gcp防火墙信息抓取
拉取gcp防火墙信息 需要调用到基础接口脚本里的数据库读写和boto3库
from google.cloud import compute _v1
from google.oauth2 import service_account
from BasicInterfaces import executeMysqlData
import time
def queryFirewallRule(credentials,projectId):
dictFirewallDetails = {}
client = compute_v1.FirewallsClient(credentials= credentials)
try:
firewallRuleList = client. list(project=projectId)
except:
print (f'发现没有权限读取配置的 project')
dictFirewallDetails = {"projectid":{"rights":"no"}}
return dictFirewallDetails
portList = []
for firewallName in firewallRuleList:
if "0.0.0.0" in firewallName.source_ranges or "0.0.0.0/0" in firewallName.source_ranges:
print (f'发现存在any的规则!规则名为{firewallName.name}')
if len(firewallName.allowed)!= 0:
action = 'allow'
for context in firewallName.allowed:
for port in context.ports:
portList.append(port)
protocol = context.I_p_protocol
elif len(firewallName. denied) != 0:
action = 'deny'
for context in firewallName.denied:
for port in context.ports:
portList.append(port)
protocol = context.I_p_protocol
portStr = ','.join(portList)
dictFirewallDetails[firewallName.name] = {
"direction":firewallName.direction,
"action": action,
"port":portStr,
"protocol": protocol
}
portList = []
return dictFirewallDetails
project_ids = {"<项目显示名称>":"<项目实际名称>"}
credentials = service_account.Credentials.from_service_account_file('<xxxx.json>')
for i in project_ids:
print (f'开始扫描 project:{i}')
result = queryFirewallRule(credentials, project_ids[i])
for ruleName in result:
if 'rights' not in result[ruleName]:
sql= f"""INSERT INTO gcpfirewall (project, rulename, action, direction, protocol, ports, cloud) VALUES ({"'" + i + "'"},{"'" + ruleName + "'"},{"'" + result[ruleName]['action'] + "'"},{"'" +result[ruleName]['port'][0:280] + "'"},'GCP')"""
else:
sql= f"""INSERT INTO gcpfirewall (project, rulename, cloud) VALUES({"'" + i + "'"},'unknown','GCP')"""
executeMysqlData(1,'write', sql)