Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save ElijahLynn/5bee0036de5799d4a102370334ed3e9e to your computer and use it in GitHub Desktop.
Save ElijahLynn/5bee0036de5799d4a102370334ed3e9e to your computer and use it in GitHub Desktop.
Script to search the metadata of all GCP projects for an SSH public key
#!/bin/bash
# Define color codes
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
# Check if an argument is provided
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <public-ssh-key>"
exit 1
fi
# Public SSH key to search for
public_key="$1"
# Fetch all project IDs excluding those that start with 'sys-'
projects=$(gcloud projects list --filter="NOT(projectId:sys-*)" --format="value(projectId)")
# Initialize a variable to store projects with enabled Compute Engine API
enabled_projects=()
check_compute_engine_api() {
local project=$1
# Check if Compute Engine API is enabled, suppressing errors
api_status=$(gcloud services list --project="$project" --filter="config.name:compute.googleapis.com" --format="value(config.name)" 2>/dev/null)
if [ -n "$api_status" ]; then
echo -e "${GREEN}Compute Engine API is enabled for project: $project.${NC}"
echo "$project" >> enabled_projects.tmp
else
echo -e "${RED}Compute Engine API is not enabled for project: $project.${NC}"
fi
echo ""
}
export GREEN RED NC
export -f check_compute_engine_api
# Use GNU Parallel to check all projects in parallel
echo "$projects" | parallel check_compute_engine_api {}
# Read the enabled projects from the temporary file
enabled_projects=$(cat enabled_projects.tmp)
rm enabled_projects.tmp
echo -e "${GREEN}Projects with Compute Engine API enabled:${NC} ${enabled_projects[*]}"
# Proceed with searching for SSH keys in metadata across all enabled projects
search_ssh_keys() {
local project=$1
local public_key="$2"
echo "Searching for Public SSH keys in project: $project"
# Fetch all instances in the project, suppressing errors
instances=$(gcloud compute instances list --project="$project" --format="value(name, zone)" 2>/dev/null)
while IFS= read -r instance; do
instance_name=$(echo $instance | awk '{print $1}')
instance_zone=$(echo $instance | awk '{print $2}')
# Fetch metadata for each instance, suppressing errors
metadata=$(gcloud compute instances describe "$instance_name" --zone="$instance_zone" --project="$project" --format="json(metadata)" 2>/dev/null)
# Check if metadata contains items and ssh-keys
if [ "$(echo $metadata | jq -e '.metadata.items')" != "null" ]; then
# Check for the public SSH key in metadata
if echo $metadata | jq -e --arg key "$public_key" '.metadata.items[] | select(.key == "ssh-keys") | .value | contains($key)' > /dev/null; then
echo -e "${GREEN}Public SSH key found in project: $project${NC}"
echo "$project" >> found_projects.tmp
fi
fi
done <<< "$instances"
}
export -f search_ssh_keys
# Use GNU Parallel to search for SSH keys in all enabled projects in parallel
echo "$enabled_projects" | parallel search_ssh_keys {} "$public_key"
# Read the projects where the key was found from the temporary file
found_projects=$(cat found_projects.tmp 2>/dev/null)
rm found_projects.tmp 2>/dev/null
if [ -n "$found_projects" ]; then
echo -e "${GREEN}Projects with the specified public SSH key:${NC} ${found_projects[*]}"
else
echo -e "${RED}No projects found with the specified public SSH key.${NC}"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment