angstwad
/ argparse_lazy_file_type.py
Created Apr 3, 2020
argparse LazyFileType – prevents creating files unintentionally by merely initializing args and parsing
View argparse_lazy_file_type.py
| # Copyright 2020 Paul Durivage <pauldurivage+github@gmail.com> | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, |
angstwad
/ set_cover_10.txt
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_10.txt
| roles/axt.admin | |
| roles/billing.admin | |
| roles/billing.creator | |
| roles/compute.xpnAdmin | |
| roles/container.hostServiceAgentUser | |
| roles/datacatalog.categoryFineGrainedReader | |
| roles/datafusion.serviceAgent | |
| roles/iam.serviceAccountTokenCreator | |
| roles/iap.httpsResourceAccessor | |
| roles/orgpolicy.policyAdmin |
angstwad
/ set_cover_9.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_9.py
| while remaining: | |
| for perm in remaining: | |
| # get set of roles which contain permission | |
| satisfy = perms_to_roles[perm] | |
| # sort roles by the number of permissions they contain, select role | |
| # with the most | |
| sorted_roles = sorted((role, perms_counts[role]) | |
| for role in satisfy) | |
| selected = sorted_roles[-1][0] |
angstwad
/ set_cover_8.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_8.py
| remaining = unique_perms - roles_to_perms['roles/owner'] |
angstwad
/ set_cover_7.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_7.py
| selected_roles = {role_with_most_perms,} |
angstwad
/ set_cover_6.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_6.py
| role_with_most_perms = roles_sorted_by_perms_asc[-1][0] |
angstwad
/ set_cover_5.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_5.py
| subset_roles = set() | |
| for this_role, _ in roles_sorted_by_perms_asc: | |
| for other_role, other_perms in roles_to_perms.items(): | |
| if this_role == other_role: | |
| continue | |
| this_perms = roles_to_perms[this_role] | |
| if this_perms.issubset(other_perms): | |
| subset_roles.add(this_role) |
angstwad
/ set_cover_4.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_4.py
| roles_sorted_by_perms_asc = sorted(perms_counts.items(), | |
| key=lambda x: x[1]) |
angstwad
/ set_cover_3.py
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_3.py
| import collections | |
| roles_to_perms = collections.defaultdict(set) | |
| perms_to_roles = collections.defaultdict(set) | |
| perms_counts = collections.defaultdict(int) | |
| unique_perms = set() | |
| for role_name, role_data in raw_role_data.items(): | |
| for perm in role_data.get('includedPermissions', tuple()): | |
| roles_to_perms[role_name].add(perm) |
angstwad
/ set_cover_2.json
Created Mar 25, 2020
Snippets for Blog: Solving a Set Cover Problem in Cloud IAM on GCP
View set_cover_2.json
| { | |
| "roles/accessapproval.approver": { | |
| "name": "roles/accessapproval.approver", | |
| "title": "Access Approval Approver", | |
| "description": "Ability to view or act...", | |
| "includedPermissions": [ | |
| "accessapproval.requests.approve", | |
| "accessapproval.requests.dismiss", | |
| "accessapproval.requests.get", | |
| "Accessapproval.requests.list", |
NewerOlder