in regions OTHER than us-east-1 # for each connection limiter "aws_rate_limit_non_us_east_1" { bucket_size = 200 fill_rate = 200 scope = ["connection", "region"] where = "region <> 'us-east-1'" } } ``` ## Function Tags Hydrate function tags provide useful diagnostic metadata, and they can also be used as scopes in rate limiters. Rate limiting requirements vary by plugin because the underlying APIs that they access implement rate limiting differently. Tags provide a way for a plugin author to scope rate limiters in a way that aligns with the API implementation. Function tags must be [added in the plugin code by the plugin author](/docs/develop/writing-plugins#function-tags). Once the tags are added to the plugin, you can use them in the `scope` and `where` arguments for your rate limiter. ```hcl plugin "aws" { limiter "sns_get_topic_attributes_us_east_1" { bucket_size = 3000 fill_rate = 3000 scope = ["connection", "region", "service", "action"] where = "action = 'GetTopicAttributes' and service = 'sns' and region = 'us-east-1' " } } ``` You can view the available tags in the `scope_values` when in [diagnostic mode](#exploring--troubleshooting-with-diagnostic-mode). For example, to see the tags in the `aws_sns_topic` table: ```sql with one_row as materialized ( select * from aws_sns_topic limit 1 ) select c ->> 'function_name' as function_name, jsonb_pretty(c -> 'scope_values') as scope_values from one_row, jsonb_array_elements(_ctx -> 'diagnostics' -> 'calls') as c ``` ```sql +-------------------------------+--------------------------------------------+ | function_name | scope_values | +-------------------------------+--------------------------------------------+ | listAwsSnsTopics | { | | | "table": "aws_sns_topic", | | | "action": "ListTopics", | | | "region": "us-east-1", | | | "service": "sns", | | | "connection": "aws_dmi", | | | "function_name": "listAwsSnsTopics" | | | } | | listTagsForSnsTopic | { | | | "table": "aws_sns_topic", | | | "action": "ListTagsForResource", | | | "region": "us-east-1", | | | "service": "sns", | | | "connection": "aws_dmi", | | | "function_name": "listTagsForSnsTopic" | | | } | | listRegionsForServiceUncached | { | | | "table": "aws_sns_topic", | | | "region": "us-east-1", | | | "connection": "aws_dmi" | | | } | | getTopicAttributes | { | | | "table": "aws_sns_topic", | | | "action": "GetTopicAttributes", | | | "region": "us-east-1", | | | "service": "sns", | | | "connection": "aws_dmi", | | | "function_name": "" | | | } | +-------------------------------+--------------------------------------------+ ``` ## Exploring & Troubleshooting with Diagnostic Mode To assist in troubleshooting your rate limiter setup, Steampipe has introduced Diagnostic Mode. To enable Diagnostic Mode, set the `STEAMPIPE_DIAGNOSTIC_LEVEL` environment variable to `ALL` when you start the Steampipe DB: ```bash STEAMPIPE_DIAGNOSTIC_LEVEL=all steampipe service start ``` With diagnostics enabled, the `_ctx` column will contain information about what functions were called to fetch the row, the scope values (including any [tags](#defining-tags)) for the function, the limiters that were in effect, and the amount of time the request was delayed by the `limiters`. This diagnostic information can help you discover what scopes are available to use in limiters as well as to see the effect and impact of limiters that you have defined. ```sql select jsonb_pretty(_ctx) as _ctx ,display_name from aws_sns_topic limit 2 ``` ```sql +-----------------------------------------------------------+--------------+ | _ctx | display_name | +-----------------------------------------------------------+--------------+ | { | | | "diagnostics": { | | | "calls": [ | | | { | | | "type": "list", | | | "scope_values": { | | | "table": "aws_sns_topic", | | | "action": "ListTopics", | | | "region": "us-east-2", | | | "service": "sns", | | | "connection": "aws_dmi", | | | "function_name": "listAwsSnsTopics" | | | }, | | | "function_name": "listAwsSnsTopics", | | | "rate_limiters": [ | | | "aws_global", | | | "sns_list_topics" | | | ], | | | "rate_limiter_delay_ms": 0 | | | }, | | | { | | | "type": "hydrate", | | | "scope_values": { | | | "table": "aws_sns_topic", | | | "action": "GetTopicAttributes", | | | "region": "us-east-2", | | | "service": "sns", | | | "connection": "aws_dmi", | | | "function_name": "" | | | }, | | | "function_name": "getTopicAttributes", | | | "rate_limiters": [ | | | "sns_get_topic_attributes_150", | | | "aws_global" | | | ], | | | "rate_limiter_delay_ms": 808 | | | } | | | ] | | | }, | | | "connection_name": "aws_dmi" | | | } | | | { | | | "diagnostics": { | | | "calls": [ | | | { | | | "type": "list", | | | "scope_values": { | | | "table": "aws_sns_topic", | | | "action": "ListTopics", | | | "region": "us-east-1", | | | "service": "sns", | | | "connection": "aws_dmi", | | | "function_name": "listAwsSnsTopics" | | | }, | | | "function_name": "listAwsSnsTopics", | | | "rate_limiters": [ | | | "aws_global", | | | "sns_list_topics" | | | ], | | | "rate_limiter_delay_ms": 597 | | | }, | | | { | | | "type": "hydrate", | | | "scope_values": { | | | "table": "aws_sns_topic", | | | "action": "GetTopicAttributes", | | | "region": "us-east-1", | | | "service": "sns", | | | "connection": "aws_dmi", | | | "function_name": "" | | | }, | | | "function_name": "getTopicAttributes", | | | "rate_limiters": [ | | | "sns_get_topic_attributes_us_east_1", | | | "aws_global" | | | ], | | | "rate_limiter_delay_ms": 0 | | | } | | | ] | | | }, | | | "connection_name": "aws_dmi" | | | } | | +-----------------------------------------------------------+--------------+ ``` The diagnostics information includes information about each Get, List, and Hydrate function that was called to fetch the row, including: | Key | Description |-------------------------|---------------------- | `type` | The type of function (`list`, `get`, or `hydrate`). | `function_name` | The name of the function. | `scope_values` | A map of scope names to values. This includes the built-in scopes as well as any matrix qualifier scopes and function tags. | `rate_limiters` | A list of the rate limiters that are scoped to the function. | `rate_limiter_delay_ms` | The amount of time (in milliseconds) that Steampipe waited before calling this function due to client-side (`limiter`) rate limiting. ## Viewing and Overriding Limiters Steampipe includes the `steampipe_plugin_limiter` table to provide visibility into all the limiters that are defined in your installation, including those defined in plugin code as well as limiters defined in HCL. ```sql select name,plugin,source_type,status,bucket_size,fill_rate,max_concurrency from steampipe_plugin_limiter ``` ```sql +------------------------------------+---------------------------------------------+-------------+--------+-------------+-----------+-----------------+ | name | plugin | source_type | status | bucket_size | fill_rate | max_concurrency | +------------------------------------+---------------------------------------------+-------------+--------+-------------+-----------+-----------------+ | exec_max_concurrency_limiter | hub.steampipe.io/plugins/turbot/exec@latest | plugin | active |
To stop the Steampipe service, issue the `steampipe service stop` command. --- --- title: steampipe completion sidebar_label: steampipe completion --- # steampipe completion Generate the autocompletion script for `steampipe` for supported shells. This helps you configure your terminal’s shell so that `steampipe` commands autocomplete when you press the TAB key. ## Usage ```bash steampipe completion [bash|fish|zsh] ``` ## Sub-Commands | Command | Description |-|- | `bash` | Generate completion code for `bash` | `fish` | Generate completion code for `fish` | `zsh` | Generate completion code for `zsh` ### steampipe completion bash Generate the autocompletion script for the `bash` shell. #### Pre-requisites This script depends on the `bash-completion` package. If it is not installed already, you can install it via your OS’s package manager. Most Linux distributions have bash-completion installed by default, however it is not installed by default in Mac OS. For example, to install the [bash-completion package with homebrew](https://formulae.brew.sh/formula/bash-completion@2): ```bash brew install bash-completion ``` Once installed, edit your `.bash_profile` or `.bashrc` file and add the following line: ```bash [[ -r "$(brew --prefix)/etc/profile.d/bash_completion.sh" ]] && . "$(brew --prefix)/etc/profile.d/bash_completion.sh" ``` #### Examples Review the configuration: ```bash steampipe completion bash ``` Enable auto-complete in your current shell session: ``` source <(steampipe completion bash) ``` Enable auto-complete for every new session (execute once). You will need to start a new shell for this setup to take effect: Linux: ```bash steampipe completion bash > /etc/bash_completion.d/steampipe ``` MacOS: ```bash steampipe completion bash > /usr/local/etc/bash_completion.d/steampipe ``` ### steampipe completion fish Generate the autocompletion script for the `fish` shell. #### Examples Review the configuration: ```bash steampipe completion fish ``` Enable auto-complete in your current shell session: ```bash steampipe completion fish | source ``` Enable auto-complete for every new session (execute once). You will need to start a new shell for this setup to take effect: ```bash steampipe completion fish > ~/.config/fish/completions/steampipe.fish ``` ### steampipe completion zsh Generate the autocompletion script for the `zsh` shell. #### Pre-requisites If shell completion is not enabled in your environment, you will need to enable it using: ```bash echo "autoload -U compinit; compinit" >> ~/.zshrc ``` You will need to start a new shell for this setup to take effect. #### Examples Review the configuration: ```bash steampipe completion zsh ``` Enable auto-complete for every new session (execute once). You will need to start a new shell for this setup to take effect: ```bash steampipe completion zsh > "${fpath[1]}/_steampipe" && compinit ``` --- --- title: steampipe help sidebar_label: steampipe help --- # steampipe help Display help and usage information for any command in the application. ## Usage ```bash steampipe help [command] [flags] ``` ## Examples Show help: ```bash steampipe help ``` Show help for the `plugin` sub-command: ```bash steampipe help plugin ``` Show help for the `plugin install` sub-command: ```bash steampipe help plugin install ``` --- --- title: steampipe login sidebar_label: steampipe login --- # steampipe login Log in to [Turbot Pipes](https://turbot.com/pipes/docs). The Steampipe CLI can interact with Turbot Pipes to run queries against a remote cloud database. This capability requires authenticating to Turbot Pipes. The `steampipe login` command launches an interactive process for logging in and obtaining a temporary (30 day) token. The token is written to `~/.pipes/internal/{cloud host}.tptt`. ## Usage ```bash steampipe login ``` ## Flags:
| Argument | Description |
|---|---|
| `--pipes-host` | Sets the Turbot Pipes host used when connecting to Turbot Pipes workspaces. See PIPES_HOST for details. |
After you have verified the request, the browser will display a verification code.
Paste the code into the cli and hit enter to complete the login process:
```bash
$ steampipe login
Verify login at https://pipes.turbot.com/login/token?r=tpttr_cdckfake6ap10t9dak0g_3u2k9hfake46g4o4wym7h8hw
Enter verification code: 745278
Login successful for user johnsmyth
```
---
---
title: Steampipe CLI
sidebar_label: Steampipe CLI
---
# Steampipe CLI
## Sub-Commands
| Command | Description
|-|-
| [steampipe completion](/docs/reference/cli/completion)| Generate the autocompletion script for the specified shell
| [steampipe help](/docs/reference/cli/help) | Help about any command
| [steampipe login](/docs/reference/cli/login) | Log in to Steampipe CLoud
| [steampipe plugin](/docs/reference/cli/plugin) | Steampipe plugin management
| [steampipe query](/docs/reference/cli/query) | Execute SQL queries interactively or by argument
| [steampipe service](/docs/reference/cli/service)| Steampipe service management
## Global Flags
| Flag | Description |
|---|---|
| `-h`, `--help` | Help for Steampipe. |
| `--install-dir` | Sets the directory for the Steampipe installation, in which the Steampipe database, plugins, and supporting files can be found. See STEAMPIPE_INSTALL_DIR for details. |
| `--workspace` | Sets the Steampipe workspace profile. If not specified, the `default` workspace will be used if it exists. See STEAMPIPE_WORKSPACE for details. |
| `-v`, `--version` | Display Steampipe version. |
| Flag | Description |
|---|---|
| `--all` | Applies only to `plugin update`, updates ALL installed plugins. |
| `--progress` | Enable or disable progress information. By default, progress information is shown - set `--progress=false` to hide the progress bar. Applies only to `plugin install` and `plugin update`. |
| `--skip-config ` | Applies only to `plugin install`, skip creating the default config file for plugin. |
| Argument | Description |
|---|---|
| `--export string` | Export query output to a file. You may export multiple output formats by entering multiple `--export` arguments. If a file path is specified as an argument, its type will be inferred by the suffix. Supported export formats are `sps` (`snapshot`). |
| `--header string` | Specify whether to include column headers in csv and table output (default `true`). |
| `--help` | Help for `steampipe query.` |
| `--output string` | Select the console output format. Possible values are `line, csv, json, table, snapshot` (default `table) `. |
| `--pipes-host` | Sets the Turbot Pipes host used when connecting to Turbot Pipes workspaces. See PIPES_HOST for details. |
| `--pipes-token` | Sets the Turbot Pipes authentication token used when connecting to Turbot Pipes workspaces. See PIPES_TOKEN for details. |
| `--progress` | Enable or disable progress information. By default, progress information is shown - set `--progress=false` to hide the progress bar. |
| `--query-timeout int` | The query timeout, in seconds. The default is `0` (no timeout). |
| `--search-path strings` | Set a comma-separated list of connections to use as a custom search path for the query session. |
| `--search-path-prefix strings` | Set a comma-separated list of connections to use as a prefix to the current search path for the query session. |
| `--separator string` | A single character to use as a separator string for csv output (defaults to ",") |
| `--share` | Create snapshot in Turbot Pipes with `anyone_with_link` visibility. |
| `--snapshot` | Create snapshot in Turbot Pipes with the default (`workspace`) visibility. |
| `--snapshot-location string` | The location to write snapshots - either a local file path or a Turbot Pipes workspace |
| `--snapshot-tag string=string ` | Specify tags to set on the snapshot. Multiple `--snapshot-tag ` arguments may be passed. |
| `--snapshot-title string=string ` | The title to give a snapshot when uploading to Turbot Pipes. |
| `--timing=string ` | Enable or disable query execution timing: `off` (default), `on`, or `verbose` |
| `--workspace-database` | Sets the database that Steampipe will connect to. This can be `local` (the default) or a remote Turbot Pipes database. See STEAMPIPE_WORKSPACE_DATABASE for details. |
Steampipe will create a separate plugin process for each `plugin` defined that has connections associated to it. This allows you to run multiple versions side by side, but also to create multiple processes with the SAME version to allow you to create QOS groups. In the following example, Steampipe will create 2 plugin processes: - One process has a 2000 MB memory soft limit and no limiters, and contains the `aws_prod_1`, `aws_prod_2`, and `aws_prod_3` connections. - One process has a 500 MB memory soft limit and the `all_requests` limiter, and contains the `aws_dev_1` and `aws_dev_2` connections. ```hcl plugin "aws_high" { memory_max_mb = 2000 source = "aws" } plugin "aws_low" { memory_max_mb = 500 source = "aws" limiter "all_requests" { bucket_size = 100 fill_rate = 100 max_concurrency = 50 } } connection "aws_prod_1" { plugin = plugin.aws_high profile = "prod1" regions = ["*"] } connection "aws_prod_2" { plugin = plugin.aws_high profile = "prod2" regions = ["*"] } connection "aws_prod_3" { plugin = plugin.aws_high profile = "prod3" regions = ["*"] } connection "aws_dev_1" { plugin = plugin.aws_low profile = "dev1" regions = ["*"] } connection "aws_dev_2" { plugin = plugin.aws_low profile = "dev2" regions = ["*"] } ``` Note that the aggregators can only aggregate connections from the single plugin instance for which they are configured. Extending the previous example: ```hcl connection "aws_prod" { plugin = plugin.aws_high type = "aggregator" connections = ["*"] } connection "aws_dev" { plugin = plugin.aws_low type = "aggregator" connections = ["*"]} ``` - The `aws_prod` aggregator will include the `aws_prod_1`, `aws_prod_2`, and `aws_prod_3` connections - The `aws_dev` aggregator will include the `aws_dev_1` and `aws_dev_2` connections You can also run multiple plugin versions side-by-side: ```hcl plugin "aws_latest" { source = "aws" } plugin "aws_0_117_0" { source = "aws@0.117.0" } connection "aws_prod_1" { plugin = plugin.aws_latest profile = "prod1" regions = ["*"] } connection "aws_prod_2" { plugin = plugin.aws_0_117_0 profile = "prod2" regions = ["*"] } ``` ## limiter Limiters provide a simple, flexible interface to implement client-site rate limiting and concurrency thresholds. You can use limiters to: - Smooth the request rate from steampipe to reduce load on the remote API or service - Limit the number of parallel request to reduce contention for client and network resources - Avoid hitting server limits and throttling ### Supported options | Argument | Default | Description |-------------------|-----------|-------------------- | `bucket_size` | unlimited | The maximum number of requests that may be made per second (the burst size). Used in combination with `fill_rate` to implement a token-bucket rate limit. | `fill_rate` | unlimited | The number of requests that are added back to refill the bucket each second. Used in combination with `bucket_size` to implement a token-bucket rate limit. | `max_concurrency` | The maximum number of [List, Get, and Hydrate functions](/docs/develop/writing-plugins#hydrate-functions) that can run in parallel. | `scope` | `[]` | The context for the limit - which resources are subject to / counted against the limit. If no scope is specified, then the limiter applies to all functions in the plugin. If you specify a list of scopes, then *a limiter instance is created for each unique combination of scope values* - it acts much like `group by` in a sql statement. | `where` | none | A `where` clause to further filter the scopes to specific values. ### `where` syntax The `where` argument supports the following PostgreSQL comparison operators: | Operator | Description |----------|-------------------------------- | `<` | less than | `<=` | less than or equal | `=` | equal | `!=` | not equal | `<>` | not equal | `>=` | greater than or equal | `>` | greater than | `like` | string like (case sensitive) | `ilike` | string like (case insensitive) | `is null`| null test | `not` | logical negation | `and` | logical conjunction | `or` | logical disjunction | `in` | set membership (equality) You may use parentheses to force explicit lexical precedence, otherwise [standard PostgreSQL operator precedence](https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-PRECEDENCE) applies. ## Examples See the [Concurrency & Rate Limiting](/docs/guides/limiter) for more examples. ```hcl plugin "aws" { # up to 250 functions concurrently across all connections limiter "aws_global_concurrency" { max_concurrency = 250 } # up to 1000 functions per second in us-east-1 for each connection limiter "aws_rate_limit_us_east_1" { bucket_size = 1000 fill_rate = 1000 scope = ["connection", "region"] where = "region = 'us-east-1'" } # up to 200 functions per second in regions OTHER than us-east-1 # for each connection limiter "aws_rate_limit_non_us_east_1" { bucket_size = 200 fill_rate = 200 scope = ["connection", "region"] where = "region <> 'us-east-1'" } } ``` --- --- title: workspace sidebar_label: workspace --- # workspace A Steampipe `workspace` is a "profile" that allows you to define a unified environment that the Steampipe client can interact with. Each workspace is composed of a single Steampipe database instance as well as other context-specific settings and options. Workspace configurations can be defined in any `.spc` file in the `~/.steampipe/config` directory, but by convention they are defined in `~/.steampipe/config/workspaces.spc` file. This file may contain multiple workspace definitions that can then be referenced by name. Steampipe workspaces allow you to define multiple named configurations and easily switch between them using the `--workspace` argument or `STEAMPIPE_WORKSPACE` environment variable. ```hcl workspace "local" { workspace_database = "local" } workspace "acme_prod" { workspace_database = "acme/prod" query_timeout = 600 } ``` To learn more, see **[Managing Workspaces →](/docs/managing/workspaces)** ## Workspace Arguments Many of the workspace arguments correspond to CLI flags and/or environment variables. Any unset arguments will assume the default values. | Argument | Default | Description |---------------------|-----------------------------------------------|----------------------------------------- | `base` | | A reference to a named workspace resource that this workspace should source its definition from. Any argument can be overridden after sourcing via base. | `cache` | `true` | Enable/disable caching. Note that is a **client** setting - if the database (`options "database"`) has the cache disabled, then the cache is disabled regardless of the workspace setting.
Env: [STEAMPIPE_CACHE](/docs/reference/env-vars/steampipe_cache) | `cache_ttl` | `300` | Set the client query cache expiration (TTL) in seconds. Note that is a **client** setting - if the database `cache_max_ttl` is lower than the `cache_ttl` in the workspace, then the effective ttl for this workspace is the `cache_max_ttl`.
Env: [STEAMPIPE_CACHE_TTL](/docs/reference/env-vars/steampipe_cache_ttl) | `install_dir` | `~/.steampipe` | The directory in which the Steampipe database, plugins, and supporting files can be found.
Env: [STEAMPIPE_INSTALL_DIR](/docs/reference/env-vars/steampipe_install_dir)
CLI: `--install-dir` | `options` | | An options block to set command-specific options for this workspace. [Query](#steampipe-query-options), [check](#steampipe-check-options), and [dashboard](#steampipe-dashboard-options) options are supported. | `pipes_host` | `pipes.turbot.com` | Set the Turbot Pipes host for connecting to Turbot Pipes workspace.
Env: [PIPES_HOST](/docs/reference/env-vars/pipes_host)
CLI: `--pipes-host` | `pipes_token` | The token obtained by `steampipe login` | Set the Turbot Pipes authentication token for connecting to a Turbot Pipes workspace. This may be a token obtained by `steampipe login` or a user-generated [token](https://turbot.com/pipes/docs/profile#tokens).
Env: [PIPES_TOKEN](/docs/reference/env-vars/pipes_token)
CLI: `--pipes-token` | `progress` | `true` | Enable or disable progress information.
CLI: `--progress` | `query_timeout` | `240` for controls, unlimited otherwise | The maximum time (in seconds) a query is allowed to run before it times out.
Env: [STEAMPIPE_QUERY_TIMEOUT](/docs/reference/env-vars/steampipe_query_timeout)
CLI: `--query_timeout` | `search_path` | `public`, then alphabetical | A comma-separated list of connections to use as a custom search path for the control run. See also: [Using search_path to target connections and aggregators](https://steampipe.io/docs/guides/search-path).
CLI: `--search-path` | `search_path_prefix`| | A comma-separated list of connections to use as a prefix to the current search path for the control run. See also: [Using search_path to target connections and aggregators](https://steampipe.io/docs/guides/search-path).
CLI: `--search-path-prefix` | `snapshot_location` | The Turbot Pipes user's personal workspace | Set the Turbot Pipes workspace or filesystem path for writing snapshots.
Env: [STEAMPIPE_SNAPSHOT_LOCATION](/docs/reference/env-vars/steampipe_snapshot_location)
CLI: `--snapshot-location` | `workspace_database`| `local` | Workspace database. This can be local or a remote Turbot Pipes database.
Env: [STEAMPIPE_WORKSPACE_DATABASE](/docs/reference/env-vars/steampipe_workspace_database)
CLI: `--workspace-database` ### Steampipe Query Options A `workspace` may include an `options "query"` block to specify values specific to the `steampipe query` command. These options often correspond to CLI flags.
| Argument | Default | Description |
|---|---|---|
| `autocomplete` | `true` | Enable or disable autocomplete in the interactive query shell. |
| `header` | `true` | Enable or disable column headers. CLI: `--header` |
| `multi` | `false` | Enable or disable multiline mode. |
| `output` | `table` | Set output format (`json`, `csv`, `table`, or `line`). CLI: `--output` |
| `separator` | `,` | Set csv output separator. CLI: `--separator` |
| `timing` | `off` | Enable or disable query execution timing: `off`, `on`, or `verbose` CLI: `--timing` |