Helper functions for handling IAM policies.
_split_member
(member)[source]¶Splits an IAM member into type and optional value.
Parameters: | member (str) – The IAM member to split. |
---|---|
Returns: | The member type and optionally member value. |
Return type: | tuple |
convert_bigquery_policy_to_iam
(access_policy, project_id)[source]¶Convert a bigquery Access Policy to IAM policy.
This is used to enable IAM explain for legacy bigquery policies.
Parameters: |
|
---|---|
Returns: | An iam policy object. |
Return type: | dict |
convert_iam_to_bigquery_policy
(iam_policy)[source]¶Converts an IAM policy to a bigquery Access Policy.
This is used for backwards compatibility between data returned from live API and the data stored in CAI. Once the live API returns IAM policies instead, this can be deprecated.
Parameters: | iam_policy (dict) – The BigQuery dataset IAM policy. |
---|---|
Returns: | A list of access policies. An example return value:
|
Return type: | list |
convert_iam_to_bucket_acls
(iam_policy, bucket, project_id, project_number)[source]¶Converts an IAM policy to Bucket Access Controls.
The is used for backwards compatibility between data returned from live API and the data stored in CAI. Once acls are removed from cloud storage, this can be deprecated.
Parameters: |
|
---|---|
Returns: | A list of access policies. An example return value:
] |
Return type: | list |