In [1]:
import json
import collections
import warnings

from googleapiclient import discovery

In [2]:
warnings.filterwarnings("ignore", "Your application has authenticated using end user credentials")

In [3]:
# Fetch most up to date role list and role descriptions from API

# Build Cloud IAM API client
iam = discovery.build('iam', 'v1')

raw_role_data = {}

# Build initial request
request = iam.roles().list()

print('Fetching list of all roles.')

while True:
    # Results are paginated, so iterate over the results until exhausted
    response = request.execute()

    for role in response.get('roles', []):
        name = role['name']
        if name not in raw_role_data:
            # print(f'Getting details for {name}.')
            if 'datacatalog' in name:
                print(name)
                # Get role details which contains included permissions
                raw_role_data[name] = iam.roles().get(name=name).execute()

    print('Still working...')
    # Get the next page
    request = iam.roles().list_next(previous_request=request,
                                    previous_response=response)
    
    if request is None:
        print('Fetched all roles.')
        break

Fetching list of all roles.
roles/datacatalog.admin
roles/datacatalog.categoryAdmin
roles/datacatalog.categoryFineGrainedReader
roles/datacatalog.entryGroupCreator
roles/datacatalog.entryGroupOwner
roles/datacatalog.entryOwner
roles/datacatalog.entryViewer
roles/datacatalog.tagEditor
roles/datacatalog.tagTemplateCreator
roles/datacatalog.tagTemplateOwner
roles/datacatalog.tagTemplateUser
roles/datacatalog.tagTemplateViewer
roles/datacatalog.viewer
Still working...
Still working...
Fetched all roles.


In [4]:
# Dump the data to JSON as a snapshot of state of roles/permissions
# Useful for further processing or obviate the need for more API calls
print('Writing role permissions.')

with open('roles.json', 'w') as f:
    json.dump(raw_role_data, f, indent=2)

print('Done.')

Writing role permissions.
Done.
