# Using `gcloud` command

In [None]:
!gcloud 

# Using Python Library

To get a list of custom roles from a given project in Google Cloud using Python, you can use the google-cloud-iam library. This library provides access to IAM (Identity and Access Management) API, which allows you to list, create, and manage roles, including custom roles.

* Step 1: Install the Required Libraries

First, you need to install the google-cloud-iam library. You can install it using pip:

In [2]:
!pip install google-cloud-iam

Collecting google-cloud-iam
  Downloading google_cloud_iam-2.16.1-py2.py3-none-any.whl.metadata (5.5 kB)
Downloading google_cloud_iam-2.16.1-py2.py3-none-any.whl (213 kB)
Installing collected packages: google-cloud-iam
Successfully installed google-cloud-iam-2.16.1


In [3]:
!pip show google-cloud-iam

Name: google-cloud-iam
Version: 2.16.1
Summary: Google Cloud Iam API client library
Home-page: https://github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-iam
Author: Google LLC
Author-email: googleapis-packages@google.com
License: Apache 2.0
Location: /Users/tripathimachine/Desktop/Apps/GitHub_Repo/.venv/lib/python3.12/site-packages
Requires: google-api-core, google-auth, grpc-google-iam-v1, proto-plus, protobuf
Required-by: 


* Step 2: Authenticate with Google Cloud

Make sure you authenticate your Python script to access Google Cloud. You can authenticate using a service account key or application default credentials (ADC).

To use service account credentials:

  * Go to the Google Cloud Console.
  * Create a Service Account and download the private key (JSON file).
  * Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to your service account key.

`export GOOGLE_APPLICATION_CREDENTIALS="path_to_your_service_account_file.json"`


Alternatively, use the default credentials. 

In [None]:
# -- No code, I am using default authentication

* Step 3: Write the Python Code to List Custom Roles

Now, use the following Python code to list the custom roles from a specific Google Cloud project:

Before that I will verify the package / library.

In [20]:
# import google.cloud.iam_v1
# print(google.cloud.iam_v1)

In [19]:
# from google.cloud import iam_v1

# client = iam_v1.IAMClient()
# if client:
#     print("Library Imported successfully")
# else:
#     print("Some Error")

In [16]:
!which python

/Users/tripathimachine/Desktop/Apps/GitHub_Repo/.venv/bin/python


In [17]:
import sys
print(sys.path)


['/opt/homebrew/Cellar/python@3.12/3.12.5/Frameworks/Python.framework/Versions/3.12/lib/python312.zip', '/opt/homebrew/Cellar/python@3.12/3.12.5/Frameworks/Python.framework/Versions/3.12/lib/python3.12', '/opt/homebrew/Cellar/python@3.12/3.12.5/Frameworks/Python.framework/Versions/3.12/lib/python3.12/lib-dynload', '', '/Users/tripathimachine/Desktop/Apps/GitHub_Repo/.venv/lib/python3.12/site-packages']


# Step 4: Alternative if Using google-cloud package directly

If you’re still having issues with google-cloud-iam, there’s an alternative where you can use google-api-python-client which is another commonly used library to interact with IAM resources.

`pip install google-api-python-client`


In [18]:
from googleapiclient.discovery import build

# Build the IAM service
service = build('iam', 'v1')
print(service)

<googleapiclient.discovery.Resource object at 0x118872480>


In [23]:
from googleapiclient.discovery import build
from google.oauth2 import service_account

def list_custom_roles(project_id):
    print("list_custom_roles function called.")
    # # Path to your service account key file
    # credentials = service_account.Credentials.from_service_account_file(
    #     'path_to_your_service_account.json',
    #     scopes=['https://www.googleapis.com/auth/cloud-platform']
    # )

    # Build the IAM service
    # service = build('iam', 'v1', credentials=credentials)
    service = build('iam', 'v1')

    # Get the roles for the project
    roles = service.projects().roles().list(
        parent=f'projects/{project_id}'
    ).execute()

    print(f"Got the list of roles : {roles}")

    # Filter custom roles
    custom_roles = [role for role in roles['roles'] if role.get('isCustom', False)]

    print(f"Custom Role beforing returning: {custom_roles}")

    return custom_roles

# Example usage
project_id = 'gcphde-prim-dev-data'
custom_roles = list_custom_roles(project_id)

# Print out the custom roles
for role in custom_roles:
    print(f"Looping for each custom role")
    print(role)


list_custom_roles function called.
Got the list of roles : {'roles': [{'name': 'projects/gcphde-prim-dev-data/roles/CustomRole_BQ_Admin', 'title': 'Custom Role for BQ Admin', 'description': 'Custom Role for BQ Admin', 'etag': 'BwYohNNo71Y='}]}
Custom Role beforing returning: []
