Created
July 19, 2024 20:55
-
-
Save ElijahLynn/5bee0036de5799d4a102370334ed3e9e to your computer and use it in GitHub Desktop.
Script to search the metadata of all GCP projects for an SSH public key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Define color codes | |
| GREEN='\033[0;32m' | |
| RED='\033[0;31m' | |
| NC='\033[0m' # No Color | |
| # Check if an argument is provided | |
| if [ "$#" -ne 1 ]; then | |
| echo "Usage: $0 <public-ssh-key>" | |
| exit 1 | |
| fi | |
| # Public SSH key to search for | |
| public_key="$1" | |
| # Fetch all project IDs excluding those that start with 'sys-' | |
| projects=$(gcloud projects list --filter="NOT(projectId:sys-*)" --format="value(projectId)") | |
| # Initialize a variable to store projects with enabled Compute Engine API | |
| enabled_projects=() | |
| check_compute_engine_api() { | |
| local project=$1 | |
| # Check if Compute Engine API is enabled, suppressing errors | |
| api_status=$(gcloud services list --project="$project" --filter="config.name:compute.googleapis.com" --format="value(config.name)" 2>/dev/null) | |
| if [ -n "$api_status" ]; then | |
| echo -e "${GREEN}Compute Engine API is enabled for project: $project.${NC}" | |
| echo "$project" >> enabled_projects.tmp | |
| else | |
| echo -e "${RED}Compute Engine API is not enabled for project: $project.${NC}" | |
| fi | |
| echo "" | |
| } | |
| export GREEN RED NC | |
| export -f check_compute_engine_api | |
| # Use GNU Parallel to check all projects in parallel | |
| echo "$projects" | parallel check_compute_engine_api {} | |
| # Read the enabled projects from the temporary file | |
| enabled_projects=$(cat enabled_projects.tmp) | |
| rm enabled_projects.tmp | |
| echo -e "${GREEN}Projects with Compute Engine API enabled:${NC} ${enabled_projects[*]}" | |
| # Proceed with searching for SSH keys in metadata across all enabled projects | |
| search_ssh_keys() { | |
| local project=$1 | |
| local public_key="$2" | |
| echo "Searching for Public SSH keys in project: $project" | |
| # Fetch all instances in the project, suppressing errors | |
| instances=$(gcloud compute instances list --project="$project" --format="value(name, zone)" 2>/dev/null) | |
| while IFS= read -r instance; do | |
| instance_name=$(echo $instance | awk '{print $1}') | |
| instance_zone=$(echo $instance | awk '{print $2}') | |
| # Fetch metadata for each instance, suppressing errors | |
| metadata=$(gcloud compute instances describe "$instance_name" --zone="$instance_zone" --project="$project" --format="json(metadata)" 2>/dev/null) | |
| # Check if metadata contains items and ssh-keys | |
| if [ "$(echo $metadata | jq -e '.metadata.items')" != "null" ]; then | |
| # Check for the public SSH key in metadata | |
| if echo $metadata | jq -e --arg key "$public_key" '.metadata.items[] | select(.key == "ssh-keys") | .value | contains($key)' > /dev/null; then | |
| echo -e "${GREEN}Public SSH key found in project: $project${NC}" | |
| echo "$project" >> found_projects.tmp | |
| fi | |
| fi | |
| done <<< "$instances" | |
| } | |
| export -f search_ssh_keys | |
| # Use GNU Parallel to search for SSH keys in all enabled projects in parallel | |
| echo "$enabled_projects" | parallel search_ssh_keys {} "$public_key" | |
| # Read the projects where the key was found from the temporary file | |
| found_projects=$(cat found_projects.tmp 2>/dev/null) | |
| rm found_projects.tmp 2>/dev/null | |
| if [ -n "$found_projects" ]; then | |
| echo -e "${GREEN}Projects with the specified public SSH key:${NC} ${found_projects[*]}" | |
| else | |
| echo -e "${RED}No projects found with the specified public SSH key.${NC}" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment