gcloud logging read 'protoPayload.metadata.vpcServiceControlsUniqueId="uniqueid"' --project=projectname --format=json ====== check rule hit counts ====== #!/bin/bash # Check if the project ID and firewall rule name are provided as arguments if [ $# -ne 2 ]; then echo "Usage: $0 " exit 1 fi PROJECT_ID=$1 FIREWALL_RULE_NAME=$2 # Get the firewall rule details using gcloud FIREWALL_RULE_DETAILS=$(gcloud compute firewall-rules describe $FIREWALL_RULE_NAME --project $PROJECT_ID 2>/dev/null) # Check if the firewall rule exists if [ $? -ne 0 ]; then echo "Firewall rule '$FIREWALL_RULE_NAME' not found in project '$PROJECT_ID'." exit 1 fi # Get the hit counts for the firewall rule HIT_COUNTS=$(echo "$FIREWALL_RULE_DETAILS" | grep "packets: " | awk '{print $2}') # Check if there are any hit counts if [ -z "$HIT_COUNTS" ]; then echo "Firewall rule '$FIREWALL_RULE_NAME' in project '$PROJECT_ID' has not been hit yet." else echo "Firewall rule '$FIREWALL_RULE_NAME' in project '$PROJECT_ID' has been hit $HIT_COUNTS times." fi ====== query logs ====== #!/bin/bash # Set the project ID where the logs are stored PROJECT_ID="vpc01" # Set the time range for the query (adjust as needed) START_TIME="2023-08-02T00:00:00Z" END_TIME="2023-08-02T23:59:59Z" # List of domains to query for DNS logs DOMAINS=("compute.googleapis.com" "cloudbuild.googleapis.com" "cloudfunctions.googleapis.com") # Function to run the gcloud command for a specific domain function run_query_for_domain() { local domain="$1" local query="resource.type=\"dns_query\" AND jsonPayload.queryName=\"$domain\"" # Run the gcloud command to query for DNS logs local result=$(gcloud logging read "timestamp>=\"$START_TIME\" timestamp<=\"$END_TIME\" $query" --project="$PROJECT_ID" \ --format="table(timestamp, jsonPayload.destinationIP, jsonPayload.queryName, jsonPayload.sourceIP, resource.labels.project_id)" \ 2>/dev/null) # Redirect error output to /dev/null to ignore empty results # Check if the result is not empty before displaying if [ -n "$result" ]; then echo "Query results for domain: $domain" echo "$result" echo "--------------------------------------------------" fi } # Run the gcloud command to query for DNS logs for each domain for domain in "${DOMAINS[@]}"; do run_query_for_domain "$domain" done ====== read the projects from an INPUT file ====== #!/bin/bash # Set your GCP organization ID ORGANIZATION_ID="ORG_ID" # Create an array to store the enabled services enabled_services=() # Function to get enabled services for a project function get_enabled_services { local project_id="$1" local services=$(gcloud services list --project=${project_id} --enabled --format="value(NAME)") while IFS= read -r service_name; do enabled_services+=("$service_name") done <<< "$services" } # Check if the input file is provided if [ -z "$1" ]; then echo "Error: Please provide the input txt file containing project IDs." exit 1 fi # Read the project IDs from the input txt file input_file="$1" PROJECTS=$(cat "$input_file") # Iterate through each project and fetch enabled services for PROJECT in $PROJECTS do get_enabled_services "$PROJECT" done # Remove duplicates from the array unique_services=($(echo "${enabled_services[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) # Create a CSV file to store the output output_file="enabled_services.csv" echo "Enabled Services across all projects in the organization:" > "$output_file" for SERVICE in "${unique_services[@]}" do echo "- $SERVICE" >> "$output_file" done echo "Output written to $output_file" ====== services across all projects ====== #!/bin/bash # Set your GCP organization ID ORGANIZATION_ID="ORG_ID" # Create an array to store the enabled services enabled_services=() # Function to get enabled services for a project function get_enabled_services { local project_id="$1" local services=$(gcloud services list --project=${project_id} --enabled --format="value(NAME)") while IFS= read -r service_name; do enabled_services+=("$service_name") done <<< "$services" } # Get a list of all projects in the organization # PROJECTS=$(gcloud projects list --filter="parent.id=${ORGANIZATION_ID}" --format="value(projectId)") PROJECTS=$(gcloud projects list --format="value(projectId)") # Iterate through each project and fetch enabled services for PROJECT in $PROJECTS do get_enabled_services "$PROJECT" done # Remove duplicates from the array unique_services=($(echo "${enabled_services[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) # Create a CSV file to store the output output_file="enabled_services.csv" echo "Enabled Services across all projects in the organization:" > "$output_file" for SERVICE in "${unique_services[@]}" do echo "- $SERVICE" >> "$output_file" done echo "Output written to $output_file" ====== apis across all projects ====== #!/bin/bash # Set your GCP organization ID ORGANIZATION_ID="" # Create an array to store the enabled services enabled_services=() # Function to get enabled services for a project function get_enabled_services { local project_id="$1" local services=$(gcloud services list --project=${project_id} --enabled --format="value(NAME)") while IFS= read -r service_name; do enabled_services+=("$service_name") done <<< "$services" } # Get a list of all projects in the organization PROJECTS=$(gcloud projects list --filter="parent.id=${ORGANIZATION_ID}" --format="value(projectId)") # Iterate through each project and fetch enabled services for PROJECT in $PROJECTS do get_enabled_services "$PROJECT" done # Remove duplicates from the array unique_services=($(echo "${enabled_services[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) # Print the list of enabled services echo "Enabled Services across all projects in the organization:" for SERVICE in "${unique_services[@]}" do echo "- $SERVICE" done ====== export to CSV ====== #!/bin/bash projects_with_vpc=() # Get a list of all projects projects=$(gcloud projects list --format="value(projectId)") # Iterate through each project to check if it has VPC networks for project_id in $projects; do # Check if the compute API is enabled for the project api_status=$(gcloud services list --project="$project_id" --format="value(config.name)" --filter="config.name:compute.googleapis.com") if [ "$api_status" == "compute.googleapis.com" ]; then vpc_list=$(gcloud compute networks list --project="$project_id" --format="value(name)") if [ -n "$vpc_list" ]; then while IFS= read -r vpc_name; do projects_with_vpc+=("$project_id|$vpc_name") done <<< "$vpc_list" fi else echo "API [compute.googleapis.com] not enabled on project \"$project_id\". Skipping..." fi done # Output the list of projects with VPC networks to CSV file csv_file="projects_with_vpc.csv" echo "Project ID, VPC Name" > "$csv_file" for project_vpc in "${projects_with_vpc[@]}"; do project_id=$(echo "$project_vpc" | cut -d '|' -f 1) vpc_name=$(echo "$project_vpc" | cut -d '|' -f 2) echo "$project_id, $vpc_name" >> "$csv_file" done echo "Projects with VPC networks written to $csv_file." ====== first script ====== #!/bin/bash projects_with_vpc=() # Get a list of all projects projects=$(gcloud projects list --format="value(projectId)") # Iterate through each project to check if it has VPC networks for project_id in $projects; do vpc_list=$(gcloud compute networks list --project="$project_id" --format="value(name)") if [ -n "$vpc_list" ]; then while IFS= read -r vpc_name; do projects_with_vpc+=("$project_id|$vpc_name") done <<< "$vpc_list" fi done # Output the list of projects with VPC networks and their VPC names echo "Projects with VPC networks:" for project_vpc in "${projects_with_vpc[@]}"; do project_id=$(echo "$project_vpc" | cut -d '|' -f 1) vpc_name=$(echo "$project_vpc" | cut -d '|' -f 2) echo "- Project ID: $project_id, VPC Name: $vpc_name" done