def get_datasets():
_datasets = list()
projects = utils.cloudresourcemanager_get_all_projects()
if projects == None:
return
credentials = GoogleCredentials.get_application_default()
service = discovery.build('bigquery', 'v2', credentials=credentials)
api_service = service.datasets()
for project in projects:
request = api_service.list(projectId=project['projectId'])
while request is not None:
try:
results = request.execute()
except:
break
datasets = results.get('datasets')
if datasets:
for dataset in datasets:
project_id, dataset_id = dataset['id'].split(':')
d = {
u'id': dataset_id,
u'projectId': project_id,
u'location': dataset['location']
}
_datasets.append(d)
request = api_service.list_next(request, results)
return _datasets
def get_buckets():
_buckets = list()
projects = resourcemanager_utils.cloudresourcemanager_get_all_projects()
if projects == None:
return
for project in projects:
api_service = storage_utils.storage_get_api_client().buckets()
request = api_service.list(project=project['projectId'])
while request is not None:
try:
results = request.execute()
except:
break
buckets = results.get('items')
if buckets:
for bucket in buckets:
b = {
u'projectId': project['projectId'],
u'id': bucket['id'],
u'location': bucket['location'],
u'updated': bucket['updated'],
u'timeCreated': bucket['timeCreated'],
u'storageClass': bucket['storageClass']
}
_buckets.append(b)
request = api_service.list_next(request, results)
return _buckets
def get_compute_instances():
_instances = list()
projects = resourcemanager_utils.cloudresourcemanager_get_all_projects()
if projects == None:
return
api_service = compute_utils.compute_get_api_client().instances()
for project in projects:
zones = get_zones(project['projectId'])
for zone in zones:
request = api_service.list(project=project['projectId'], zone=zone)
while request is not None:
try:
results = request.execute()
instances = results.get('items')
for instance in instances:
print('{0}|{1}|{2}|{3}'.format(project['projectId'],
zone, instance['name'],
instance['status']))
except:
break
request = api_service.list_next(request, results)
return _instances
def get_enabled_apis():
projects = resourcemanager_utils.cloudresourcemanager_get_all_projects()
if projects == None:
return
credentials = GoogleCredentials.get_application_default()
service = discovery.build('serviceusage',
'v1beta1',
credentials=credentials)
api_service = service.services()
for project in projects:
if (project['lifecycleState'] == 'ACTIVE'):
request = api_service.list(parent='projects/' +
project['projectId'])
while request is not None:
try:
results = request.execute()
except:
break
for service in results['services']:
print(project['projectId'] + ',' +
service['config']['name'] + ',' + service['state'])
request = api_service.list_next(request, results)
# yes, this sleep is required to stop breaking the API call limit
sleep(10)
def ip_aggregated_audit():
"""Uses the aggregatedList method to get all regions for all projects
"""
projects = resourcemanager_utils.cloudresourcemanager_get_all_projects()
for project in projects:
if (project['lifecycleState'] == 'ACTIVE'):
regions = dict()
address_service = compute_utils.compute_get_api_client().addresses(
)
request = address_service.aggregatedList(
project=project['projectId'], fields='items')
while request is not None:
try:
results = request.execute()
except:
# this usually happens because compute engine is not enabled so we can ignore the error
# write_stderr(results)
break
regions.update(results.get('items'))
request = address_service.list_next(request, results)
for region in regions:
addresses = regions[region].get('addresses')
if (addresses):
for address in addresses:
print('{0},{1},{2},{3},{4},{5}'.format(
project['projectId'], region,
address.get('address'), address.get('addressType'),
address.get('name'), address.get('status')))
def get_self_created_service_accounts():
service_accounts = set()
user_accounts = set()
projects = resourcemanager_utils.cloudresourcemanager_get_all_projects()
if not projects:
print('No projects Found.')
else:
# we're looking for service accounts that are not created by google. They have a special email address format
for project in projects:
# non google created service account format
regex = u'serviceAccount:.*' + project[
'projectId'] + u'.iam.gserviceaccount.com'
bindings = resourcemanager_utils.cloudresourcemanager_get_project_iam_bindings(
project['projectId'])
for binding in bindings:
for member in binding['members']:
if (re.search(regex, member)):
service_accounts.add(member)
else:
# check this is a user first or we'll catch all the service accounts too
if (re.search('^user:', member)):
user_accounts.add(member)
return service_accounts, user_accounts
def get_iam_permissions():
projects = resourcemanager_utils.cloudresourcemanager_get_all_projects()
if not projects:
print('No projects Found.')
else:
for project in projects:
print('{0}'.format(project['projectId']))
bindings = resourcemanager_utils.cloudresourcemanager_get_project_iam_bindings(
project['projectId'])
for binding in bindings:
print(' {0}'.format(binding['role']))
for member in binding['members']:
print(' {0}'.format(member))
def get_project_owners():
projects = resourcemanager_utils.cloudresourcemanager_get_all_projects()
if not projects:
print('No projects Founds.')
else:
for project in projects:
print('{0}|{1}'.format(project['projectId'], project['name']))
bindings = resourcemanager_utils.cloudresourcemanager_get_project_iam_bindings(
project['projectId'])
for binding in bindings:
if binding['role'] == 'roles/owner':
print(' {0}'.format(binding['role']))
for member in binding['members']:
print(' {0}'.format(member))