Skip to content
This repository was archived by the owner on Aug 4, 2023. It is now read-only.

Moved rest of sa_insights iteration into try block #9

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Moved rest of sa_insights iteration into try block #9

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
949b8c6
Moved rest of `sa_insights` iteration into `try` block
nickselpa Apr 8, 2021
00cea1f
Fixed indent and linted w/ `black` module
nickselpa Apr 8, 2021
568ec84
Merge branch 'main' into fix/sa_insights
jdyke Apr 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 25 additions & 19 deletions saUnused.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,47 +1,52 @@
#!/usr/bin/env python

import json
import requests # pylint: disable=import-error
import requests # pylint: disable=import-error
from google.cloud import recommender
import googleapiclient.discovery # pylint: disable=import-error
import googleapiclient.discovery # pylint: disable=import-error
from google.api_core import exceptions
import sys


def main():
"""
Central brain of the script. Executes other functions.
"""

# Generate a list of project numbers in the GCP Organization
project_numbers = get_projects()

# Takes the project numbers and finds the inactive service accounts
get_sa_insights(project_numbers)


def get_sa_insights(project_numbers):
"""
Gathers the Service Account insights from IAM recommender.
"""
# Create IAM Recommender client
recommender_client = recommender.RecommenderClient()

findings=[]
findings = []
# Iterate through project nums to generate SA findings per project
for project_num in project_numbers:
try:
sa_insights = recommender_client.list_insights(parent=f"projects/{project_num}/locations/global/insightTypes/google.iam.serviceAccount.Insight")
sa_insights = recommender_client.list_insights(
parent=f"projects/{project_num}/locations/global/insightTypes/google.iam.serviceAccount.Insight"
)
for insight in sa_insights:
if insight.insight_subtype == "SERVICE_ACCOUNT_USAGE":
email = insight.content["email"]
inactive_sa = json.dumps(
{"service_account_email": email, "project_number": project_num}
)
print(inactive_sa)
else:
continue
except exceptions.PermissionDenied as perm:
print(f"{perm}")
for insight in sa_insights:
if insight.insight_subtype == "SERVICE_ACCOUNT_USAGE":
email = insight.content["email"]
inactive_sa = json.dumps(
{ "service_account_email" : email,
"project_number" : project_num }
)
print(inactive_sa)
else:
continue
except Exception as e:
print(e)


def get_projects():
Expand All @@ -62,25 +67,26 @@ def get_projects():
while request is not None:
response = request.execute()

projects.extend(response.get('projects', []))
projects.extend(response.get("projects", []))

request = service.projects().list_next(request, response)

# For each project, extract the project number
project_numbers = []
for project in projects:
project_num = project['projectNumber']
project_num = project["projectNumber"]

project_numbers.append(project_num)

return project_numbers


def create_service():
"""
Creates the GCP Cloud Resource Service
"""
return googleapiclient.discovery.build('cloudresourcemanager', 'v1')
return googleapiclient.discovery.build("cloudresourcemanager", "v1")


if __name__ == "__main__":
main()