Skip to content

Instantly share code, notes, and snippets.

Avatar

Paul Durivage angstwad

View GitHub Profile
@angstwad
angstwad / argparse_lazy_file_type.py
Created Apr 3, 2020
argparse LazyFileType – prevents creating files unintentionally by merely initializing args and parsing
View argparse_lazy_file_type.py
# Copyright 2020 Paul Durivage <pauldurivage+github@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@angstwad
angstwad / set_cover_10.txt
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_10.txt
roles/axt.admin
roles/billing.admin
roles/billing.creator
roles/compute.xpnAdmin
roles/container.hostServiceAgentUser
roles/datacatalog.categoryFineGrainedReader
roles/datafusion.serviceAgent
roles/iam.serviceAccountTokenCreator
roles/iap.httpsResourceAccessor
roles/orgpolicy.policyAdmin
@angstwad
angstwad / set_cover_9.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_9.py
while remaining:
for perm in remaining:
# get set of roles which contain permission
satisfy = perms_to_roles[perm]
# sort roles by the number of permissions they contain, select role
# with the most
sorted_roles = sorted((role, perms_counts[role])
for role in satisfy)
selected = sorted_roles[-1][0]
@angstwad
angstwad / set_cover_8.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_8.py
remaining = unique_perms - roles_to_perms['roles/owner']
@angstwad
angstwad / set_cover_7.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_7.py
selected_roles = {role_with_most_perms,}
@angstwad
angstwad / set_cover_6.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_6.py
role_with_most_perms = roles_sorted_by_perms_asc[-1][0]
@angstwad
angstwad / set_cover_5.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_5.py
subset_roles = set()
for this_role, _ in roles_sorted_by_perms_asc:
for other_role, other_perms in roles_to_perms.items():
if this_role == other_role:
continue
this_perms = roles_to_perms[this_role]
if this_perms.issubset(other_perms):
subset_roles.add(this_role)
@angstwad
angstwad / set_cover_4.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_4.py
roles_sorted_by_perms_asc = sorted(perms_counts.items(),
key=lambda x: x[1])
@angstwad
angstwad / set_cover_3.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_3.py
import collections
roles_to_perms = collections.defaultdict(set)
perms_to_roles = collections.defaultdict(set)
perms_counts = collections.defaultdict(int)
unique_perms = set()
for role_name, role_data in raw_role_data.items():
for perm in role_data.get('includedPermissions', tuple()):
roles_to_perms[role_name].add(perm)
@angstwad
angstwad / set_cover_2.json
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_2.json
{
"roles/accessapproval.approver": {
"name": "roles/accessapproval.approver",
"title": "Access Approval Approver",
"description": "Ability to view or act...",
"includedPermissions": [
"accessapproval.requests.approve",
"accessapproval.requests.dismiss",
"accessapproval.requests.get",
"Accessapproval.requests.list",
You can’t perform that action at this time.