{"id":15222002,"url":"https://github.com/googlecloudplatform/gcpdiag","last_synced_at":"2025-04-08T11:08:44.826Z","repository":{"id":37426946,"uuid":"387514158","full_name":"GoogleCloudPlatform/gcpdiag","owner":"GoogleCloudPlatform","description":"gcpdiag is a command-line diagnostics tool for GCP customers.","archived":false,"fork":false,"pushed_at":"2024-10-29T17:18:51.000Z","size":59736,"stargazers_count":288,"open_issues_count":22,"forks_count":66,"subscribers_count":32,"default_branch":"main","last_synced_at":"2024-10-29T18:37:34.099Z","etag":null,"topics":["devops-tools","diagnostics","gcp","google-cloud","google-cloud-platform","linter"],"latest_commit_sha":null,"homepage":"https://gcpdiag.dev/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GoogleCloudPlatform.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-07-19T15:38:27.000Z","updated_at":"2024-10-29T17:17:58.000Z","dependencies_parsed_at":"2023-02-17T17:46:08.817Z","dependency_job_id":"8e78449c-5635-4da4-92b8-d5784392f2ac","html_url":"https://github.com/GoogleCloudPlatform/gcpdiag","commit_stats":null,"previous_names":[],"tags_count":65,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fgcpdiag","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fgcpdiag/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fgcpdiag/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fgcpdiag/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GoogleCloudPlatform","download_url":"https://codeload.github.com/GoogleCloudPlatform/gcpdiag/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247829491,"owners_count":21002995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops-tools","diagnostics","gcp","google-cloud","google-cloud-platform","linter"],"created_at":"2024-09-28T15:09:43.202Z","updated_at":"2025-04-08T11:08:44.804Z","avatar_url":"https://github.com/GoogleCloudPlatform.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gcpdiag - Diagnostics for Google Cloud Platform\n\n[![code analysis badge](https://github.com/GoogleCloudPlatform/gcpdiag/actions/workflows/code-analysis.yml/badge.svg?branch=main\u0026event=push)](https://github.com/GoogleCloudPlatform/gcpdiag/actions/workflows/code-analysis.yml?query=branch%3Amain+event%3Apush)\n[![test badge](https://github.com/GoogleCloudPlatform/gcpdiag/actions/workflows/test.yml/badge.svg?branch=main\u0026event=push)](https://github.com/GoogleCloudPlatform/gcpdiag/actions/workflows/test.yml?query=branch%3Amain+event%3Apush)\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/GoogleCloudPlatform/gcpdiag/badge)](https://scorecard.dev/viewer/?uri=github.com/GoogleCloudPlatform/gcpdiag)\n\n**gcpdiag** is a command-line diagnostics tool for GCP customers. It finds\nand helps to fix common issues in Google Cloud Platform projects. It is used to\ntest projects against a wide range of best practices and frequent mistakes,\nbased on the troubleshooting experience of the Google Cloud Support team.\n\ngcpdiag is open-source and contributions are welcome! Note that this is not\nan officially supported Google product, but a community effort. The Google Cloud\nSupport team maintains this code and we do our best to avoid causing any\nproblems in your projects, but we give no guarantees to that end.\n\n\u003cimg src=\"docs/gcpdiag-demo-2021-10-01.gif\" alt=\"gcpdiag demo\" width=\"800\"/\u003e\n\n## Installation\n\nYou can run gcpdiag using a shell wrapper that starts gcpdiag in a Docker\ncontainer. This should work on any machine with Docker or Podman installed,\nincluding Cloud Shell.\n\n```\ncurl https://gcpdiag.dev/gcpdiag.sh \u003egcpdiag\nchmod +x gcpdiag\n./gcpdiag lint --project=MYPROJECT\n```\n\n## Usage\n\nCurrently gcpdiag mainly supports one subcommand: `lint`, which is used\nto run diagnostics on one or more GCP projects.\n\n```\nusage:\n\ngcpdiag lint --project P [OPTIONS]\ngcpdiag lint --project P [--name faulty-vm --location us-central1-a --label key:value]\n\nRun diagnostics in GCP projects.\n\noptional arguments:\n -h, --help show this help message and exit\n --auth-adc Authenticate using Application Default Credentials (default)\n --auth-key FILE Authenticate using a service account private key file\n --project P Project ID of project to inspect\n --name n [n ...] Resource Name(s) to inspect (e.g.: bastion-host,prod-*)\n --location R [R ...] Valid GCP region/zone to scope inspection (e.g.: us-central1-a,us-central1)\n --label key:value One or more resource labels as key-value pair(s) to scope inspection\n (e.g.: env:prod, type:frontend or env=prod type=frontend)\n --billing-project P Project used for billing/quota of API calls done by gcpdiag (default is the inspected project, requires\n 'serviceusage.services.use' permission)\n --show-skipped Show skipped rules\n --hide-ok Hide rules with result OK\n --enable-gce-serial-buffer\n Fetch serial port one output directly from the Compute API. Use this flag when not exporting\n serial port output to cloud logging.\n --include INCLUDE Include rule pattern (e.g.: `gke`, `gke/*/2021*`). Multiple pattern can be specified (comma separated, or with multiple\n arguments)\n --exclude EXCLUDE Exclude rule pattern (e.g.: `BP`, `*/*/2022*`)\n --include-extended Include extended rules. Additional rules might generate false positives (default: False)\n -v, --verbose Increase log verbosity\n --within-days D How far back to search logs and metrics (default: 3 days)\n --config FILE Read configuration from FILE\n --logging-ratelimit-requests R\n Configure rate limit for logging queries (default: 60)\n --logging-ratelimit-period-seconds S\n Configure rate limit period for logging queries (default: 60 seconds)\n --logging-page-size P\n Configure page size for logging queries (default: 500)\n --logging-fetch-max-entries E\n Configure max entries to fetch by logging queries (default: 10000)\n --logging-fetch-max-time-seconds S\n Configure timeout for logging queries (default: 120 seconds)\n --output FORMATTER Format output as one of [terminal, json, csv] (default: terminal)\n```\n\n### Authentication\n\ngcpdiag supports authentication using multiple mechanisms:\n\n1. Application default credentials\n\n gcpdiag can use Cloud SDK's [Application Default\n Credentials](https://google-auth.readthedocs.io/en/latest/reference/google.auth.html#google.auth.default).\n This might require that you first run `gcloud auth login --update-adc` to\n update the cached credentials. This is the default in Cloud Shell because in\n that environment, ADC credentials are automatically provisioned.\n\n1. Service account key\n\n You can also use the `--auth-key` parameter to specify the [private\n key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys)\n of a service account.\n\nThe authenticated principal will need as minimum the following roles granted (both of them):\n\n- `Viewer` on the inspected project\n- `Service Usage Consumer` on the project used for billing/quota enforcement,\n which is per default the project being inspected, but can be explicitly set\n using the `--billing-project` option\n\nThe Editor and Owner roles include all the required permissions, but if you use\nservice account authentication (`--auth-key`), we recommend to only grant the\nViewer+Service Usage Consumer on that service account.\n\n### Test Products, Classes, and IDs\n\nTests are organized by product, class, and ID.\n\nThe **product** is the GCP service that is being tested. Examples: GKE or GCE.\n\nThe **class** is what kind of test it is, currently we have:\n\n| Class name | Description |\n| ---------- | ----------------------------------------------- |\n| BP | Best practice, opinionated recommendations |\n| WARN | Warnings: things that are possibly wrong |\n| ERR | Errors: things that are very likely to be wrong |\n| SEC | Potential security issues |\n\nThe **ID** is currently formatted as YYYY_NNN, where YYYY is the year the test\nwas written, and NNN is a counter. The ID must be unique per product/class\ncombination.\n\nEach test also has a **short_description** and a **long_description**. The short\ndescription is a statement about the **good state** that is being verified to be\ntrue (i.e. we don't test for errors, we test for compliance, i.e. an problem not\nto be present).\n\n## Further Information\n\nSee \u003chttp://gcpdiag.dev\u003e for more information:\n\n- \u003ca href=\"https://gcpdiag.dev/docs/\"\u003eDocumentation\u003c/a\u003e\n- \u003ca href=\"https://gcpdiag.dev/rules/\"\u003eLint rule descriptions\u003c/a\u003e\n- \u003ca href=\"https://gcpdiag.dev/docs/development/\"\u003eDevelopment guides\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglecloudplatform%2Fgcpdiag","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgooglecloudplatform%2Fgcpdiag","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglecloudplatform%2Fgcpdiag/lists"}