Scan your Google Cloud organization for public Cloud Functions

Have you ever wondered about all those Cloud Functions you have scattered across your sprawling GCP organization? And which ones are public?

For questions like these, the Cloud Asset Inventory Scanner would be my go-to tool. However, this scanner does not see Cloud Functions. Looks like I’ll need to solve this problem by hand.

The goal is crawl my org searching out Functions. But I want to limit the scope of this crawl, just in case there are projects that need to stay away from my prying eyes. So, the approach for this tool will take in a Folder as the root of its search, and it will scan through this Folder and sub-Folders on and on, surfacing every Function it finds to be open to users outside my organization.

After a little bit of recursive bash coding, here we are:

That’s it! Usage is: scan.sh FOLDER_ID

It will output a CSV of FUNCTION_ID,PROJECT_ID to standard out. Simple, fast, effective.