def Run(self, args): role_name = iam_util.GetRoleName(args.organization, args.project, args.role) client, messages = util.GetClientAndMessages() res = client.organizations_roles.Get( messages.IamOrganizationsRolesGetRequest(name=role_name)) iam_util.SetRoleStageIfAlpha(res) return res
def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') role_name = iam_util.GetRoleName(args.organization, args.project, args.role) res = iam_client.organizations_roles.Get( messages.IamOrganizationsRolesGetRequest(name=role_name)) iam_util.SetRoleStageIfAlpha(res) return res
def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') if args.source is None: raise RequiredArgumentException('source', 'the source role is required.') if args.destination is None: raise RequiredArgumentException( 'destination', 'the destination role is required.') source_role_name = iam_util.GetRoleName( args.source_organization, args.source_project, args.source, attribute='the source custom role', parameter_name='source') dest_parent = iam_util.GetParentName( args.dest_organization, args.dest_project, attribute='the destination custom role') source_role = iam_client.organizations_roles.Get( messages.IamOrganizationsRolesGetRequest(name=source_role_name)) new_role = messages.Role(title=source_role.title, description=source_role.description) permissions_helper = util.PermissionsHelper( iam_client, messages, iam_util.GetResourceReference(args.dest_project, args.dest_organization), source_role.includedPermissions) not_supported_permissions = permissions_helper.GetNotSupportedPermissions( ) if not_supported_permissions: log.warning( 'Permissions don\'t support custom roles and won\'t be added: [' + ', '.join(not_supported_permissions) + '] \n') not_applicable_permissions = permissions_helper.GetNotApplicablePermissions( ) if not_applicable_permissions: log.warning( 'Permissions not applicable to the current resource and won\'t' ' be added: [' + ', '.join(not_applicable_permissions) + '] \n') api_diabled_permissions = permissions_helper.GetApiDisabledPermissons() iam_util.ApiDisabledPermissionsWarning(api_diabled_permissions) testing_permissions = permissions_helper.GetTestingPermissions() iam_util.TestingPermissionsWarning(testing_permissions) valid_permissions = permissions_helper.GetValidPermissions() new_role.includedPermissions = valid_permissions result = iam_client.organizations_roles.Create( messages.IamOrganizationsRolesCreateRequest( createRoleRequest=messages.CreateRoleRequest( role=new_role, roleId=args.destination), parent=dest_parent)) iam_util.SetRoleStageIfAlpha(result) return result
def Run(self, args): client, messages = util.GetClientAndMessages() role_name = iam_util.GetRoleName(args.organization, args.project, args.role) if args.organization is None and args.project is None: raise exceptions.InvalidArgumentException( 'ROLE_ID', 'You can not undelete a curated/predefined role.') return client.organizations_roles.Undelete( messages.IamOrganizationsRolesUndeleteRequest(name=role_name))
def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') role_name = iam_util.GetRoleName(args.organization, args.project, args.role) if args.organization is None and args.project is None: raise exceptions.InvalidArgumentException( 'ROLE_ID', 'You can not delete a curated/predefined role.') return iam_client.organizations_roles.Delete( messages.IamOrganizationsRolesDeleteRequest(name=role_name))
def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') role_name = iam_util.GetRoleName(args.organization, args.project, args.role) role = messages.Role() if args.file: if (args.title or args.description or args.stage or args.permissions or args.add_permissions or args.remove_permissions): raise exceptions.ConflictingArgumentsException( 'file', 'others') role = iam_util.ParseYamlToRole(args.file, messages.Role) if not role.etag: msg = ('The specified role does not contain an "etag" field ' 'identifying a specific version to replace. Updating a ' 'role without an "etag" can overwrite concurrent role ' 'changes.') console_io.PromptContinue( message=msg, prompt_string='Replace existing role', cancel_on_no=True) if not args.quiet: self.WarnTestingPermissions(iam_client, messages, role.includedPermissions, args.project, args.organization) try: res = iam_client.organizations_roles.Patch( messages.IamOrganizationsRolesPatchRequest(name=role_name, role=role)) iam_util.SetRoleStageIfAlpha(res) return res except apitools_exceptions.HttpConflictError as e: raise exceptions.HttpException( e, error_format=( 'Stale "etag": ' 'Please use the etag from your latest describe ' 'response. Or new changes have been made since ' 'your latest describe operation. Please retry ' 'the whole describe-update process. Or you can ' 'leave the etag blank to overwrite concurrent ' 'role changes.')) except apitools_exceptions.HttpError as e: raise exceptions.HttpException(e) res = self.UpdateWithFlags(args, role_name, role, iam_client, messages) iam_util.SetRoleStageIfAlpha(res) return res
def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') if args.source is None: raise RequiredArgumentException('source', 'the source role is required.') if args.destination is None: raise RequiredArgumentException( 'destination', 'the destination role is required.') source_role_name = iam_util.GetRoleName( args.source_organization, args.source_project, args.source, attribute='the source custom role', parameter_name='source') dest_parent = iam_util.GetParentName( args.dest_organization, args.dest_project, attribute='the destination custom role') source_role = iam_client.organizations_roles.Get( messages.IamOrganizationsRolesGetRequest(name=source_role_name)) new_role = messages.Role(title=source_role.title, description=source_role.description) valid_permissions, testing_permissions = util.GetValidAndTestingPermissions( iam_client, messages, iam_util.GetResourceReference(args.dest_project, args.dest_organization), source_role.includedPermissions) iam_util.TestingPermissionsWarning(testing_permissions) new_role.includedPermissions = valid_permissions result = iam_client.organizations_roles.Create( messages.IamOrganizationsRolesCreateRequest( createRoleRequest=messages.CreateRoleRequest( role=new_role, roleId=args.destination), parent=dest_parent)) iam_util.SetRoleStageIfAlpha(result) return result
def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') if args.source is None: raise RequiredArgumentException('source', 'the source role is required.') if args.destination is None: raise RequiredArgumentException( 'destination', 'the destination role is required.') source_role_name = iam_util.GetRoleName( args.source_organization, args.source_project, args.source, attribute='the source custom role', parameter_name='source') dest_parent = iam_util.GetParentName( args.dest_organization, args.dest_project, attribute='the destination custom role') source_role = iam_client.organizations_roles.Get( messages.IamOrganizationsRolesGetRequest(name=source_role_name)) new_role = messages.Role( title=source_role.title, description=source_role.description, includedPermissions=source_role.includedPermissions) if source_role.includedPermissions: full_resource_name = '//cloudresourcemanager.googleapis.com/' if args.dest_project: full_resource_name += 'projects/{0}'.format(args.dest_project) else: full_resource_name += 'organizations/{0}'.format( args.dest_organization) valid_permissions = [] token = None source_permissions = set(source_role.includedPermissions) while len( source_role.includedPermissions) != len(valid_permissions): resp = iam_client.permissions.QueryTestablePermissions( messages.QueryTestablePermissionsRequest( fullResourceName=full_resource_name, pageToken=token)) for testable_permission in resp.permissions: if (testable_permission.name in source_permissions and (testable_permission.customRolesSupportLevel != messages.Permission. CustomRolesSupportLevelValueValuesEnum.NOT_SUPPORTED) ): valid_permissions.append(testable_permission.name) token = resp.nextPageToken if not token: break new_role.includedPermissions = valid_permissions result = iam_client.organizations_roles.Create( messages.IamOrganizationsRolesCreateRequest( createRoleRequest=messages.CreateRoleRequest( role=new_role, roleId=args.destination), parent=dest_parent)) iam_util.SetRoleStageIfAlpha(result) return result