Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
1 contributor

Users who have contributed to this file

133 lines (105 sloc) 3.88 KB
# !/usr/bin/env python
#
# Copyright 2018 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Demonstrates how to perform basic access management with Google Cloud IAM.
For more information, see the documentation at
https://cloud.google.com/iam/docs/granting-changing-revoking-access.
"""
import argparse
import os
from google.oauth2 import service_account
import googleapiclient.discovery
credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])
service = googleapiclient.discovery.build(
'cloudresourcemanager', 'v1', credentials=credentials)
# [START iam_get_policy]
def get_policy(project_id):
"""Gets IAM policy for a project."""
# pylint: disable=no-member
policy = service.projects().getIamPolicy(
resource=project_id, body={}).execute()
print(policy)
return policy
# [END iam_get_policy]
# [START iam_modify_policy_add_member]
def modify_policy_add_member(policy, role, member):
"""Adds a new member to a role binding."""
binding = next(b for b in policy['bindings'] if b['role'] == role)
binding['members'].append(member)
print(binding)
return policy
# [END iam_modify_policy_add_member]
# [START iam_modify_policy_add_role]
def modify_policy_add_role(policy, role, member):
"""Adds a new role binding to a policy."""
binding = {
'role': role,
'members': [member]
}
policy['bindings'].append(binding)
print(policy)
return policy
# [END iam_modify_policy_add_role]
# [START iam_set_policy]
def set_policy(project_id, policy):
"""Sets IAM policy for a project."""
# pylint: disable=no-member
policy = service.projects().setIamPolicy(
resource=project_id, body={
'policy': policy
}).execute()
print(policy)
return policy
# [END iam_set_policy]
def main():
parser = argparse.ArgumentParser(
description=__doc__,
formatter_class=argparse.RawDescriptionHelpFormatter)
subparsers = parser.add_subparsers(dest='command')
# Get
get_parser = subparsers.add_parser(
'get', help=get_policy.__doc__)
get_parser.add_argument('project_id')
# Modify: add member
modify_member_parser = subparsers.add_parser(
'modify_member', help=get_policy.__doc__)
modify_member_parser.add_argument('project_id')
modify_member_parser.add_argument('role')
modify_member_parser.add_argument('member')
# Modify: add role
modify_role_parser = subparsers.add_parser(
'modify_role', help=get_policy.__doc__)
modify_role_parser.add_argument('project_id')
modify_role_parser.add_argument('project_id')
modify_role_parser.add_argument('role')
modify_role_parser.add_argument('member')
# Set
set_parser = subparsers.add_parser(
'set', help=set_policy.__doc__)
set_parser.add_argument('project_id')
set_parser.add_argument('policy')
args = parser.parse_args()
if args.command == 'get':
get_policy(args.project_id)
elif args.command == 'set':
set_policy(args.project_id, args.policy)
elif args.command == 'add_member':
modify_policy_add_member(args.policy, args.role, args.member)
elif args.command == 'add_binding':
modify_policy_add_role(args.policy, args.role, args.member)
if __name__ == '__main__':
main()
You can’t perform that action at this time.