def MakeAnalyzeIamPolicyHttpRequests(args, api_version=V1P4ALPHA1_API_VERSION): """Manually make the get assets history request.""" http_client = http.Http() parent = asset_utils.GetParentNameForAnalyzeIamPolicy(args.organization) url_base = '{0}/{1}/{2}:{3}'.format(BASE_URL, api_version, parent, 'analyzeIamPolicy') params = [] if args.IsSpecified('full_resource_name'): params.extend([('resourceSelector.fullResourceName', args.full_resource_name)]) if args.IsSpecified('identity'): params.extend([('identitySelector.identity', args.identity)]) if args.IsSpecified('roles'): params.extend([('accessSelector.roles', r) for r in args.roles]) if args.IsSpecified('permissions'): params.extend([('accessSelector.permissions', p) for p in args.permissions]) if args.IsSpecified('expand_groups'): params.extend([('options.expandGroups', args.expand_groups)]) if args.IsSpecified('expand_resources'): params.extend([('options.expandResources', args.expand_resources)]) if args.IsSpecified('expand_roles'): params.extend([('options.expandRoles', args.expand_roles)]) if args.IsSpecified('output_resource_edges'): params.extend([('options.outputResourceEdges', args.output_resource_edges)]) if args.IsSpecified('output_group_edges'): params.extend([('options.outputGroupEdges', args.output_group_edges)]) if args.IsSpecified('output_partial_result_before_timeout'): params.extend([('options.outputPartialResultBeforeTimeout', args.output_partial_result_before_timeout)]) url_query = six.moves.urllib.parse.urlencode(params) url = '?'.join([url_base, url_query]) response, raw_content = http_client.request(uri=url, headers=_HEADERS) content = core_encoding.Decode(raw_content) if response['status'] != '200': http_error = api_exceptions.HttpError(response, content, url) raise exceptions.HttpException(http_error) response_message_class = GetMessages(api_version).AnalyzeIamPolicyResponse try: response = encoding.JsonToMessage(response_message_class, content) except ValueError as e: err_msg = ('Failed receiving proper response from server, cannot' 'parse received assets. Error details: ' + six.text_type(e)) raise MessageDecodeError(err_msg) return response
def Run(self, args): parent = asset_utils.GetParentNameForAnalyzeIamPolicy( args.organization, args.project, args.folder) client = client_util.IamPolicyAnalysisLongrunningClient() operation = client.Analyze(parent, args) log.status.Print('Analyze IAM Policy in progress.') log.status.Print( 'Use [{} {}] to check the status of the operation.'.format( OPERATION_DESCRIBE_COMMAND, operation.name))
def Run(self, args): parent = asset_utils.GetParentNameForAnalyzeIamPolicy( args.organization, args.folder) client = client_util.IamPolicyAnalysisExportClient(parent) operation = client.Export(args) log.ExportResource(parent, is_async=True, kind='root asset') log.status.Print( 'Use [{} {}] to check the status of the operation.'.format( OPERATION_DESCRIBE_COMMAND, operation.name))
def Run(self, args): parent = asset_utils.GetParentNameForAnalyzeIamPolicy( args.organization, args.project, args.folder) client = client_util.IamPolicyAnalysisLongrunningClient( client_util.V1P4BETA1_API_VERSION) operation = client.Analyze(parent, args, client_util.V1P4BETA1_API_VERSION) log.ExportResource(parent, is_async=True, kind='root asset') log.status.Print( 'Use [{} {}] to check the status of the operation.'.format( OPERATION_DESCRIBE_COMMAND, operation.name))
def MakeAnalyzeIamPolicyHttpRequests(args, service, messages, api_version=DEFAULT_API_VERSION): """Manually make the analyze IAM policy request.""" parent = asset_utils.GetParentNameForAnalyzeIamPolicy( args.organization, args.project, args.folder) full_resource_name = args.full_resource_name if args.IsSpecified( 'full_resource_name') else None identity = args.identity if args.IsSpecified('identity') else None roles = args.roles if args.IsSpecified('roles') else [] permissions = args.permissions if args.IsSpecified('permissions') else [] expand_groups = args.expand_groups if args.expand_groups else None expand_resources = args.expand_resources if args.expand_resources else None expand_roles = args.expand_roles if args.expand_roles else None analyze_service_account_impersonation = args.analyze_service_account_impersonation if args.analyze_service_account_impersonation else None output_resource_edges = None if args.output_resource_edges: if not args.show_response: raise gcloud_exceptions.InvalidArgumentException( '--output-resource-edges', 'Must be set together with --show-response to take effect.') output_resource_edges = args.output_resource_edges output_group_edges = None if args.output_group_edges: if not args.show_response: raise gcloud_exceptions.InvalidArgumentException( '--output-group-edges', 'Must be set together with --show-response to take effect.') output_group_edges = args.output_group_edges execution_timeout = None if args.IsSpecified('execution_timeout'): execution_timeout = str(args.execution_timeout) + 's' if api_version == V1P4BETA1_API_VERSION: response = service.AnalyzeIamPolicy( messages.CloudassetAnalyzeIamPolicyRequest( analysisQuery_accessSelector_permissions=permissions, analysisQuery_accessSelector_roles=roles, analysisQuery_identitySelector_identity=identity, analysisQuery_resourceSelector_fullResourceName= full_resource_name, options_analyzeServiceAccountImpersonation= analyze_service_account_impersonation, options_executionTimeout=execution_timeout, options_expandGroups=expand_groups, options_expandResources=expand_resources, options_expandRoles=expand_roles, options_outputGroupEdges=output_group_edges, options_outputResourceEdges=output_resource_edges, parent=parent, )) else: access_time = None if args.IsSpecified('access_time'): access_time = times.FormatDateTime(args.access_time) response = service.AnalyzeIamPolicy( messages.CloudassetAnalyzeIamPolicyRequest( analysisQuery_accessSelector_permissions=permissions, analysisQuery_accessSelector_roles=roles, analysisQuery_identitySelector_identity=identity, analysisQuery_options_analyzeServiceAccountImpersonation= analyze_service_account_impersonation, analysisQuery_options_expandGroups=expand_groups, analysisQuery_options_expandResources=expand_resources, analysisQuery_options_expandRoles=expand_roles, analysisQuery_options_outputGroupEdges=output_group_edges, analysisQuery_options_outputResourceEdges=output_resource_edges, analysisQuery_resourceSelector_fullResourceName= full_resource_name, analysisQuery_conditionContext_accessTime=access_time, executionTimeout=execution_timeout, scope=parent, )) if not args.show_response: return _RenderResponseforAnalyzeIamPolicy( response, analyze_service_account_impersonation, api_version) return response
def MakeAnalyzeIamPolicyHttpRequests(args, api_version=V1P4ALPHA1_API_VERSION): """Manually make the analyze IAM policy request.""" http_client = http.Http() if api_version == V1P4ALPHA1_API_VERSION: folder = None else: folder = args.folder parent = asset_utils.GetParentNameForAnalyzeIamPolicy( args.organization, folder) url_base = '{0}/{1}/{2}:{3}'.format(BASE_URL, api_version, parent, 'analyzeIamPolicy') params = [] if args.IsSpecified('full_resource_name'): params.extend([( _IAM_POLICY_ANALYZER_VERSION_DICT[api_version]['resource_selector'] + '.fullResourceName', args.full_resource_name)]) if args.IsSpecified('identity'): params.extend([( _IAM_POLICY_ANALYZER_VERSION_DICT[api_version]['identity_selector'] + '.identity', args.identity)]) if args.IsSpecified('roles'): params.extend([( _IAM_POLICY_ANALYZER_VERSION_DICT[api_version]['access_selector'] + '.roles', r) for r in args.roles]) if args.IsSpecified('permissions'): params.extend([( _IAM_POLICY_ANALYZER_VERSION_DICT[api_version]['access_selector'] + '.permissions', p) for p in args.permissions]) if args.expand_groups: params.extend([('options.expandGroups', args.expand_groups)]) if args.expand_resources: params.extend([('options.expandResources', args.expand_resources)]) if args.expand_roles: params.extend([('options.expandRoles', args.expand_roles)]) if args.output_resource_edges: if api_version == V1P4BETA1_API_VERSION and (not args.show_response): raise gcloud_exceptions.InvalidArgumentException( '--output-resource-edges', 'Must be set together with --show-response to take effect.') params.extend([('options.outputResourceEdges', args.output_resource_edges)]) if args.output_group_edges: if api_version == V1P4BETA1_API_VERSION and (not args.show_response): raise gcloud_exceptions.InvalidArgumentException( '--output-group-edges', 'Must be set together with --show-response to take effect.') params.extend([('options.outputGroupEdges', args.output_group_edges)]) if api_version == V1P4ALPHA1_API_VERSION and args.IsSpecified( 'output_partial_result_before_timeout'): params.extend([('options.outputPartialResultBeforeTimeout', args.output_partial_result_before_timeout)]) if api_version == V1P4BETA1_API_VERSION and args.IsSpecified( 'execution_timeout'): params.extend([('options.executionTimeout', str(args.execution_timeout) + 's')]) url_query = six.moves.urllib.parse.urlencode(params) url = '?'.join([url_base, url_query]) response, raw_content = http_client.request(uri=url, headers=_HEADERS) content = core_encoding.Decode(raw_content) if response['status'] != '200': http_error = api_exceptions.HttpError(response, content, url) raise exceptions.HttpException(http_error) response_message_class = GetMessages(api_version).AnalyzeIamPolicyResponse try: response = encoding.JsonToMessage(response_message_class, content) if api_version == V1P4BETA1_API_VERSION and (not args.show_response): return _RenderResponseforAnalyzeIamPolicy(response) else: return response except ValueError as e: err_msg = ('Failed receiving proper response from server, cannot' 'parse received assets. Error details: ' + six.text_type(e)) raise MessageDecodeError(err_msg)