Wrapper for IAM API client.
IAMClient
(global_configs, **kwargs)[source]¶Bases: object
IAM Client.
KEY_TYPES
= frozenset(['USER_MANAGED', 'SYSTEM_MANAGED'])¶SYSTEM_MANAGED
= 'SYSTEM_MANAGED'¶USER_MANAGED
= 'USER_MANAGED'¶get_curated_roles
(parent=None)[source]¶Get information about organization roles
Parameters: | parent (str) – An optional parent ID to query. If unset, defaults to returning the list of curated roles in GCP. |
---|---|
Returns: | The response of retrieving the curated roles. |
Return type: | list |
Raises: | ApiExecutionError – ApiExecutionError is raised if the call to the
GCP API fails. |
get_organization_roles
(org_id)[source]¶Get information about custom organization roles.
Parameters: | org_id (str) – The id of the organization. |
---|---|
Returns: | The response of retrieving the organization roles. |
Return type: | list |
Raises: | ApiExecutionError – ApiExecutionError is raised if the call to the
GCP API fails. |
get_project_roles
(project_id)[source]¶Get information about custom project roles.
Parameters: | project_id (str) – The id of the project. |
---|---|
Returns: | The response of retrieving the project roles. |
Return type: | list |
Raises: | ApiExecutionError – ApiExecutionError is raised if the call to the
GCP API fails. |
get_service_account_iam_policy
(name)[source]¶Get IAM policy associated with a service account.
Parameters: | name (str) – The service account name to query, must be in the format projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} |
---|---|
Returns: | The IAM policies for the service account. |
Return type: | dict |
Raises: | ApiExecutionError – ApiExecutionError is raised if the call to the
GCP API fails. |
get_service_account_keys
(name, key_type=None)[source]¶Get keys associated with the given Service Account.
Parameters: |
|
---|---|
Returns: | List with a dict for each key associated with the account. |
Return type: | list |
Raises: |
|
get_service_accounts
(project_id)[source]¶Get Service Accounts associated with a project.
Parameters: | project_id (str) – The project ID to get Service Accounts for. |
---|---|
Returns: | List of service accounts associated with the project. |
Return type: | list |
Raises: | ApiExecutionError – ApiExecutionError is raised if the call to the
GCP API fails. |
IamRepositoryClient
(quota_max_calls=None, quota_period=1.0, use_rate_limiter=True)[source]¶Bases: google.cloud.forseti.common.gcp_api._base_repository.BaseRepositoryClient
IAM API Respository.
organizations_roles
¶An _IamOrganizationsRolesRepository instance.
projects_roles
¶An _IamProjectsRolesRepository instance.
projects_serviceaccounts
¶An _IamProjectsServiceAccountsRepository instance.
projects_serviceaccounts_keys
¶An _IamProjectsServiceAccountsKeysRepository instance.
roles
¶An _IamRolesRepository instance.
_IamOrganizationsRolesRepository
(**kwargs)[source]¶Bases: google.cloud.forseti.common.gcp_api.repository_mixins.ListQueryMixin
, google.cloud.forseti.common.gcp_api._base_repository.GCPRepository
Implementation of Iam Organizations Roles repository.
_IamProjectsRolesRepository
(**kwargs)[source]¶Bases: google.cloud.forseti.common.gcp_api.repository_mixins.ListQueryMixin
, google.cloud.forseti.common.gcp_api._base_repository.GCPRepository
Implementation of Iam Projects Roles repository.
_IamProjectsServiceAccountsKeysRepository
(**kwargs)[source]¶Bases: google.cloud.forseti.common.gcp_api.repository_mixins.ListQueryMixin
, google.cloud.forseti.common.gcp_api._base_repository.GCPRepository
Implementation of Iam Projects ServiceAccounts Keys repository.
_IamProjectsServiceAccountsRepository
(**kwargs)[source]¶Bases: google.cloud.forseti.common.gcp_api.repository_mixins.GetIamPolicyQueryMixin
, google.cloud.forseti.common.gcp_api.repository_mixins.ListQueryMixin
, google.cloud.forseti.common.gcp_api._base_repository.GCPRepository
Implementation of Iam Projects ServiceAccounts repository.
get_iam_policy
(resource, fields=None, verb='getIamPolicy', include_body=False, resource_field='resource', **kwargs)[source]¶Get Service Account IAM Policy.
Parameters: |
|
---|---|
Returns: | GCE response. |
Return type: | dict |
_IamRolesRepository
(**kwargs)[source]¶Bases: google.cloud.forseti.common.gcp_api.repository_mixins.ListQueryMixin
, google.cloud.forseti.common.gcp_api._base_repository.GCPRepository
Implementation of Iam Roles repository.