gcp

libs/gcp/gcp_bigquery.py

@@ -0,0 +1,28 @@
+'''
+GCP BigQuery functions for WeirdAAL
+'''
+
+import google.auth
+import googleapiclient.discovery
+import os
+import sys
+
+from google.oauth2 import service_account
+
+from googleapiclient.errors import HttpError
+
+from google.cloud import bigquery, exceptions
+from google.cloud.exceptions import *
+
+
+def gcp_bigquery_list_datasets(project_id, credentials):
+    bigquery_client = bigquery.Client(project=credentials.project_id)
+    datasets = list(bigquery_client.list_datasets())
+    project = bigquery_client.project
+
+    if datasets:
+        print('Datasets in project {}:'.format(project))
+        for dataset in datasets:  # API request(s)
+            print('\t{}'.format(dataset.dataset_id))
+    else:
+        print('{} project does not contain any datasets.'.format(project))

libs/gcp/gcp_storage.py

@@ -35,5 +35,5 @@ def gcp_storage_list_blobs(credentials, bucket_name):
     blobs = bucket.list_blobs()
 
     for blob in blobs:
-        print(blob.name)
+        print('\t{}'.format(blob.name))
     print('\n')

modules/gcp/gcp_recon.py

@@ -7,6 +7,7 @@ that have functions that done have arguments if we can access them :-)
 
 from libs.gcp.gcp_iam import *
 from libs.gcp.gcp_storage import *
+from libs.gcp.gcp_bigquery import *
 
 credentials = service_account.Credentials.from_service_account_file(
     filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
@@ -27,9 +28,9 @@ def module_gcp_recon_all():
     except HttpError as e:
         # print(e)
         if e.resp.status in [403, 500, 503]:
-            print("\tGCP IAM access denied for {}".format(credentials.service_account_email))
+            print("\tGCP IAM access denied for {}\n".format(credentials.service_account_email))
         else:
-            print(e)
+            print('{}\n'.format(e))
     except google.auth.exceptions.RefreshError as f:
         print(f)
         print("Service key is invalid exiting")
@@ -42,9 +43,9 @@ def module_gcp_recon_all():
     except HttpError as e:
         # print(e)
         if e.resp.status in [403, 500, 503]:
-            print("\tIAM access denied for {}".format(credentials.service_account_email))
+            print("\tIAM access denied for {}\n".format(credentials.service_account_email))
         else:
-            print(e)
+            print('{}\n'.format(e))
     except google.auth.exceptions.RefreshError as f:
         print(f)
         print("Service key is invalid exiting")
@@ -54,19 +55,35 @@ def module_gcp_recon_all():
     Storage bucket access checks
     '''
     try:
-        print("Checking for storage buckets")
+        print("GCP Storage check")
         buckets = gcp_storage_list_buckets(credentials)
         if buckets:
-            print("\nAttempting to list bucket contents")
+            print("\nAttempting to list bucket contents:")
             for a in buckets:
-                print(a)
+                print('Bucket: {}'.format(a))
                 gcp_storage_list_blobs(credentials, a)
     except googleapiclient.errors.HttpError as e:
-        print(e)
+        print('{}\n'.format(e))
     except exceptions.Forbidden as e:
-            print("Forbidden")
+        print("\t Forbidden")
-            print(e)
+        print('{}\n'.format(e))
     except exceptions.PermissionDenied as e:
-            print("PermissionDenied")
+        print("\t PermissionDenied")
+    except google.auth.exceptions.RefreshError as f:
+        print(f)
+
+    '''
+    BigQuery access checks
+    ''' 
+    try:
+        print("GCP BigQuery check")
+        gcp_bigquery_list_datasets(credentials.project_id, credentials)
+    except googleapiclient.errors.HttpError as e:
+        print('{}\n'.format(e))
+    except exceptions.Forbidden as e:
+        print("\t Forbidden")
+        print('{}\n'.format(e))
+    except exceptions.PermissionDenied as e:
+            print("\t PermissionDenied")
     except google.auth.exceptions.RefreshError as f:
         print(f)

requirements.txt

@@ -11,3 +11,4 @@ tabulate==0.8.2
 google-api-python-client==1.7.4
 google.cloud==0.34.0
 google-cloud-storage==1.12.0
+google-cloud-bigquery==1.5.1

weirdAAL.py

@@ -29,7 +29,7 @@ from google.cloud.exceptions import *
 
 os.environ['AWS_SHARED_CREDENTIALS_FILE'] = '.env'
 
-os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = 'gcp_keys/4.json'
+os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = 'gcp_keys/34.json'
 
 # If you want to use a transparent + supports SSL proxy you can put it here
 # os.environ['HTTPS_PROXY'] = 'https://127.0.0.1:3128'