rickcrawford/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Create a virtual environment
python3 -m venv .venv
source .venv/bin/activate
Install requirements
pip install -r requirements.txt
Create a refresh token using your current account
gcloud auth application-default login 
Create GOOGLE_APPLICATION_CREDENTIALS environment variable from the refresh token created above.
export GOOGLE_APPLICATION_CREDENTIALS=/Users/myusername/.config/gcloud/application_default_credentials.json
Run the script
python roles_lookup.py

  
## requirements.txt
cachetools==4.2.2
certifi==2020.12.5
chardet==4.0.0
google-api-core==1.26.3
google-api-python-client==2.3.0
google-auth==1.30.0
google-auth-httplib2==0.1.0
google-auth-oauthlib==0.4.4
googleapis-common-protos==1.53.0
httplib2==0.19.1
idna==2.10
oauthlib==3.1.0
packaging==20.9
protobuf==3.16.0
pyasn1==0.4.8
pyasn1-modules==0.2.8
pyparsing==2.4.7
pytz==2021.1
requests==2.25.1
requests-oauthlib==1.3.0
rsa==4.7.2
six==1.16.0
uritemplate==3.0.1
urllib3==1.26.4

## roles_lookup.py
#!/usr/bin/env python

# Copyright 2021 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import argparse
import os
import json
from google.oauth2 import credentials
import googleapiclient.discovery


# [START iam_get_policy]
def get_policy(project_id, version=1):
	"""Gets IAM policy for a project."""
	creds = credentials.Credentials.from_authorized_user_file(
	    filename=os.environ["GOOGLE_APPLICATION_CREDENTIALS"],
	    scopes=["https://www.googleapis.com/auth/cloud-platform"],
	)
	service = googleapiclient.discovery.build(
	    "cloudresourcemanager", "v1", credentials=creds
	)
	policy = (
	    service.projects()
	    .getIamPolicy(
	        resource=project_id,
	        body={"options": {"requestedPolicyVersion": version}},
	    )
	    .execute()
	)

	return policy
# [END iam_get_policy]


# [START main]
def main(project_id, member_email):
	policy = get_policy(project_id)
	if member_email:
		result = {
			"member_email": member_email,
			"roles": []
		}
		for binding in policy['bindings']:
			for member in binding['members']:
				if member.find(member_email) != -1:
					result['roles'].append(binding['role'])
					break
	else:
		result = policy

	print(json.dumps(result, indent=2))
# [END main]


# [START run]
if __name__ == '__main__':
    parser = argparse.ArgumentParser(
        description=__doc__,
        formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('-p', '--project', help='Your Google Cloud project ID.')
    parser.add_argument('-m', '--member_email', help='Member email to query for.')
    args = parser.parse_args()
    main(args.project, args.member_email)
# [END run]
	cachetools==4.2.2
	certifi==2020.12.5
	chardet==4.0.0
	google-api-core==1.26.3
	google-api-python-client==2.3.0
	google-auth==1.30.0
	google-auth-httplib2==0.1.0
	google-auth-oauthlib==0.4.4
	googleapis-common-protos==1.53.0
	httplib2==0.19.1
	idna==2.10
	oauthlib==3.1.0
	packaging==20.9
	protobuf==3.16.0
	pyasn1==0.4.8
	pyasn1-modules==0.2.8
	pyparsing==2.4.7
	pytz==2021.1
	requests==2.25.1
	requests-oauthlib==1.3.0
	rsa==4.7.2
	six==1.16.0
	uritemplate==3.0.1
	urllib3==1.26.4
	#!/usr/bin/env python

	# Copyright 2021 Google Inc. All Rights Reserved.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	import argparse
	import os
	import json
	from google.oauth2 import credentials
	import googleapiclient.discovery


	# [START iam_get_policy]
	def get_policy(project_id, version=1):
	"""Gets IAM policy for a project."""
	creds = credentials.Credentials.from_authorized_user_file(
	filename=os.environ["GOOGLE_APPLICATION_CREDENTIALS"],
	scopes=["https://www.googleapis.com/auth/cloud-platform"],
	)
	service = googleapiclient.discovery.build(
	"cloudresourcemanager", "v1", credentials=creds
	)
	policy = (
	service.projects()
	.getIamPolicy(
	resource=project_id,
	body={"options": {"requestedPolicyVersion": version}},
	)
	.execute()
	)

	return policy
	# [END iam_get_policy]


	# [START main]
	def main(project_id, member_email):
	policy = get_policy(project_id)
	if member_email:
	result = {
	"member_email": member_email,
	"roles": []
	}
	for binding in policy['bindings']:
	for member in binding['members']:
	if member.find(member_email) != -1:
	result['roles'].append(binding['role'])
	break
	else:
	result = policy

	print(json.dumps(result, indent=2))
	# [END main]


	# [START run]
	if __name__ == '__main__':
	parser = argparse.ArgumentParser(
	description=__doc__,
	formatter_class=argparse.RawDescriptionHelpFormatter)
	parser.add_argument('-p', '--project', help='Your Google Cloud project ID.')
	parser.add_argument('-m', '--member_email', help='Member email to query for.')
	args = parser.parse_args()
	main(args.project, args.member_email)
	# [END run]