def _GetOrganization(domain): """Get the organization for the given domain. The current user must have permission to list the organization. Args: domain: str, the domain (e.g. 'example.com') to look up the organization of, or None to just list the organizations for the current account. Returns: resources.Resource, a reference to a cloudresourcemanager.organizations resource Raises: DefaultPolicyResolutionError: if the number of organizations matching the given domain is not exactly 1, or searching organizations fails. """ filter_ = 'domain:' + domain try: orgs = list(organizations.Client().List(filter_=filter_, limit=2)) except Exception as err: raise DefaultPolicyResolutionError( 'Unable to resolve organization for domain [{}]: {}'.format( domain, err)) if not orgs: raise DefaultPolicyResolutionError( 'No matching organizations found for domain [{}].'.format(domain)) elif len(orgs) > 1: raise DefaultPolicyResolutionError( 'Found more than one organization for domain [{}].\n{}'.format( domain, orgs)) return resources.REGISTRY.Parse( orgs[0].name, collection='cloudresourcemanager.organizations')
def Run(self, args): org_id = org_utils.GetOrganizationId(args.id) if org_id: return organizations.Client().SetIamPolicy(org_id, args.policy_file) else: raise org_utils.UnknownOrganizationError(args.id)
def GetAncestorsIamPolicy(folder_id): """Gets IAM policies for given folder and its ancestors.""" policies = [] resource = GetFolder(folder_id) try: while resource is not None: resource_id = resource.name.split('/')[1] policies.append({ 'type': 'folder', 'id': resource_id, 'policy': GetIamPolicy(resource_id), }) parent_id = resource.parent.split('/')[1] if resource.parent.startswith('folder'): resource = GetFolder(parent_id) else: policies.append({ 'type': 'organization', 'id': resource_id, 'policy': organizations.Client().GetIamPolicy(parent_id), }) resource = None except api_exceptions.HttpForbiddenError: raise exceptions.AncestorsIamPolicyAccessDeniedError( 'User is not permitted to access IAM policy for one or more of the' ' ancestors') return policies
def GetIamPolicyWithAncestors(project_id): """Get IAM policy for given project and its ancestors. Args: project_id: project id Returns: IAM policy for given project and its ancestors """ iam_policies = [] ancestry = projects_api.GetAncestry(project_id) try: for resource in ancestry.ancestor: resource_type = resource.resourceId.type resource_id = resource.resourceId.id # this is the given project if resource_type == 'project': project_ref = ParseProject(project_id) iam_policies.append({ 'type': 'project', 'id': project_id, 'policy': projects_api.GetIamPolicy(project_ref) }) if resource_type == 'folder': iam_policies.append({ 'type': resource_type, 'id': resource_id, 'policy': folders.GetIamPolicy(resource_id) }) if resource_type == 'organization': iam_policies.append({ 'type': resource_type, 'id': resource_id, 'policy': organizations.Client().GetIamPolicy(resource_id), }) return iam_policies except HttpForbiddenError: raise exceptions.AncestorsIamPolicyAccessDeniedError( 'User is not permitted to access IAM policy for one or more of the' ' ancestors')
def Get(organization_ref): """Get Organization information. Args: organization_ref: Identifier for the organization (e.g., organization/12345) Returns: Organization object Example: { organizationOwner: { directoryCustomerId: A08w1n5gg } } """ client = organizations.Client() return client.organizations.Get( client.MESSAGES_MODULE.CloudresourcemanagerOrganizationsGetRequest( organizationsId=organization_ref.organization_id))
def GetOrganization(org_argument): """Get the Organization object for the provided Organization argument. Returns the organization object for a given organization ID or will search for and return the organization object associated with the given domain name. Args: org_argument: The value of the organization argument. Returns: An object representing an organization, or None if the organization could not be determined. """ orgs_client = organizations.Client() org_id = StripOrgPrefix(org_argument) if org_id.isdigit(): return orgs_client.Get(org_id) else: return orgs_client.GetByDomain(org_id)
def ConvertOrgIdToObfuscatedCustomerId(org_id): """Convert organization id to obfuscated customer id. Args: org_id: organization id Returns: Obfuscated customer id Example: org_id: 12345 organization_obj: { owner: { directoryCustomerId: A08w1n5gg } } """ organization_obj = organizations.Client().Get(org_id) return organization_obj.owner.directoryCustomerId
def GetOrganizationId(org_argument): """Get the Organization ID for the provided Organization argument. Numeric values will be returned, values like 'organizations/123456789' will return '123456789' and a value like 'example.com' will search for the organization ID associated with that domain. Args: org_argument: The value of the organization argument. Returns: A string containing the numeric organization ID, or None if the organization ID could not be determined. """ orgs_client = organizations.Client() org_id = StripOrgPrefix(org_argument) if org_id.isdigit(): return org_id else: org_object = orgs_client.GetByDomain(org_id) if org_object: return StripOrgPrefix(org_object.name) else: return None
def Run(self, args): """Run the list command.""" orgs_client = organizations.Client() return orgs_client.List(limit=args.limit, page_size=args.page_size)
def GetIamPolicyWithAncestors(project_id, include_deny, release_track): """Get IAM policy for given project and its ancestors. Args: project_id: project id include_deny: boolean that represents if we should show the deny policies in addition to the grants release_track: which release track, include deny is only supported for ALPHA or BETA Returns: IAM policy for given project and its ancestors """ iam_policies = [] ancestry = projects_api.GetAncestry(project_id) try: for resource in ancestry.ancestor: resource_type = resource.resourceId.type resource_id = resource.resourceId.id # this is the given project if resource_type == 'project': project_ref = ParseProject(project_id) iam_policies.append({ 'type': 'project', 'id': project_id, 'policy': projects_api.GetIamPolicy(project_ref) }) if include_deny: deny_policies = policies.ListDenyPolicies( project_id, 'project', release_track) for deny_policy in deny_policies: iam_policies.append({ 'type': 'project', 'id': project_id, 'policy': deny_policy }) if resource_type == 'folder': iam_policies.append({ 'type': resource_type, 'id': resource_id, 'policy': folders.GetIamPolicy(resource_id) }) if include_deny: deny_policies = policies.ListDenyPolicies( resource_id, 'folder', release_track) for deny_policy in deny_policies: iam_policies.append({ 'type': 'folder', 'id': resource_id, 'policy': deny_policy }) if resource_type == 'organization': iam_policies.append({ 'type': resource_type, 'id': resource_id, 'policy': organizations.Client().GetIamPolicy(resource_id), }) if include_deny: deny_policies = policies.ListDenyPolicies( resource_id, 'organization', release_track) for deny_policy in deny_policies: iam_policies.append({ 'type': 'organization', 'id': resource_id, 'policy': deny_policy }) return iam_policies except HttpForbiddenError: raise exceptions.AncestorsIamPolicyAccessDeniedError( 'User is not permitted to access IAM policy for one or more of the' ' ancestors')
def Run(self, args): return organizations.Client().GetIamPolicy(args.id)