def MakeAnalyzeIamPolicyHttpRequests(args, api_version=V1P4ALPHA1_API_VERSION):
"""Manually make the get assets history request."""
http_client = http.Http()
parent = asset_utils.GetParentNameForAnalyzeIamPolicy(args.organization)
url_base = '{0}/{1}/{2}:{3}'.format(BASE_URL, api_version, parent,
'analyzeIamPolicy')
params = []
if args.IsSpecified('full_resource_name'):
params.extend([('resourceSelector.fullResourceName',
args.full_resource_name)])
if args.IsSpecified('identity'):
params.extend([('identitySelector.identity', args.identity)])
if args.IsSpecified('roles'):
params.extend([('accessSelector.roles', r) for r in args.roles])
if args.IsSpecified('permissions'):
params.extend([('accessSelector.permissions', p)
for p in args.permissions])
if args.IsSpecified('expand_groups'):
params.extend([('options.expandGroups', args.expand_groups)])
if args.IsSpecified('expand_resources'):
params.extend([('options.expandResources', args.expand_resources)])
if args.IsSpecified('expand_roles'):
params.extend([('options.expandRoles', args.expand_roles)])
if args.IsSpecified('output_resource_edges'):
params.extend([('options.outputResourceEdges',
args.output_resource_edges)])
if args.IsSpecified('output_group_edges'):
params.extend([('options.outputGroupEdges', args.output_group_edges)])
if args.IsSpecified('output_partial_result_before_timeout'):
params.extend([('options.outputPartialResultBeforeTimeout',
args.output_partial_result_before_timeout)])
url_query = six.moves.urllib.parse.urlencode(params)
url = '?'.join([url_base, url_query])
response, raw_content = http_client.request(uri=url, headers=_HEADERS)
content = core_encoding.Decode(raw_content)
if response['status'] != '200':
http_error = api_exceptions.HttpError(response, content, url)
raise exceptions.HttpException(http_error)
response_message_class = GetMessages(api_version).AnalyzeIamPolicyResponse
try:
response = encoding.JsonToMessage(response_message_class, content)
except ValueError as e:
err_msg = ('Failed receiving proper response from server, cannot'
'parse received assets. Error details: ' + six.text_type(e))
raise MessageDecodeError(err_msg)
return response
def Run(self, args):
parent = asset_utils.GetParentNameForAnalyzeIamPolicy(
args.organization, args.project, args.folder)
client = client_util.IamPolicyAnalysisLongrunningClient()
operation = client.Analyze(parent, args)
log.status.Print('Analyze IAM Policy in progress.')
log.status.Print(
'Use [{} {}] to check the status of the operation.'.format(
OPERATION_DESCRIBE_COMMAND, operation.name))
def Run(self, args):
parent = asset_utils.GetParentNameForAnalyzeIamPolicy(
args.organization, args.folder)
client = client_util.IamPolicyAnalysisExportClient(parent)
operation = client.Export(args)
log.ExportResource(parent, is_async=True, kind='root asset')
log.status.Print(
'Use [{} {}] to check the status of the operation.'.format(
OPERATION_DESCRIBE_COMMAND, operation.name))
def Run(self, args):
parent = asset_utils.GetParentNameForAnalyzeIamPolicy(
args.organization, args.project, args.folder)
client = client_util.IamPolicyAnalysisLongrunningClient(
client_util.V1P4BETA1_API_VERSION)
operation = client.Analyze(parent, args,
client_util.V1P4BETA1_API_VERSION)
log.ExportResource(parent, is_async=True, kind='root asset')
log.status.Print(
'Use [{} {}] to check the status of the operation.'.format(
OPERATION_DESCRIBE_COMMAND, operation.name))
def MakeAnalyzeIamPolicyHttpRequests(args,
service,
messages,
api_version=DEFAULT_API_VERSION):
"""Manually make the analyze IAM policy request."""
parent = asset_utils.GetParentNameForAnalyzeIamPolicy(
args.organization, args.project, args.folder)
full_resource_name = args.full_resource_name if args.IsSpecified(
'full_resource_name') else None
identity = args.identity if args.IsSpecified('identity') else None
roles = args.roles if args.IsSpecified('roles') else []
permissions = args.permissions if args.IsSpecified('permissions') else []
expand_groups = args.expand_groups if args.expand_groups else None
expand_resources = args.expand_resources if args.expand_resources else None
expand_roles = args.expand_roles if args.expand_roles else None
analyze_service_account_impersonation = args.analyze_service_account_impersonation if args.analyze_service_account_impersonation else None
output_resource_edges = None
if args.output_resource_edges:
if not args.show_response:
raise gcloud_exceptions.InvalidArgumentException(
'--output-resource-edges',
'Must be set together with --show-response to take effect.')
output_resource_edges = args.output_resource_edges
output_group_edges = None
if args.output_group_edges:
if not args.show_response:
raise gcloud_exceptions.InvalidArgumentException(
'--output-group-edges',
'Must be set together with --show-response to take effect.')
output_group_edges = args.output_group_edges
execution_timeout = None
if args.IsSpecified('execution_timeout'):
execution_timeout = str(args.execution_timeout) + 's'
if api_version == V1P4BETA1_API_VERSION:
response = service.AnalyzeIamPolicy(
messages.CloudassetAnalyzeIamPolicyRequest(
analysisQuery_accessSelector_permissions=permissions,
analysisQuery_accessSelector_roles=roles,
analysisQuery_identitySelector_identity=identity,
analysisQuery_resourceSelector_fullResourceName=
full_resource_name,
options_analyzeServiceAccountImpersonation=
analyze_service_account_impersonation,
options_executionTimeout=execution_timeout,
options_expandGroups=expand_groups,
options_expandResources=expand_resources,
options_expandRoles=expand_roles,
options_outputGroupEdges=output_group_edges,
options_outputResourceEdges=output_resource_edges,
parent=parent,
))
else:
access_time = None
if args.IsSpecified('access_time'):
access_time = times.FormatDateTime(args.access_time)
response = service.AnalyzeIamPolicy(
messages.CloudassetAnalyzeIamPolicyRequest(
analysisQuery_accessSelector_permissions=permissions,
analysisQuery_accessSelector_roles=roles,
analysisQuery_identitySelector_identity=identity,
analysisQuery_options_analyzeServiceAccountImpersonation=
analyze_service_account_impersonation,
analysisQuery_options_expandGroups=expand_groups,
analysisQuery_options_expandResources=expand_resources,
analysisQuery_options_expandRoles=expand_roles,
analysisQuery_options_outputGroupEdges=output_group_edges,
analysisQuery_options_outputResourceEdges=output_resource_edges,
analysisQuery_resourceSelector_fullResourceName=
full_resource_name,
analysisQuery_conditionContext_accessTime=access_time,
executionTimeout=execution_timeout,
scope=parent,
))
if not args.show_response:
return _RenderResponseforAnalyzeIamPolicy(
response, analyze_service_account_impersonation, api_version)
return response
def MakeAnalyzeIamPolicyHttpRequests(args, api_version=V1P4ALPHA1_API_VERSION):
"""Manually make the analyze IAM policy request."""
http_client = http.Http()
if api_version == V1P4ALPHA1_API_VERSION:
folder = None
else:
folder = args.folder
parent = asset_utils.GetParentNameForAnalyzeIamPolicy(
args.organization, folder)
url_base = '{0}/{1}/{2}:{3}'.format(BASE_URL, api_version, parent,
'analyzeIamPolicy')
params = []
if args.IsSpecified('full_resource_name'):
params.extend([(
_IAM_POLICY_ANALYZER_VERSION_DICT[api_version]['resource_selector']
+ '.fullResourceName', args.full_resource_name)])
if args.IsSpecified('identity'):
params.extend([(
_IAM_POLICY_ANALYZER_VERSION_DICT[api_version]['identity_selector']
+ '.identity', args.identity)])
if args.IsSpecified('roles'):
params.extend([(
_IAM_POLICY_ANALYZER_VERSION_DICT[api_version]['access_selector'] +
'.roles', r) for r in args.roles])
if args.IsSpecified('permissions'):
params.extend([(
_IAM_POLICY_ANALYZER_VERSION_DICT[api_version]['access_selector'] +
'.permissions', p) for p in args.permissions])
if args.expand_groups:
params.extend([('options.expandGroups', args.expand_groups)])
if args.expand_resources:
params.extend([('options.expandResources', args.expand_resources)])
if args.expand_roles:
params.extend([('options.expandRoles', args.expand_roles)])
if args.output_resource_edges:
if api_version == V1P4BETA1_API_VERSION and (not args.show_response):
raise gcloud_exceptions.InvalidArgumentException(
'--output-resource-edges',
'Must be set together with --show-response to take effect.')
params.extend([('options.outputResourceEdges',
args.output_resource_edges)])
if args.output_group_edges:
if api_version == V1P4BETA1_API_VERSION and (not args.show_response):
raise gcloud_exceptions.InvalidArgumentException(
'--output-group-edges',
'Must be set together with --show-response to take effect.')
params.extend([('options.outputGroupEdges', args.output_group_edges)])
if api_version == V1P4ALPHA1_API_VERSION and args.IsSpecified(
'output_partial_result_before_timeout'):
params.extend([('options.outputPartialResultBeforeTimeout',
args.output_partial_result_before_timeout)])
if api_version == V1P4BETA1_API_VERSION and args.IsSpecified(
'execution_timeout'):
params.extend([('options.executionTimeout',
str(args.execution_timeout) + 's')])
url_query = six.moves.urllib.parse.urlencode(params)
url = '?'.join([url_base, url_query])
response, raw_content = http_client.request(uri=url, headers=_HEADERS)
content = core_encoding.Decode(raw_content)
if response['status'] != '200':
http_error = api_exceptions.HttpError(response, content, url)
raise exceptions.HttpException(http_error)
response_message_class = GetMessages(api_version).AnalyzeIamPolicyResponse
try:
response = encoding.JsonToMessage(response_message_class, content)
if api_version == V1P4BETA1_API_VERSION and (not args.show_response):
return _RenderResponseforAnalyzeIamPolicy(response)
else:
return response
except ValueError as e:
err_msg = ('Failed receiving proper response from server, cannot'
'parse received assets. Error details: ' + six.text_type(e))
raise MessageDecodeError(err_msg)
