def main_cleanup_services_accounts():
"""
CLI entry point.
"""
parser = create_cleanup_services_accounts_parser()
add_simulation_arguments(parser)
args = parser.parse_args()
helpers.DRY_RUN = args.dry_run
if args.key_file:
use_service_account(args.key_file)
clean_services_account(args.organization_id)
def main_set_policies():
"""Main set policies"""
parser = create_set_policies_parser()
add_simulation_arguments(parser)
args = parser.parse_args()
helpers.DRY_RUN = args.dry_run
roles = roles_file_to_list(args.roles_file)
set_policies(roles,
organization_id=args.organization_id,
project_id=args.project_id,
service_account_credential=args.service_account_credential,
service_account_email=args.service_account_email,
user_account_email=args.user_account_email,
group_account_email=args.group_account_email,
cleanup=args.cleanup)
sys.exit(1)
custom_roles = args.custom_roles
if custom_roles:
custom_roles_list = custom_roles.split(',')
for custom_role in custom_roles_list:
if not iam_org_level_role_exist(args.organization_id, custom_role):
LOGGER.error('Custom role invalid or inexistent: %s',
custom_role)
sys.exit(1)
def get_service_account_email_from_api(sa_name, project_id):
account_email = run_command([
'gcloud', 'iam service-accounts', 'list', '--project', project_id,
'--filter', sa_name, '--format', 'value(email)'
])
if helpers.DRY_RUN:
return "creator@project_id.iam.gserviceaccount.com"
else:
return account_email.decode("utf-8").strip()
if __name__ == '__main__':
parser = create_parser()
add_simulation_arguments(parser)
args = parser.parse_args()
validate_arguments(args)
helpers_config(args)
create_sa(args)