def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') if args.source is None: raise RequiredArgumentException('source', 'the source role is required.') if args.destination is None: raise RequiredArgumentException( 'destination', 'the destination role is required.') source_role_name = iam_util.GetRoleName( args.source_organization, args.source_project, args.source, attribute='the source custom role', parameter_name='source') dest_parent = iam_util.GetParentName( args.dest_organization, args.dest_project, attribute='the destination custom role') source_role = iam_client.organizations_roles.Get( messages.IamOrganizationsRolesGetRequest(name=source_role_name)) new_role = messages.Role(title=source_role.title, description=source_role.description) permissions_helper = util.PermissionsHelper( iam_client, messages, iam_util.GetResourceReference(args.dest_project, args.dest_organization), source_role.includedPermissions) not_supported_permissions = permissions_helper.GetNotSupportedPermissions( ) if not_supported_permissions: log.warning( 'Permissions don\'t support custom roles and won\'t be added: [' + ', '.join(not_supported_permissions) + '] \n') not_applicable_permissions = permissions_helper.GetNotApplicablePermissions( ) if not_applicable_permissions: log.warning( 'Permissions not applicable to the current resource and won\'t' ' be added: [' + ', '.join(not_applicable_permissions) + '] \n') api_diabled_permissions = permissions_helper.GetApiDisabledPermissons() iam_util.ApiDisabledPermissionsWarning(api_diabled_permissions) testing_permissions = permissions_helper.GetTestingPermissions() iam_util.TestingPermissionsWarning(testing_permissions) valid_permissions = permissions_helper.GetValidPermissions() new_role.includedPermissions = valid_permissions result = iam_client.organizations_roles.Create( messages.IamOrganizationsRolesCreateRequest( createRoleRequest=messages.CreateRoleRequest( role=new_role, roleId=args.destination), parent=dest_parent)) iam_util.SetRoleStageIfAlpha(result) return result
def WarnPermissions(self, iam_client, messages, permissions, project, organization): permissions_helper = util.PermissionsHelper( iam_client, messages, iam_util.GetResourceReference(project, organization), permissions) api_disabled_permissions = permissions_helper.GetApiDisabledPermissons( ) iam_util.ApiDisabledPermissionsWarning(api_disabled_permissions) testing_permissions = permissions_helper.GetTestingPermissions() iam_util.TestingPermissionsWarning(testing_permissions)
def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') parent_name = iam_util.GetParentName(args.organization, args.project) if args.file: role = iam_util.ParseYamlToRole(args.file, messages.Role) role.name = None role.etag = None else: role = messages.Role(title=args.title, description=args.description) if args.permissions: role.includedPermissions = args.permissions.split(',') if args.stage: role.stage = iam_util.StageTypeFromString(args.stage) if not role.title: role.title = args.role if not args.quiet: permissions_helper = util.PermissionsHelper( iam_client, messages, iam_util.GetResourceReference(args.project, args.organization), role.includedPermissions) api_diabled_permissions = permissions_helper.GetApiDisabledPermissons( ) iam_util.ApiDisabledPermissionsWarning(api_diabled_permissions) testing_permissions = permissions_helper.GetTestingPermissions() iam_util.TestingPermissionsWarning(testing_permissions) result = iam_client.organizations_roles.Create( messages.IamOrganizationsRolesCreateRequest( createRoleRequest=messages.CreateRoleRequest(role=role, roleId=args.role), parent=parent_name)) log.CreatedResource(args.role, kind='role') iam_util.SetRoleStageIfAlpha(result) return result