在使用python试图列出gcp中的防火墙规则时,在csv报告中追加两次
在使用python试图列出gcp中的防火墙规则时,在csv报告中追加两次
提问于 2022-03-22 00:43:10
import requests
import json
import re
import sys
import subprocess
import os
from googleapiclient import discovery
from oauth2client.client import GoogleCredentials
from google.oauth2 import service_account
credentials = service_account.Credentials.from_service_account_file("")
service = discovery.build('cloudresourcemanager', 'v1', credentials=credentials)
request = service.projects().list()
token1 = subprocess.Popen("gcloud auth print-access-token", stdout=subprocess.PIPE, shell = True)
token, error = token1.communicate()
token = str(token.decode("utf-8"))
token = token.rstrip("\n")
token = token.rstrip("\r")
Compliance = [""]
ComplianceFlag = 0
PROTOCOL = "-"
PORT = "-"
f = open("xxxxxxxxx.csv", 'w')
f.write("ProjectId, VPC, Rule Name, Direction, Compliance, SourceRange, IPProtocol, Port\n")
while request is not None:
response = request.execute()
for project in response.get('projects', []):
projectid = project['projectId']
projectname = project['name']
headers = {
'Authorization': 'Bearer ' + token,
'x-goog-user-project': projectid
}
count = 0
try:
get_url = "https://compute.googleapis.com/compute/v1/projects/"+ projectid +"/global/firewalls"
get_url_data = requests.get(get_url, headers= headers)
get_api2_json = json.loads(get_url_data.text)
for vpc in get_api2_json["items"]:
vpcname = vpc["network"]
vpcname = vpcname.split("/")[-1]
rulename = vpc["name"]
direction = vpc["direction"]
try:
try:
for sr in vpc["sourceRanges"]:
if "y.y.y.y/y" in sr:
Compliance.append("NonCompliant")
ComplianceFlag = 1
for allowed in vpc["allowed"]:
PROTOCOL=allowed["IPProtocol"]
if(PROTOCOL=="all"):
Compliance.append("NonCompliant")
ComplianceFlag = 1
try:
for port in allowed["ports"]:
if "22" in port or "139" in port:
Compliance.append("NonCompliantport")
ComplianceFlag = 1
PORT=port
f.write("{},{},{},{},{},{},{},{},{}\n".format(projectid, vpcname, rulename, direction, ' '.join([str(elem) for elem in Compliance]),sr,PROTOCOL,PORT))
except KeyError as e:
f.write("{},{},{},{},{},{},{},{},{}\n".format(projectid, vpcname, rulename, direction, ' '.join([str(elem) for elem in Compliance]),sr,PROTOCOL,"-"))
if ComplianceFlag == 0:
Compliance = [""]
ComplianceFlag = 0
Compliance = [""]
except KeyError as e:
f.write("{},{},{},{},{},{},{},{},{},\n".format(projectid, vpcname, rulename, direction, ' '.join([str(elem) for elem in Compliance]),PROTOCOL,PORT))
ComplianceFlag = 0
Compliance = [""]
print("")
except Exception as e:
print(e)
pass
except Exception as e:
print(e)
pass
request = service.projects().list_next(previous_request=request, previous_response=response)
f.close()
print(count)我在这里要做的就是生成一个csv报告,列出gcp中的防火墙规则,并进行遵从性检查(无论是投诉还是不兼容)。当我试图追加合规检查值时,它会在报告中追加两次。
这是它在代码中追加两次NonCompliantport不兼容端口的地方.
try:
for port in allowed["ports"]:
if "22" in port or "139" in port:
Compliance.append("NonCompliantport")
ComplianceFlag = 1
PORT=port
f.write("{},{},{},{},{},{},{},{},{}\n".format(projectid, vpcname, rulename, direction, ' '.join([str(elem) for elem in Compliance]),sr,PROTOCOL,PORT))
except KeyError as e:
f.write("{},{},{},{},{},{},{},{},{}\n".format(projectid, vpcname, rulename, direction, ' '.join([str(elem) for elem in Compliance]),sr,PROTOCOL,"-"))
if ComplianceFlag == 0:
Compliance = [""]
ComplianceFlag = 0
Compliance = [""]知道怎么解决这个问题吗..。
回答 1
Stack Overflow用户
发布于 2022-03-22 08:01:20
你能尝试像这样在complianceFlag上添加一个检查吗?
for port in allowed["ports"]:
if ("22" in port or "139" in port) and ComplianceFlag == 0:
Compliance.append("NonCompliantport")
ComplianceFlag = 1
PORT=port
f.write("{},{},页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/71565718
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号