我必须验证控制应用程序的 app.yaml 文件是否包含强制执行的行 安全连接。例如
handlers:
- url: /.*
secure: always
redirect_http_response_code: 301
script: auto
我创建了一个Python,它获取GCP中的所有项目列表并检查应用程序部署的版本,然后检查app.yaml,例如。 处理者:
我得到了带有版本 ID 的输出,但没有找到 app.yaml 文件。
Code Here
import subprocess
import csv
import re
# Get a list of all Google Cloud projects
projects = subprocess.run(["gcloud", "projects", "list", "--format=value(projectId)"], capture_output=True, text=True)
project_ids = projects.stdout.splitlines()
results = []
for project_id in project_ids:
# Get versions for App Engine services within each project
app_versions_command = f"gcloud app versions list --format='table(version.id)' --project={project_id} --service=default"
app_versions_output = subprocess.run(app_versions_command, shell=True, capture_output=True, text=True)
if app_versions_output.returncode == 0:
versions = app_versions_output.stdout.splitlines()[1:] # Skip header
for version in versions:
version = version.strip()
# Get app.yaml content for each version
app_yaml_command = f"gcloud app versions describe {version} --project={project_id} --service=default --format='get(config.appYaml)'"
app_yaml_content = subprocess.run(app_yaml_command, shell=True, capture_output=True, text=True)
if app_yaml_content.returncode == 0:
yaml_content = app_yaml_content.stdout
# Check if the app.yaml file contains the specific configuration
if re.search(r'handlers:\s*- url: /.*\s* secure: always\s* redirect_http_response_code: 301\s* script: auto', yaml_content):
results.append({"Project ID": project_id, "Version ID": version, "Secure Connection": "Enforced"})
else:
results.append({"Project ID": project_id, "Version ID": version, "Secure Connection": "Not Enforced"})
else:
results.append({"Project ID": project_id, "Version ID": version, "Secure Connection": "No app.yaml found"})
else:
results.append({"Project ID": project_id, "Version ID": "N/A", "Secure Connection": "Error fetching versions"})
# Export results to a CSV file
with open('secure_connections_all_versions.csv', 'w', newline='') as csvfile:
fieldnames = ['Project ID', 'Version ID', 'Secure Connection']
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
writer.writerows(results)
print("Results exported to secure_connections_all_versions.csv")
如果找到 app.yaml,请检查 app.yaml 中的以下代码
handlers:
- url: /.*
secure: always
redirect_http_response_code: 301
script: auto
将此作为社区维基共享以造福他人
正如@Puteri 和@Touhid Alam 所讨论的那样
这个命令有效吗? gcloud 应用程序版本描述 {version} --project={project_id} --service=default --format='get(config.appYaml)'。另一方面,最好使用 GCP 库,而不是使用 python 运行 gcloud 命令并解析输出
此命令适用于 gcloud 应用程序版本描述 {version} --project={project_id} --service=default