Utility to parse and filter Google Cloud IAM policy documents.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for zefdelgadillo from gravatar.com zefdelgadillo

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License ('MIT License')

Author: Zef Delgadillo

Tags google-cloud, gcp, iam

Requires: Python >=3.8, <4

Classifiers

Project description

Policy Parser

Easily parse and filter yaml or json-based Google Cloud Platform (GCP) IAM policy documents.

$ gcloud projects get-iam-policy my-project | pparse -o table
principal_type    principal                                                                    role
----------------  ---------------------------------------------------------------------------  ------------------------------------
serviceAccount    555555555555@cloudbuild.gserviceaccount.com                                  roles/cloudbuild.builds.builder
group             tech-dev-team@company.com                                                    roles/cloudbuild.builds.editor
serviceAccount    service-555555555555@gcp-sa-cloudbuild.iam.gserviceaccount.com               roles/cloudbuild.serviceAgent
serviceAccount    service-555555555555@gcp-sa-computescanning.iam.gserviceaccount.com          roles/computescanning.serviceAgent
group             tech-dev-managers@company.com                                                roles/owner
user              annbaker@company.com                                                         roles/storage.admin
user              louiefranco@company.com                                                      roles/storage.admin
user              annbaker@company.com                                                         roles/storage.objectAdmin
user              louiefranco@company.com                                                      roles/storage.objectAdmin
group             tech-all@company.com                                                         roles/viewer
group             tech-dev-team@company.com                                                    roles/viewer

Installation

# Requires Python >= 3.8
pip install pparse

Usage

Parse

Pass in a policy document into pparse directly from gcloud and select an output format using --output-format.

$ gcloud projects get-iam-policy my-project | pparse --output-format csv
  • csv
  • table
  • json
  • yaml

Filters

You can filter policy documents by using one of the following commands. Use the -s flag to return a simple list of users or roles.

Filter by User Principal: pparse principal

$ gcloud ... | pparse principal louiefranco@company.com -s
roles/owner
roles/storage.admin
roles/storage.objectAdmin

Filter by Role pparse role

$ gcloud ... | pparse role roles/owner -s
group:tech-code-guidance@company.com
group:tech-dev-managers@company.com
user:annbaker@company.com
user:jimmyjohn@company.com
user:louiefranco@company.com
user:rhondaseltzer@company.com

Filter by Domain pparse domain

$ gcloud ... | pparse domain company.com
bindings:
- members:
  - group:tech-dev-team@company.com
  role: roles/cloudbuild.builds.editor
- members:
  - group:tech-code-guidance@company.com
  - group:tech-dev-managers@company.com
  - user:annbaker@company.com
  - user:jimmyjohn@company.com
  - user:louiefranco@company.com
  - user:rhondaseltzer@company.com
  role: roles/owner

Filter by Principal Type pparse type

$ gcloud ... | pparse -o csv type serviceaccount
principal_type,principal,role
serviceAccount,555555555555@cloudbuild.gserviceaccount.com,roles/cloudbuild.builds.builder
serviceAccount,service-555555555555@gcp-sa-cloudbuild.iam.gserviceaccount.com,roles/cloudbuild.serviceAgent
serviceAccount,service-555555555555@compute-system.iam.gserviceaccount.com,roles/compute.serviceAgent
serviceAccount,service-555555555555@gcp-sa-computescanning.iam.gserviceaccount.com,roles/computescanning.serviceAgent
serviceAccount,service-555555555555@container-engine-robot.iam.gserviceaccount.com,roles/container.serviceAgent

Filter by Permission pparse permission

$ gcloud ... | pparse -o table permission storage.objects.get
principal_type    principal                                                                    role
----------------  ---------------------------------------------------------------------------  ------------------------------------
serviceAccount    555555555555@cloudbuild.gserviceaccount.com                                  roles/cloudbuild.builds.builder
serviceAccount    service-555555555555@gcp-sa-cloudbuild.iam.gserviceaccount.com               roles/cloudbuild.serviceAgent
serviceAccount    service-555555555555@container-analysis.iam.gserviceaccount.com              roles/containeranalysis.ServiceAgent
serviceAccount    service-555555555555@dataflow-service-producer-prod.iam.gserviceaccount.com  roles/dataflow.serviceAgent
serviceAccount    service-555555555555@gcp-sa-datamigration.iam.gserviceaccount.com            roles/datamigration.serviceAgent
serviceAccount    service-555555555555@firebase-rules.iam.gserviceaccount.com                  roles/firebaserules.system
serviceAccount    service-555555555555@gcp-sa-firestore.iam.gserviceaccount.com                roles/firestore.serviceAgent
user              annbaker@company.com                                                         roles/storage.admin
user              louiefranco@company.com                                                      roles/storage.admin
user              annbaker@company.com                                                         roles/storage.objectAdmin
user              louiefranco@company.com                                                      roles/storage.objectAdmin

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for zefdelgadillo from gravatar.com zefdelgadillo

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License ('MIT License')

Author: Zef Delgadillo

Tags google-cloud, gcp, iam

Requires: Python >=3.8, <4

Classifiers

Release history Release notifications | RSS feed

This version

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pparse-0.2.0.tar.gz (7.1 kB view hashes)

Uploaded Source

Built Distribution

pparse-0.2.0-py3-none-any.whl (7.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page