🍊 CitrusIO GCP Infrastructure Audit Tool

✨ Features:
- Comprehensive GCP infrastructure auditing
- Auto-discovery of all accessible projects
- Detailed JSON reporting with timestamps
- Security-focused design with credential protection
- Organized output in audit_reports/ directory

🛠️ Components:
- gcp_audit_script.py: Main auditing tool
- gcp_rollback_script.py: Infrastructure rollback capabilities

🔒 Security:
- .gitignore protects sensitive audit reports
- Safe defaults (read-only operations)
- Graceful error handling for permission issues
- No credential storage or logging

Author: shiftcmd

.gitignore

@@ -0,0 +1,74 @@
+# Sensitive files and credentials
+*.json
+*-key.json
+credentials.json
+service-account*.json
+
+# Audit reports (contain sensitive infrastructure data)
+audit_reports/
+*.log
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+venv/
+env/
+ENV/
+env.bak/
+venv.bak/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Environment variables
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# Google Cloud SDK
+google-cloud-sdk/
+y/
+
+# Temporary files
+*.tmp
+*.temp
+temp/
+tmp/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Citrus IO - GCP Infrastructure Audit Tool
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE. 

Quickstart.md

@@ -0,0 +1,38 @@
+# Set-up: Create the virtual environment
+python3 -m venv venv
+source venv/bin/activate
+
+# Make sure GCP CLI is installed and authenticated
+curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-464.0.0-darwin-arm.tar.gz
+tar -xf google-cloud-cli-464.0.0-darwin-arm.tar.gz
+./google-cloud-sdk/install.sh
+
+# Reconmendation: Install to path
+echo 'source ~/google-cloud-sdk/path.bash.inc' >> ~/.bash_profile
+source ~/.bash_profile
+
+# Or use Google's interactive script
+Go to the official documentation: https://cloud.google.com/sdk/docs/install-sdk#mac
+
+Download the latest .tar.gz (the link on the page will always point to the latest).
+
+Extract it.
+
+Run the ./google-cloud-sdk/install.sh script.
+Follow its prompts. It will handle adding to your PATH and setting up shell completion correctly for your specific shell.
+
+# 1. Install dependencies
+pip install -r requirements.txt
+
+# 2. Set up authentication
+gcloud auth application-default login
+# OR use service account key file
+
+# 3. Run audit (captures current state)
+python gcp_audit.py --projects [your-project-id]
+
+# 4. Test rollback (dry run - safe preview)
+python gcp_rollback.py gcp_audit_report_20241215_120000.json --dry-run
+
+# 5. Execute rollback if needed
+python gcp_rollback.py gcp_audit_report_20241215_120000.json --execute

README.md

@@ -0,0 +1,200 @@
+# 🍊 Citrus IO - GCP Infrastructure Audit Tool
+
+A comprehensive Google Cloud Platform (GCP) infrastructure auditing tool
+
+```
+   _______ __                     ________ 
+  / ____(_) /________  _______   /  _/ __ \
+ / /   / / __/ ___/ / / / ___/   / // / / /
+/ /___/ / /_/ /  / /_/ (__  )  _/ // /_/ / 
+\____/_/\__/_/   \__,_|____/  /___/\____/  
+```
+
+## ✨ Features
+
+- 🚀 **Auto-discovery**: Automatically finds all accessible GCP projects
+- 🔍 **Comprehensive auditing**: Covers IAM, compute, storage, networking, and more
+- 📊 **Detailed reporting**: Generates JSON reports with timestamped data
+- 📁 **Organized output**: Creates structured audit reports directory
+
+## 🛠️ What Gets Audited
+
+### Project-Level Resources
+- ✅ Enabled APIs and services
+- ✅ IAM policies and bindings
+- ✅ Service accounts and configurations
+
+### Compute Resources
+- ✅ Virtual Machine instances
+- ✅ Instance metadata and configurations
+- ✅ Compute zones and regions
+
+### Storage & Databases
+- ✅ Cloud Storage buckets
+- ✅ Cloud SQL instances
+- ✅ Storage policies and permissions
+
+### Networking
+- ✅ VPC networks and subnetworks
+- ✅ Firewall rules and priorities
+- ✅ Network routing configurations
+
+### Container Services
+- ✅ Google Kubernetes Engine (GKE) clusters
+- ✅ Node pools and configurations
+
+## 🚀 Quick Start
+
+### Prerequisites
+- Python 3.7+
+- Google Cloud SDK (gcloud)
+- GCP project access with appropriate permissions
+
+### Installation
+
+1. **Clone the repository**:
+   ```bash
+   git clone <your-repo-url>
+   cd GCP_audit
+   ```
+
+2. **Install dependencies**:
+   ```bash
+   pip install -r requirements.txt
+   ```
+
+3. **Authenticate with GCP**:
+   ```bash
+   gcloud auth application-default login
+   ```
+
+### Usage
+
+**Audit all accessible projects**:
+```bash
+python gcp_audit_script.py
+```
+
+**Audit specific projects**:
+```bash
+python gcp_audit_script.py --projects project-1 project-2
+```
+
+**Use service account credentials**:
+```bash
+python gcp_audit_script.py --credentials /path/to/service-account-key.json
+```
+
+## 📊 Sample Output
+
+```
+[19:10:39] 🚀 Initializing GCP Auditor...
+[19:10:39] 🔐 Using Application Default Credentials
+[19:10:39] 🔧 Initializing GCP clients...
+[19:10:51] ✅ All clients initialized successfully
+
+   _______ __                     ________ 
+  / ____(_) /________  _______   /  _/ __ \
+ / /   / / __/ ___/ / / / ___/   / // / / /
+/ /___/ / /_/ /  / /_/ (__  )  _/ // /_/ / 
+\____/_/\__/_/   \__,_|____/  /___/\____/  
+
+[19:10:51] 🚀 Starting GCP Infrastructure Audit...
+[19:10:51] 📋 Will audit 3 projects
+[19:10:51] 📊 [1/3] Processing project: production-app
+[19:10:51] 🔍 Auditing project: production-app
+[19:10:51]   🔌 Getting enabled APIs for production-app
+[19:10:51]     ✅ Found 25 enabled APIs
+[19:10:51]   🔐 Getting IAM policy for production-app
+[19:10:52]     ✅ Found 12 IAM bindings
+[19:10:52]   💻 Getting compute instances for production-app
+[19:10:53]     ✅ Found 5 compute instances
+```
+
+## 🔐 Required Permissions
+
+The tool requires the following IAM roles:
+
+### For Read-Only Auditing
+```bash
+roles/viewer
+roles/iam.securityReviewer
+roles/serviceusage.serviceUsageViewer
+```
+
+### For Organization-Level Access
+```bash
+roles/resourcemanager.organizationViewer
+roles/resourcemanager.folderViewer
+```
+
+## 📁 Output Structure
+
+Reports are saved in the `audit_reports/` directory:
+
+```
+audit_reports/
+└── gcp_audit_report_20241227_191051.json
+```
+
+### Report Format
+```json
+{
+  "audit_metadata": {
+    "timestamp": "2024-12-27T19:10:51",
+    "auditor_version": "1.0.0",
+    "projects_audited": 3
+  },
+  "projects": {
+    "project-id": {
+      "project_id": "project-id",
+      "enabled_apis": [...],
+      "iam_policy": {...},
+      "service_accounts": [...],
+      "compute_instances": [...],
+      "storage_buckets": [...],
+      "network_info": {...}
+    }
+  }
+}
+```
+
+## 🛡️ Security Features
+
+- **Credential Protection**: Never logs or stores credentials
+- **Safe Defaults**: Read-only operations by default
+- **Error Handling**: Graceful handling of permission errors
+- **Audit Trail**: Comprehensive logging of all operations
+
+## 🔧 Configuration
+
+### Environment Variables
+```bash
+export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-key.json
+export GOOGLE_CLOUD_PROJECT=default-project-id
+```
+
+### Command Line Options
+```bash
+python gcp_audit_script.py --help
+
+optional arguments:
+  --credentials PATH    Path to service account JSON file
+  --projects [PROJECT_IDS ...]  Specific project IDs to audit
+  --output FILENAME     Output file name (default: timestamped)
+```
+
+## 🤝 Contributing
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Add tests if applicable
+5. Submit a pull request
+
+## 📝 License
+
+This project is licensed under the MIT License - see the LICENSE file for details.
+
+
+--**⚠️ Important**: This tool performs read-only operations by default. Always test in non-production environments first.