Created
July 1, 2019 16:23
-
-
Save SyCode7/2842c4f2fa38295c49b8aefd8f664100 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| String bucketName = "company-block-log-fce65e82-a0cd-4f71-8693-381100d93c18"; | |
| Policy p = Cache.GCSStorage.getIamPolicy(bucketName); | |
| System.out.println(p); | |
| List<Role> roleList = new ArrayList<>(); | |
| List<Set<Identity>> identities = new ArrayList<>(); | |
| // Print Roles and its identities | |
| Set<Identity> wrongIdentities = new HashSet<Identity>(); | |
| Role roler = null; | |
| Map<Role, Set<Identity>> policyBindings = p.getBindings(); | |
| Set<Identity> setidentities = new HashSet<>(); | |
| for (Map.Entry<Role, Set<Identity>> entry : policyBindings.entrySet()) { | |
| roler = entry.getKey(); | |
| System.out.println("roler plain " + roler); | |
| System.out.println("roler other " + roler.getValue()); | |
| if (roler.getValue().equals("roles/storage.objectAdmin")) { | |
| System.out.println("roler :" + roler.getValue()); | |
| System.out.println("Identities getV :" + entry.getValue()); | |
| System.out.println("Identities getK :" + entry.getKey()); | |
| setidentities = entry.getValue(); | |
| System.out.println("setidentities :" + setidentities); | |
| System.out.println("setidentities size :" + setidentities.size()); | |
| for (Identity set : setidentities) { | |
| if ((set.equals("serviceAccount:attacker@csbauditor.iam.gserviceaccount.com"))) { | |
| System.out.println("strong one : " + set); | |
| continue; | |
| } else { | |
| wrongIdentities.add(set); | |
| System.out.println("strong one : " + set); | |
| } | |
| System.out.println("wrongIdentities.size() : " + wrongIdentities.size()); | |
| } | |
| } | |
| } | |
| System.out.println("ww " + wrongIdentities); | |
| System.out.println("policyEtag " + p.getEtag()); | |
| GCSFunctions function = new GCSFunctions(); | |
| for (Identity identity : wrongIdentities) { | |
| removeUserFromBucketUsingEmail(bucketName, roler, identity.getValue()); | |
| } | |
| } | |
| public static void removeUserFromBucketUsingEmail(String bucketName, Role role, String email) throws IOException { | |
| Storage storage = GoogleStorage.initStorage(); | |
| Policy policy = storage.getIamPolicy(bucketName); | |
| String eTag = policy.getEtag(); | |
| System.out.println("etag: " + eTag); | |
| Policy updatedPolicy = Cache.GCSStorage.setIamPolicy(bucketName, policy.toBuilder() | |
| .removeIdentity(role, Identity.serviceAccount(email)).build()); | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment