diff --git a/poetry.lock b/poetry.lock index c18424b2cb..1399c75ded 100644 --- a/poetry.lock +++ b/poetry.lock @@ -985,6 +985,14 @@ files = [ [package.dependencies] google-auth = ">=2.14.1,<3.0dev" googleapis-common-protos = ">=1.56.2,<2.0dev" +grpcio = [ + {version = ">=1.33.2,<2.0dev", optional = true, markers = "python_version < \"3.11\" and extra == \"grpc\""}, + {version = ">=1.49.1,<2.0dev", optional = true, markers = "python_version >= \"3.11\" and extra == \"grpc\""}, +] +grpcio-status = [ + {version = ">=1.33.2,<2.0dev", optional = true, markers = "python_version < \"3.11\" and extra == \"grpc\""}, + {version = ">=1.49.1,<2.0dev", optional = true, markers = "python_version >= \"3.11\" and extra == \"grpc\""}, +] protobuf = ">=3.19.5,<3.20.0 || >3.20.0,<3.20.1 || >3.20.1,<4.21.0 || >4.21.0,<4.21.1 || >4.21.1,<4.21.2 || >4.21.2,<4.21.3 || >4.21.3,<4.21.4 || >4.21.4,<4.21.5 || >4.21.5,<5.0.0dev" requests = ">=2.18.0,<3.0.0dev" @@ -1050,6 +1058,57 @@ files = [ google-auth = "*" httplib2 = ">=0.19.0" +[[package]] +name = "google-cloud-compute" +version = "1.14.1" +description = "Google Cloud Compute API client library" +optional = false +python-versions = ">=3.7" +files = [ + {file = "google-cloud-compute-1.14.1.tar.gz", hash = "sha256:acd987647d7c826aa97b4418141c740ead5e8811d3349315f2f89a30c01c7f4b"}, + {file = "google_cloud_compute-1.14.1-py2.py3-none-any.whl", hash = "sha256:b40d6aeeb2c5ce373675c869f1404a1bc19b9763b746ad8f2d91ed1148893d6f"}, +] + +[package.dependencies] +google-api-core = {version = ">=1.34.0,<2.0.dev0 || >=2.11.dev0,<3.0.0dev", extras = ["grpc"]} +proto-plus = [ + {version = ">=1.22.0,<2.0.0dev", markers = "python_version < \"3.11\""}, + {version = ">=1.22.2,<2.0.0dev", markers = "python_version >= \"3.11\""}, +] +protobuf = ">=3.19.5,<3.20.0 || >3.20.0,<3.20.1 || >3.20.1,<4.21.0 || >4.21.0,<4.21.1 || >4.21.1,<4.21.2 || >4.21.2,<4.21.3 || >4.21.3,<4.21.4 || >4.21.4,<4.21.5 || >4.21.5,<5.0.0dev" + +[[package]] +name = "google-cloud-core" +version = "2.3.3" +description = "Google Cloud API client core library" +optional = false +python-versions = ">=3.7" +files = [ + {file = "google-cloud-core-2.3.3.tar.gz", hash = "sha256:37b80273c8d7eee1ae816b3a20ae43585ea50506cb0e60f3cf5be5f87f1373cb"}, + {file = "google_cloud_core-2.3.3-py2.py3-none-any.whl", hash = "sha256:fbd11cad3e98a7e5b0343dc07cb1039a5ffd7a5bb96e1f1e27cee4bda4a90863"}, +] + +[package.dependencies] +google-api-core = ">=1.31.6,<2.0.dev0 || >2.3.0,<3.0.0dev" +google-auth = ">=1.25.0,<3.0dev" + +[package.extras] +grpc = ["grpcio (>=1.38.0,<2.0dev)"] + +[[package]] +name = "google-cloud-dns" +version = "0.34.2" +description = "Google Cloud DNS API client library" +optional = false +python-versions = ">=3.7" +files = [ + {file = "google-cloud-dns-0.34.2.tar.gz", hash = "sha256:fc61bd8cf070e87aacb62762eb2a5af1550706c98881d7aeaebaeed11280afd3"}, + {file = "google_cloud_dns-0.34.2-py2.py3-none-any.whl", hash = "sha256:c943867f59dd3557a3304abdd2b083ff788f2eee7f83b45ca8a9d24179dfbb5c"}, +] + +[package.dependencies] +google-cloud-core = ">=1.4.4,<3.0dev" + [[package]] name = "googleapis-common-protos" version = "1.59.0" @@ -1091,6 +1150,88 @@ files = [ {file = "graphql_core-3.2.3-py3-none-any.whl", hash = "sha256:5766780452bd5ec8ba133f8bf287dc92713e3868ddd83aee4faab9fc3e303dc3"}, ] +[[package]] +name = "grpcio" +version = "1.59.3" +description = "HTTP/2-based RPC framework" +optional = false +python-versions = ">=3.7" +files = [ + {file = "grpcio-1.59.3-cp310-cp310-linux_armv7l.whl", hash = "sha256:aca028a6c7806e5b61e5f9f4232432c52856f7fcb98e330b20b6bc95d657bdcc"}, + {file = "grpcio-1.59.3-cp310-cp310-macosx_12_0_universal2.whl", hash = "sha256:19ad26a7967f7999c8960d2b9fe382dae74c55b0c508c613a6c2ba21cddf2354"}, + {file = "grpcio-1.59.3-cp310-cp310-manylinux_2_17_aarch64.whl", hash = "sha256:72b71dad2a3d1650e69ad42a5c4edbc59ee017f08c32c95694172bc501def23c"}, + {file = "grpcio-1.59.3-cp310-cp310-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c0f0a11d82d0253656cc42e04b6a149521e02e755fe2e4edd21123de610fd1d4"}, + {file = "grpcio-1.59.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:60cddafb70f9a2c81ba251b53b4007e07cca7389e704f86266e22c4bffd8bf1d"}, + {file = "grpcio-1.59.3-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:6c75a1fa0e677c1d2b6d4196ad395a5c381dfb8385f07ed034ef667cdcdbcc25"}, + {file = "grpcio-1.59.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:e1d8e01438d5964a11167eec1edb5f85ed8e475648f36c834ed5db4ffba24ac8"}, + {file = "grpcio-1.59.3-cp310-cp310-win32.whl", hash = "sha256:c4b0076f0bf29ee62335b055a9599f52000b7941f577daa001c7ef961a1fbeab"}, + {file = "grpcio-1.59.3-cp310-cp310-win_amd64.whl", hash = "sha256:b1f00a3e6e0c3dccccffb5579fc76ebfe4eb40405ba308505b41ef92f747746a"}, + {file = "grpcio-1.59.3-cp311-cp311-linux_armv7l.whl", hash = "sha256:3996aaa21231451161dc29df6a43fcaa8b332042b6150482c119a678d007dd86"}, + {file = "grpcio-1.59.3-cp311-cp311-macosx_10_10_universal2.whl", hash = "sha256:cb4e9cbd9b7388fcb06412da9f188c7803742d06d6f626304eb838d1707ec7e3"}, + {file = "grpcio-1.59.3-cp311-cp311-manylinux_2_17_aarch64.whl", hash = "sha256:8022ca303d6c694a0d7acfb2b472add920217618d3a99eb4b14edc7c6a7e8fcf"}, + {file = "grpcio-1.59.3-cp311-cp311-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b36683fad5664283755a7f4e2e804e243633634e93cd798a46247b8e54e3cb0d"}, + {file = "grpcio-1.59.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8239b853226e4824e769517e1b5232e7c4dda3815b200534500338960fcc6118"}, + {file = "grpcio-1.59.3-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:0511af8653fbda489ff11d542a08505d56023e63cafbda60e6e00d4e0bae86ea"}, + {file = "grpcio-1.59.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e78dc982bda74cef2ddfce1c91d29b96864c4c680c634e279ed204d51e227473"}, + {file = "grpcio-1.59.3-cp311-cp311-win32.whl", hash = "sha256:6a5c3a96405966c023e139c3bcccb2c7c776a6f256ac6d70f8558c9041bdccc3"}, + {file = "grpcio-1.59.3-cp311-cp311-win_amd64.whl", hash = "sha256:ed26826ee423b11477297b187371cdf4fa1eca874eb1156422ef3c9a60590dd9"}, + {file = "grpcio-1.59.3-cp312-cp312-linux_armv7l.whl", hash = "sha256:45dddc5cb5227d30fa43652d8872dc87f086d81ab4b500be99413bad0ae198d7"}, + {file = "grpcio-1.59.3-cp312-cp312-macosx_10_10_universal2.whl", hash = "sha256:1736496d74682e53dd0907fd515f2694d8e6a96c9a359b4080b2504bf2b2d91b"}, + {file = "grpcio-1.59.3-cp312-cp312-manylinux_2_17_aarch64.whl", hash = "sha256:ddbd1a16138e52e66229047624de364f88a948a4d92ba20e4e25ad7d22eef025"}, + {file = "grpcio-1.59.3-cp312-cp312-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fcfa56f8d031ffda902c258c84c4b88707f3a4be4827b4e3ab8ec7c24676320d"}, + {file = "grpcio-1.59.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f2eb8f0c7c0c62f7a547ad7a91ba627a5aa32a5ae8d930783f7ee61680d7eb8d"}, + {file = "grpcio-1.59.3-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:8d993399cc65e3a34f8fd48dd9ad7a376734564b822e0160dd18b3d00c1a33f9"}, + {file = "grpcio-1.59.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:c0bd141f4f41907eb90bda74d969c3cb21c1c62779419782a5b3f5e4b5835718"}, + {file = "grpcio-1.59.3-cp312-cp312-win32.whl", hash = "sha256:33b8fd65d4e97efa62baec6171ce51f9cf68f3a8ba9f866f4abc9d62b5c97b79"}, + {file = "grpcio-1.59.3-cp312-cp312-win_amd64.whl", hash = "sha256:0e735ed002f50d4f3cb9ecfe8ac82403f5d842d274c92d99db64cfc998515e07"}, + {file = "grpcio-1.59.3-cp37-cp37m-linux_armv7l.whl", hash = "sha256:ea40ce4404e7cca0724c91a7404da410f0144148fdd58402a5942971e3469b94"}, + {file = "grpcio-1.59.3-cp37-cp37m-macosx_10_10_universal2.whl", hash = "sha256:83113bcc393477b6f7342b9f48e8a054330c895205517edc66789ceea0796b53"}, + {file = "grpcio-1.59.3-cp37-cp37m-manylinux_2_17_aarch64.whl", hash = "sha256:73afbac602b8f1212a50088193601f869b5073efa9855b3e51aaaec97848fc8a"}, + {file = "grpcio-1.59.3-cp37-cp37m-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:575d61de1950b0b0699917b686b1ca108690702fcc2df127b8c9c9320f93e069"}, + {file = "grpcio-1.59.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8cd76057b5c9a4d68814610ef9226925f94c1231bbe533fdf96f6181f7d2ff9e"}, + {file = "grpcio-1.59.3-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:95d6fd804c81efe4879e38bfd84d2b26e339a0a9b797e7615e884ef4686eb47b"}, + {file = "grpcio-1.59.3-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:0d42048b8a3286ea4134faddf1f9a59cf98192b94aaa10d910a25613c5eb5bfb"}, + {file = "grpcio-1.59.3-cp37-cp37m-win_amd64.whl", hash = "sha256:4619fea15c64bcdd9d447cdbdde40e3d5f1da3a2e8ae84103d94a9c1df210d7e"}, + {file = "grpcio-1.59.3-cp38-cp38-linux_armv7l.whl", hash = "sha256:95b5506e70284ac03b2005dd9ffcb6708c9ae660669376f0192a710687a22556"}, + {file = "grpcio-1.59.3-cp38-cp38-macosx_10_10_universal2.whl", hash = "sha256:9e17660947660ccfce56c7869032910c179a5328a77b73b37305cd1ee9301c2e"}, + {file = "grpcio-1.59.3-cp38-cp38-manylinux_2_17_aarch64.whl", hash = "sha256:00912ce19914d038851be5cd380d94a03f9d195643c28e3ad03d355cc02ce7e8"}, + {file = "grpcio-1.59.3-cp38-cp38-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e58b3cadaa3c90f1efca26ba33e0d408b35b497307027d3d707e4bcd8de862a6"}, + {file = "grpcio-1.59.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d787ecadea865bdf78f6679f6f5bf4b984f18f659257ba612979df97a298b3c3"}, + {file = "grpcio-1.59.3-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:0814942ba1bba269db4e760a34388640c601dece525c6a01f3b4ff030cc0db69"}, + {file = "grpcio-1.59.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:fb111aa99d3180c361a35b5ae1e2c63750220c584a1344229abc139d5c891881"}, + {file = "grpcio-1.59.3-cp38-cp38-win32.whl", hash = "sha256:eb8ba504c726befe40a356ecbe63c6c3c64c9a439b3164f5a718ec53c9874da0"}, + {file = "grpcio-1.59.3-cp38-cp38-win_amd64.whl", hash = "sha256:cdbc6b32fadab9bebc6f49d3e7ec4c70983c71e965497adab7f87de218e84391"}, + {file = "grpcio-1.59.3-cp39-cp39-linux_armv7l.whl", hash = "sha256:c82ca1e4be24a98a253d6dbaa216542e4163f33f38163fc77964b0f0d255b552"}, + {file = "grpcio-1.59.3-cp39-cp39-macosx_10_10_universal2.whl", hash = "sha256:36636babfda14f9e9687f28d5b66d349cf88c1301154dc71c6513de2b6c88c59"}, + {file = "grpcio-1.59.3-cp39-cp39-manylinux_2_17_aarch64.whl", hash = "sha256:5f9b2e591da751ac7fdd316cc25afafb7a626dededa9b414f90faad7f3ccebdb"}, + {file = "grpcio-1.59.3-cp39-cp39-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a93a82876a4926bf451db82ceb725bd87f42292bacc94586045261f501a86994"}, + {file = "grpcio-1.59.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ce31fa0bfdd1f2bb15b657c16105c8652186eab304eb512e6ae3b99b2fdd7d13"}, + {file = "grpcio-1.59.3-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:16da0e40573962dab6cba16bec31f25a4f468e6d05b658e589090fe103b03e3d"}, + {file = "grpcio-1.59.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:d1d1a17372fd425addd5812049fa7374008ffe689585f27f802d0935522cf4b7"}, + {file = "grpcio-1.59.3-cp39-cp39-win32.whl", hash = "sha256:52cc38a7241b5f7b4a91aaf9000fdd38e26bb00d5e8a71665ce40cfcee716281"}, + {file = "grpcio-1.59.3-cp39-cp39-win_amd64.whl", hash = "sha256:b491e5bbcad3020a96842040421e508780cade35baba30f402df9d321d1c423e"}, + {file = "grpcio-1.59.3.tar.gz", hash = "sha256:7800f99568a74a06ebdccd419dd1b6e639b477dcaf6da77ea702f8fb14ce5f80"}, +] + +[package.extras] +protobuf = ["grpcio-tools (>=1.59.3)"] + +[[package]] +name = "grpcio-status" +version = "1.59.3" +description = "Status proto mapping for gRPC" +optional = false +python-versions = ">=3.6" +files = [ + {file = "grpcio-status-1.59.3.tar.gz", hash = "sha256:65c394ba43380d6bdf8c04c61efc493104b5535552aed35817a1b4dc66598a1f"}, + {file = "grpcio_status-1.59.3-py3-none-any.whl", hash = "sha256:2fd2eb39ca4e9afb3c874c0878ff75b258db0b7dcc25570fc521f16ae0ab942a"}, +] + +[package.dependencies] +googleapis-common-protos = ">=1.5.5" +grpcio = ">=1.59.3" +protobuf = ">=4.21.6" + [[package]] name = "httplib2" version = "0.22.0" @@ -1965,6 +2106,23 @@ docs = ["sphinx (>=1.7.1)"] redis = ["redis"] tests = ["pytest (>=5.4.1)", "pytest-cov (>=2.8.1)", "pytest-mypy (>=0.8.0)", "pytest-timeout (>=2.1.0)", "redis", "sphinx (>=6.0.0)"] +[[package]] +name = "proto-plus" +version = "1.22.3" +description = "Beautiful, Pythonic protocol buffers." +optional = false +python-versions = ">=3.6" +files = [ + {file = "proto-plus-1.22.3.tar.gz", hash = "sha256:fdcd09713cbd42480740d2fe29c990f7fbd885a67efc328aa8be6ee3e9f76a6b"}, + {file = "proto_plus-1.22.3-py3-none-any.whl", hash = "sha256:a49cd903bc0b6ab41f76bf65510439d56ca76f868adf0274e738bfdd096894df"}, +] + +[package.dependencies] +protobuf = ">=3.19.0,<5.0.0dev" + +[package.extras] +testing = ["google-api-core[grpc] (>=1.31.5)"] + [[package]] name = "protobuf" version = "4.23.0" @@ -2773,8 +2931,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.7-cp310-cp310-win32.whl", hash = "sha256:763d65baa3b952479c4e972669f679fe490eee058d5aa85da483ebae2009d231"}, {file = "ruamel.yaml.clib-0.2.7-cp310-cp310-win_amd64.whl", hash = "sha256:d000f258cf42fec2b1bbf2863c61d7b8918d31ffee905da62dede869254d3b8a"}, {file = "ruamel.yaml.clib-0.2.7-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:045e0626baf1c52e5527bd5db361bc83180faaba2ff586e763d3d5982a876a9e"}, - {file = "ruamel.yaml.clib-0.2.7-cp311-cp311-macosx_13_0_arm64.whl", hash = "sha256:1a6391a7cabb7641c32517539ca42cf84b87b667bad38b78d4d42dd23e957c81"}, - {file = "ruamel.yaml.clib-0.2.7-cp311-cp311-manylinux2014_aarch64.whl", hash = "sha256:9c7617df90c1365638916b98cdd9be833d31d337dbcd722485597b43c4a215bf"}, + {file = "ruamel.yaml.clib-0.2.7-cp311-cp311-macosx_12_6_arm64.whl", hash = "sha256:721bc4ba4525f53f6a611ec0967bdcee61b31df5a56801281027a3a6d1c2daf5"}, {file = "ruamel.yaml.clib-0.2.7-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:41d0f1fa4c6830176eef5b276af04c89320ea616655d01327d5ce65e50575c94"}, {file = "ruamel.yaml.clib-0.2.7-cp311-cp311-win32.whl", hash = "sha256:f6d3d39611ac2e4f62c3128a9eed45f19a6608670c5a2f4f07f24e8de3441d38"}, {file = "ruamel.yaml.clib-0.2.7-cp311-cp311-win_amd64.whl", hash = "sha256:da538167284de58a52109a9b89b8f6a53ff8437dd6dc26d33b57bf6699153122"}, @@ -3312,4 +3469,4 @@ docs = ["mkdocs", "mkdocs-material"] [metadata] lock-version = "2.0" python-versions = ">=3.9,<3.12" -content-hash = "7e28daf704e53d057e66bc8fb71558361ab36a7cca85c7498a963f6406f54ef4" +content-hash = "6f6eb5d718df82bb65a9f1c1c4001cb6a42b4988fb56480eda00eaa8d681fed5" diff --git a/prowler/providers/gcp/services/compute/compute_firewall_rdp_access_from_the_internet_allowed/compute_firewall_rdp_access_from_the_internet_allowed.py b/prowler/providers/gcp/services/compute/compute_firewall_rdp_access_from_the_internet_allowed/compute_firewall_rdp_access_from_the_internet_allowed.py index 1a8091ad79..6759de89c7 100644 --- a/prowler/providers/gcp/services/compute/compute_firewall_rdp_access_from_the_internet_allowed/compute_firewall_rdp_access_from_the_internet_allowed.py +++ b/prowler/providers/gcp/services/compute/compute_firewall_rdp_access_from_the_internet_allowed/compute_firewall_rdp_access_from_the_internet_allowed.py @@ -15,15 +15,15 @@ class compute_firewall_rdp_access_from_the_internet_allowed(Check): report.status_extended = f"Firewall {firewall.name} does not expose port 3389 (RDP) to the internet." opened_port = False for rule in firewall.allowed_rules: - if rule["IPProtocol"] == "all": + if rule.I_p_protocol == "all": opened_port = True break - elif rule["IPProtocol"] == "tcp": - if rule.get("ports") is None: + elif rule.I_p_protocol == "tcp": + if not hasattr(rule, "ports"): opened_port = True break else: - for port in rule["ports"]: + for port in rule.ports: if port.find("-") != -1: lower, higher = port.split("-") if int(lower) <= 3389 and int(higher) >= 3389: diff --git a/prowler/providers/gcp/services/compute/compute_firewall_ssh_access_from_the_internet_allowed/compute_firewall_ssh_access_from_the_internet_allowed.py b/prowler/providers/gcp/services/compute/compute_firewall_ssh_access_from_the_internet_allowed/compute_firewall_ssh_access_from_the_internet_allowed.py index 1020d600e1..e3c06794b5 100644 --- a/prowler/providers/gcp/services/compute/compute_firewall_ssh_access_from_the_internet_allowed/compute_firewall_ssh_access_from_the_internet_allowed.py +++ b/prowler/providers/gcp/services/compute/compute_firewall_ssh_access_from_the_internet_allowed/compute_firewall_ssh_access_from_the_internet_allowed.py @@ -15,15 +15,15 @@ class compute_firewall_ssh_access_from_the_internet_allowed(Check): report.status_extended = f"Firewall {firewall.name} does not expose port 22 (SSH) to the internet." opened_port = False for rule in firewall.allowed_rules: - if rule["IPProtocol"] == "all": + if rule.I_p_protocol == "all": opened_port = True break - elif rule["IPProtocol"] == "tcp": - if rule.get("ports") is None: + elif rule.I_p_protocol == "tcp": + if not hasattr(rule, "ports"): opened_port = True break else: - for port in rule["ports"]: + for port in rule.ports: if port.find("-") != -1: lower, higher = port.split("-") if int(lower) <= 22 and int(higher) >= 22: diff --git a/prowler/providers/gcp/services/compute/compute_service.py b/prowler/providers/gcp/services/compute/compute_service.py index 88e927c4c0..14ae1b4aa9 100644 --- a/prowler/providers/gcp/services/compute/compute_service.py +++ b/prowler/providers/gcp/services/compute/compute_service.py @@ -2,6 +2,7 @@ from pydantic import BaseModel from prowler.lib.logger import logger from prowler.providers.gcp.lib.service.service import GCPService +from google.cloud import compute_v1 ################## Compute @@ -29,16 +30,23 @@ class Compute(GCPService): def __get_regions__(self): for project_id in self.project_ids: try: - request = self.client.regions().list(project=project_id) - while request is not None: - response = request.execute() + regions_client = compute_v1.RegionsClient() + request = compute_v1.ListRegionsRequest( + project=project_id, + ) + page_result = regions_client.list(request=request) + for region in page_result: + self.regions.add(region.name) + # request = self.client.regions().list(project=project_id) + # while request is not None: + # response = request.execute() - for region in response.get("items", []): - self.regions.add(region["name"]) + # for region in response.get("items", []): + # self.regions.add(region["name"]) - request = self.client.regions().list_next( - previous_request=request, previous_response=response - ) + # request = self.client.regions().list_next( + # previous_request=request, previous_response=response + # ) except Exception as error: logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" @@ -47,16 +55,23 @@ class Compute(GCPService): def __get_zones__(self): for project_id in self.project_ids: try: - request = self.client.zones().list(project=project_id) - while request is not None: - response = request.execute() + zones_client = compute_v1.ZonesClient() + request = compute_v1.ListZonesRequest( + project=project_id, + ) + page_result = zones_client.list(request=request) + for zone in page_result: + self.zones.add(zone.name) + # request = self.client.zones().list(project=project_id) + # while request is not None: + # response = request.execute() - for zone in response.get("items", []): - self.zones.add(zone["name"]) + # for zone in response.get("items", []): + # self.zones.add(zone["name"]) - request = self.client.zones().list_next( - previous_request=request, previous_response=response - ) + # request = self.client.zones().list_next( + # previous_request=request, previous_response=response + # ) except Exception as error: logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" @@ -66,10 +81,17 @@ class Compute(GCPService): for project_id in self.project_ids: try: enable_oslogin = False - response = self.client.projects().get(project=project_id).execute() - for item in response["commonInstanceMetadata"].get("items", []): + project_client = compute_v1.ProjectsClient() + request = compute_v1.GetProjectRequest(project=project_id) + response = project_client.get(request=request) + for item in response.common_instance_metadata.items: if item["key"] == "enable-oslogin" and item["value"] == "TRUE": enable_oslogin = True + # enable_oslogin = False + # response = self.client.projects().get(project=project_id).execute() + # for item in response["commonInstanceMetadata"].get("items", []): + # if item["key"] == "enable-oslogin" and item["value"] == "TRUE": + # enable_oslogin = True self.projects.append( Project(id=project_id, enable_oslogin=enable_oslogin) ) @@ -81,54 +103,91 @@ class Compute(GCPService): def __get_instances__(self, zone): for project_id in self.project_ids: try: - request = self.client.instances().list(project=project_id, zone=zone) - while request is not None: - response = request.execute( - http=self.__get_AuthorizedHttp_client__() - ) - - for instance in response.get("items", []): - public_ip = False - for interface in instance["networkInterfaces"]: - for config in interface.get("accessConfigs", []): - if "natIP" in config: - public_ip = True + instances_client = compute_v1.InstancesClient() + request = compute_v1.ListInstancesRequest( + project=project_id, + zone=zone, + ) + page_result = instances_client.list(request=request) + for instance in page_result: + public_ip = False + for interface in instance.network_interfaces: + for config in interface.access_configs: + if hasattr(config, "nat_i_p"): + public_ip = True self.instances.append( Instance( - name=instance["name"], - id=instance["id"], + name=instance.name, + id=instance.id, zone=zone, public_ip=public_ip, - metadata=instance["metadata"], - shielded_enabled_vtpm=instance[ - "shieldedInstanceConfig" - ]["enableVtpm"], - shielded_enabled_integrity_monitoring=instance[ - "shieldedInstanceConfig" - ]["enableIntegrityMonitoring"], - confidential_computing=instance.get( - "confidentialInstanceConfig", {} - ).get("enableConfidentialCompute", False), - service_accounts=instance.get("serviceAccounts", []), - ip_forward=instance.get("canIpForward", False), + metadata=instance.metadata, + shielded_enabled_vtpm=instance.shielded_instance_config.enable_vtpm, + shielded_enabled_integrity_monitoring=instance.shielded_instance_config.enable_integrity_monitoring, + confidential_computing=getattr(getattr(instance, "confidential_instance_config", None), "enable_confidential_compute", False), + service_accounts=getattr(instance, "service_accounts", []), + ip_forward=getattr(instance, "can_ip_forward", False), disks_encryption=[ ( - disk["deviceName"], + disk.device_name, True - if disk.get("diskEncryptionKey", {}).get( - "sha256" - ) + if getattr(getattr(disk, "disk_encryption_key", None), "sha256") else False, ) - for disk in instance["disks"] + for disk in instance.disks ], project_id=project_id, ) ) - request = self.client.instances().list_next( - previous_request=request, previous_response=response - ) + # request = self.client.instances().list(project=project_id, zone=zone) + # while request is not None: + # response = request.execute( + # http=self.__get_AuthorizedHttp_client__() + # ) + + # for instance in response.get("items", []): + # public_ip = False + # for interface in instance["networkInterfaces"]: + # for config in interface.get("accessConfigs", []): + # if "natIP" in config: + # public_ip = True + # self.instances.append( + # Instance( + # name=instance["name"], + # id=instance["id"], + # zone=zone, + # public_ip=public_ip, + # metadata=instance["metadata"], + # shielded_enabled_vtpm=instance[ + # "shieldedInstanceConfig" + # ]["enableVtpm"], + # shielded_enabled_integrity_monitoring=instance[ + # "shieldedInstanceConfig" + # ]["enableIntegrityMonitoring"], + # confidential_computing=instance.get( + # "confidentialInstanceConfig", {} + # ).get("enableConfidentialCompute", False), + # service_accounts=instance.get("serviceAccounts", []), + # ip_forward=instance.get("canIpForward", False), + # disks_encryption=[ + # ( + # disk["deviceName"], + # True + # if disk.get("diskEncryptionKey", {}).get( + # "sha256" + # ) + # else False, + # ) + # for disk in instance["disks"] + # ], + # project_id=project_id, + # ) + # ) + + # request = self.client.instances().list_next( + # previous_request=request, previous_response=response + # ) except Exception as error: logger.error( f"{zone} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" @@ -137,29 +196,50 @@ class Compute(GCPService): def __get_networks__(self): for project_id in self.project_ids: try: - request = self.client.networks().list(project=project_id) - while request is not None: - response = request.execute() - for network in response.get("items", []): - subnet_mode = ( + networks_client = compute_v1.NetworksClient() + request = compute_v1.ListNetworksRequest( + project=project_id, + ) + page_result = networks_client.list(request=request) + for network in page_result: + subnet_mode = ( "legacy" - if "autoCreateSubnetworks" not in network + if not hasattr(network, "auto_create_subnetworks") else "auto" - if network["autoCreateSubnetworks"] + if hasattr(network, "auto_create_subnetworks") else "custom" ) - self.networks.append( + self.networks.append( Network( - name=network["name"], - id=network["id"], + name=network.name, + id=network.id, subnet_mode=subnet_mode, project_id=project_id, ) ) + # request = self.client.networks().list(project=project_id) + # while request is not None: + # response = request.execute() + # for network in response.get("items", []): + # subnet_mode = ( + # "legacy" + # if "autoCreateSubnetworks" not in network + # else "auto" + # if network["autoCreateSubnetworks"] + # else "custom" + # ) + # self.networks.append( + # Network( + # name=network["name"], + # id=network["id"], + # subnet_mode=subnet_mode, + # project_id=project_id, + # ) + # ) - request = self.client.networks().list_next( - previous_request=request, previous_response=response - ) + # request = self.client.networks().list_next( + # previous_request=request, previous_response=response + # ) except Exception as error: logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" @@ -168,28 +248,46 @@ class Compute(GCPService): def __get_subnetworks__(self, region): for project_id in self.project_ids: try: - request = self.client.subnetworks().list( - project=project_id, region=region + subnet_client = compute_v1.SubnetworksClient() + request = compute_v1.ListSubnetworksRequest( + project=project_id, + region=region, ) - while request is not None: - response = request.execute( - http=self.__get_AuthorizedHttp_client__() - ) - for subnet in response.get("items", []): - self.subnets.append( + page_result = subnet_client.list(request=request) + for subnet in page_result: + self.subnets.append( Subnet( - name=subnet["name"], - id=subnet["id"], + name=subnet.name, + id=subnet.id, project_id=project_id, - flow_logs=subnet.get("enableFlowLogs", False), - network=subnet["network"].split("/")[-1], + flow_logs=getattr(subnet,"enable_flow_logs", False), + network=subnet.network.split("/")[-1], region=region, ) - ) - - request = self.client.subnetworks().list_next( - previous_request=request, previous_response=response ) + + # request = self.client.subnetworks().list( + # project=project_id, region=region + # ) + # while request is not None: + # response = request.execute( + # http=self.__get_AuthorizedHttp_client__() + # ) + # for subnet in response.get("items", []): + # self.subnets.append( + # Subnet( + # name=subnet["name"], + # id=subnet["id"], + # project_id=project_id, + # flow_logs=subnet.get("enableFlowLogs", False), + # network=subnet["network"].split("/")[-1], + # #region=region, + # ) + # ) + + # request = self.client.subnetworks().list_next( + # previous_request=request, previous_response=response + # ) except Exception as error: logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" @@ -198,25 +296,43 @@ class Compute(GCPService): def __get_firewalls__(self): for project_id in self.project_ids: try: - request = self.client.firewalls().list(project=project_id) - while request is not None: - response = request.execute() - - for firewall in response.get("items", []): - self.firewalls.append( + firewall_client = compute_v1.FirewallsClient() + request = compute_v1.ListFirewallsRequest( + project=project_id, + ) + page_result = firewall_client.list(request=request) + for firewall in page_result: + self.firewalls.append( Firewall( - name=firewall["name"], - id=firewall["id"], - source_ranges=firewall.get("sourceRanges", []), - direction=firewall["direction"], - allowed_rules=firewall.get("allowed", []), + name=firewall.name, + id=firewall.id, + source_ranges=list(getattr(firewall, "source_ranges", [])), + direction=firewall.direction, + allowed_rules=list(getattr(firewall, "allowed", [])), project_id=project_id, ) ) - request = self.client.firewalls().list_next( - previous_request=request, previous_response=response - ) + + # request = self.client.firewalls().list(project=project_id) + # while request is not None: + # response = request.execute() + + # for firewall in response.get("items", []): + # self.firewalls.append( + # Firewall( + # name=firewall["name"], + # id=firewall["id"], + # source_ranges=firewall.get("sourceRanges", []), + # direction=firewall["direction"], + # allowed_rules=firewall.get("allowed", []), + # project_id=project_id, + # ) + # ) + + # request = self.client.firewalls().list_next( + # previous_request=request, previous_response=response + # ) except Exception as error: logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" @@ -225,22 +341,39 @@ class Compute(GCPService): def __get_url_maps__(self): for project_id in self.project_ids: try: - request = self.client.urlMaps().list(project=project_id) - while request is not None: - response = request.execute() - for urlmap in response.get("items", []): - self.load_balancers.append( + # Create a client + url_maps_client = compute_v1.UrlMapsClient() + request = compute_v1.ListUrlMapsRequest( + project=project_id, + ) + page_result = url_maps_client.list(request=request) + for urlmap in page_result: + self.load_balancers.append( LoadBalancer( - name=urlmap["name"], - id=urlmap["id"], - service=urlmap.get("defaultService", ""), + name=urlmap.name, + id=urlmap.id, + service=getattr(urlmap, "default_service", ""), project_id=project_id, ) ) - request = self.client.urlMaps().list_next( - previous_request=request, previous_response=response - ) + + # request = self.client.urlMaps().list(project=project_id) + # while request is not None: + # response = request.execute() + # for urlmap in response.get("items", []): + # self.load_balancers.append( + # LoadBalancer( + # name=urlmap["name"], + # id=urlmap["id"], + # service=urlmap.get("defaultService", ""), + # project_id=project_id, + # ) + # ) + + # request = self.client.urlMaps().list_next( + # previous_request=request, previous_response=response + # ) except Exception as error: logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" @@ -249,15 +382,22 @@ class Compute(GCPService): def __describe_backend_service__(self): for balancer in self.load_balancers: try: - response = ( - self.client.backendServices() - .get( - project=balancer.project_id, - backendService=balancer.service.split("/")[-1], - ) - .execute() + client = compute_v1.BackendServicesClient() + request = compute_v1.GetBackendServiceRequest( + backend_service=balancer.service.split("/")[-1], + project=balancer.project_id, ) - balancer.logging = response.get("logConfig", {}).get("enable", False) + response = client.get(request=request) + balancer.logging = getattr(getattr(response, "log_config", None), "enable", False) + # response = ( + # self.client.backendServices() + # .get( + # project=balancer.project_id, + # backendService=balancer.service.split("/")[-1], + # ) + # .execute() + # ) + # balancer.logging = response.get("logConfig", {}).get("enable", False) except Exception as error: logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" diff --git a/pyproject.toml b/pyproject.toml index 467544ec26..cb69ee112c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -40,6 +40,8 @@ colorama = "0.4.6" detect-secrets = "1.4.0" google-api-python-client = "2.108.0" google-auth-httplib2 = "^0.1.0" +google-cloud-compute = "^1.14.1" +google-cloud-dns = "^0.34.2" jsonschema = "4.18.0" mkdocs = {version = "1.5.3", optional = true} mkdocs-material = {version = "9.4.14", optional = true}