socketbox · December 3, 2021 21:49
diff --git a/check_versioning_on_tfstate.py b/check_versioning_on_tfstate.py
 """

 """
 from google.cloud.resourcemanager import ProjectsClient
 from google.cloud.storage import Client
 from google.api_core import exceptions
 from google.api_core.retry import Retry

 ORGANIZATION_ID = 'YOUR-ORG-ID'
 _RETRYABLE_TYPES = [
    exceptions.TooManyRequests,  # 429
    exceptions.InternalServerError,  # 500
    exceptions.BadGateway,  # 502
    exceptions.ServiceUnavailable,  # 503
 ]
 results = [('PROJECT', 'BUCKET', 'VERSIONING?')]

 def is_retryable(exc):
    flag = False
    for rt in _RETRYABLE_TYPES:
        flag = isinstance(exc, rt)
    return flag


 def get_projects(client, rp):
    project_pager = client.list_projects(parent=f'organizations/{ORGANIZATION_ID}', retry=rp)
    pjs = []
    for page in project_pager:
        pjs.append(page)
    return pjs


 def get_buckets(client, project, rp):
    bckts = client.list_buckets(project=project.project_id, retry=retry_policy)
    return bckts


 def get_bucket_objects(client, bucket):
    objs = client.list_blobs(bucket.name)
    return objs


 def get_tfstate_files(objects):
    tfs = []
    for o in objects:
        if o.name.endswith('.tfstate'):
            tfs.append(o)
    return tfs


 def enable_versioning(bucket, dry_run):
    if not dry_run:
        bucket.versioning_enabled = True
        bucket.patch()
    else:
        print(f'Bucket named {b.name} would have had versioning enabled')


 if __name__ == '__main__':
    retry_policy = Retry(predicate=is_retryable)
    project_client = ProjectsClient()
    storage_client = Client()
    print("Getting projects...")
    projects = get_projects(project_client, retry_policy)
    for p in projects:
        print(f'Retrieving buckets for project {p.project_id}...')
        buckets = get_buckets(storage_client, p, retry_policy)
        for b in buckets:
            print(f'Checking versioning for bucket {b.name}')
            print(f'Bucket named {b.name} has versioning enabled? {b.versioning_enabled}')
            if not b.versioning_enabled and b.name.find('tfstate') != -1:
                print("Assuming tfstate files in bucket; enabling versioning")
                enable_versioning(b, False)
                results.append((p.display_name, b.name, b.versioning_enabled))

    for r in results:
        print(r)
	"""

	"""
	from google.cloud.resourcemanager import ProjectsClient
	from google.cloud.storage import Client
	from google.api_core import exceptions
	from google.api_core.retry import Retry

	ORGANIZATION_ID = 'YOUR-ORG-ID'
	_RETRYABLE_TYPES = [
	exceptions.TooManyRequests, # 429
	exceptions.InternalServerError, # 500
	exceptions.BadGateway, # 502
	exceptions.ServiceUnavailable, # 503
	]
	results = [('PROJECT', 'BUCKET', 'VERSIONING?')]

	def is_retryable(exc):
	flag = False
	for rt in _RETRYABLE_TYPES:
	flag = isinstance(exc, rt)
	return flag


	def get_projects(client, rp):
	project_pager = client.list_projects(parent=f'organizations/{ORGANIZATION_ID}', retry=rp)
	pjs = []
	for page in project_pager:
	pjs.append(page)
	return pjs


	def get_buckets(client, project, rp):
	bckts = client.list_buckets(project=project.project_id, retry=retry_policy)
	return bckts


	def get_bucket_objects(client, bucket):
	objs = client.list_blobs(bucket.name)
	return objs


	def get_tfstate_files(objects):
	tfs = []
	for o in objects:
	if o.name.endswith('.tfstate'):
	tfs.append(o)
	return tfs


	def enable_versioning(bucket, dry_run):
	if not dry_run:
	bucket.versioning_enabled = True
	bucket.patch()
	else:
	print(f'Bucket named {b.name} would have had versioning enabled')


	if __name__ == '__main__':
	retry_policy = Retry(predicate=is_retryable)
	project_client = ProjectsClient()
	storage_client = Client()
	print("Getting projects...")
	projects = get_projects(project_client, retry_policy)
	for p in projects:
	print(f'Retrieving buckets for project {p.project_id}...')
	buckets = get_buckets(storage_client, p, retry_policy)
	for b in buckets:
	print(f'Checking versioning for bucket {b.name}')
	print(f'Bucket named {b.name} has versioning enabled? {b.versioning_enabled}')
	if not b.versioning_enabled and b.name.find('tfstate') != -1:
	print("Assuming tfstate files in bucket; enabling versioning")
	enable_versioning(b, False)
	results.append((p.display_name, b.name, b.versioning_enabled))

	for r in results:
	print(r)