Source code for google.cloud.forseti.services.inventory.base.gcp

# Copyright 2017 The Forseti Security Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""GCP API client fassade."""

# pylint: disable=invalid-name,too-many-lines
# pylint: disable=too-many-public-methods,too-many-instance-attributes

import abc

from google.cloud.forseti.common.gcp_api import admin_directory
from google.cloud.forseti.common.gcp_api import appengine
from google.cloud.forseti.common.gcp_api import bigquery
from google.cloud.forseti.common.gcp_api import cloud_resource_manager
from google.cloud.forseti.common.gcp_api import cloudbilling
from google.cloud.forseti.common.gcp_api import cloudsql
from google.cloud.forseti.common.gcp_api import compute
from google.cloud.forseti.common.gcp_api import container
from google.cloud.forseti.common.gcp_api import iam
from google.cloud.forseti.common.gcp_api import servicemanagement
from google.cloud.forseti.common.gcp_api import stackdriver_logging
from google.cloud.forseti.common.gcp_api import storage


[docs]class ApiClient(object): """The gcp api client interface""" __metaclass__ = abc.ABCMeta
[docs] @abc.abstractmethod def fetch_bigquery_dataset_policy(self, project_id, dataset_id): """Dataset policy Iterator for a dataset from gcp API call. Args: project_id (str): id of the project to query. dataset_id (str): id of the dataset to query. """
[docs] @abc.abstractmethod def iter_bigquery_datasets(self, project_number): """Iterate Datasets from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def fetch_billing_account_iam_policy(self, account_id): """Gets IAM policy of a Billing Account from GCP API. Args: account_id (str): id of the billing account to get policy. """
[docs] @abc.abstractmethod def fetch_billing_project_info(self, project_number): """Project Billing Info from gcp API call. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_billing_accounts(self): """Iterate visible Billing Accounts in an organization from GCP API."""
[docs] @abc.abstractmethod def iter_cloudsql_instances(self, project_number): """Iterate Cloud sql instances from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def is_compute_api_enabled(self, project_number): """Verifies the Compute API is enabled on a project. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def fetch_compute_project(self, project_number): """Fetch compute project data from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_backendservices(self, project_number): """Iterate Backend services from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_disks(self, project_number): """Iterate Compute Engine disks from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_firewalls(self, project_number): """Iterate Compute Engine Firewalls from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_forwardingrules(self, project_number): """Iterate Forwarding Rules from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_ig_managers(self, project_number): """Iterate Instance Group Manager from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_images(self, project_number): """Iterate Images from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_instancegroups(self, project_number): """Iterate Compute Engine groups from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_instances(self, project_number): """Iterate compute engine instance from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_instancetemplates(self, project_number): """Iterate Instance Templates from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_networks(self, project_number): """Iterate Networks from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_snapshots(self, project_number): """Iterate Compute Engine snapshots from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_compute_subnetworks(self, project_number): """Iterate Subnetworks from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def fetch_container_serviceconfig(self, project_id, zone=None, location=None): """Fetch Kubernetes Engine per zone service config from GCP API. Args: project_id (str): id of the project to query. zone (str): zone of the Kubernetes Engine. location (str): location of the Kubernetes Engine. """
[docs] @abc.abstractmethod def iter_container_clusters(self, project_number): """Iterate Kubernetes Engine Cluster from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def fetch_crm_folder(self, folder_id): """Fetch Folder data from GCP API. Args: folder_id (str): id of the folder to query. """
[docs] @abc.abstractmethod def fetch_crm_folder_iam_policy(self, folder_id): """Folder IAM policy in a folder from gcp API call. Args: folder_id (str): id of the folder to get policy. """
[docs] @abc.abstractmethod def fetch_crm_organization(self, org_id): """Fetch Organization data from GCP API. Args: org_id (str): id of the organization to get. """
[docs] @abc.abstractmethod def fetch_crm_organization_iam_policy(self, org_id): """Organization IAM policy from gcp API call. Args: org_id (str): id of the organization to get policy. """
[docs] @abc.abstractmethod def fetch_crm_project(self, project_number): """Fetch Project data from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def fetch_crm_project_iam_policy(self, project_number): """Project IAM policy from gcp API call. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_crm_folders(self, parent_id): """Iterate Folders from GCP API. Args: parent_id (str): id of the parent of the folder. """
[docs] @abc.abstractmethod def iter_crm_project_liens(self, project_number): """Iterate Liens from GCP API. Args: project_number (str): id of the parent project of the lien. """
[docs] @abc.abstractmethod def iter_crm_projects(self, parent_type, parent_id): """Iterate Projects from GCP API. Args: parent_type (str): type of the parent, "folder" or "organization". parent_id (str): id of the parent of the folder. """
[docs] @abc.abstractmethod def fetch_gae_app(self, project_id): """Fetch the AppEngine App. Args: project_id (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_gae_instances(self, project_id, service_id, version_id): """Iterate gae instances from GCP API. Args: project_id (str): id of the project to query. service_id (str): id of the appengine service. version_id (str): id of the appengine version. """
[docs] @abc.abstractmethod def iter_gae_services(self, project_id): """Iterate gae services from GCP API. Args: project_id (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_gae_versions(self, project_id, service_id): """Iterate gae versions from GCP API. Args: project_id (str): id of the project to query. service_id (str): id of the appengine service. """
[docs] @abc.abstractmethod def iter_gsuite_group_members(self, group_key): """Iterate Gsuite group members from GCP API. Args: group_key (str): key of the group to get. """
[docs] @abc.abstractmethod def iter_gsuite_groups(self, gsuite_id): """Iterate Gsuite groups from GCP API. Args: gsuite_id (str): Gsuite id. """
[docs] @abc.abstractmethod def iter_gsuite_users(self, gsuite_id): """Iterate Gsuite users from GCP API. Args: gsuite_id (str): Gsuite id. """
[docs] @abc.abstractmethod def fetch_iam_serviceaccount_iam_policy(self, name): """Service Account IAM policy from gcp API call. Args: name (str): The service account name to query, must be in the format projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} """
[docs] @abc.abstractmethod def iter_iam_curated_roles(self): """Iterate Curated roles in an organization from GCP API. """
[docs] @abc.abstractmethod def iter_iam_organization_roles(self, org_id): """Iterate Organization roles from GCP API. Args: org_id (str): id of the organization to get. """
[docs] @abc.abstractmethod def iter_iam_project_roles(self, project_id): """Iterate Project roles in a project from GCP API. Args: project_id (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_iam_serviceaccount_exported_keys(self, name): """Iterate Service Account User Managed Keys from GCP API. Args: name (str): name of the service account. """
[docs] @abc.abstractmethod def iter_iam_serviceaccounts(self, project_id): """Iterate Service Accounts in a project from GCP API. Args: project_id (str): id of the project to query. """
[docs] @abc.abstractmethod def fetch_services_enabled_apis(self, project_number): """Project enabled API services from gcp API call. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_stackdriver_billing_account_sinks(self, acct_id): """Iterate Billing Account logging sinks from GCP API. Args: acct_id (str): id of the billing account to query. """
[docs] @abc.abstractmethod def iter_stackdriver_folder_sinks(self, folder_id): """Iterate Folder logging sinks from GCP API. Args: folder_id (str): id of the folder to query. """
[docs] @abc.abstractmethod def iter_stackdriver_organization_sinks(self, org_id): """Iterate Organization logging sinks from GCP API. Args: org_id (str): id of the organization to query. """
[docs] @abc.abstractmethod def iter_stackdriver_project_sinks(self, project_number): """Iterate Project logging sinks from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def fetch_storage_bucket_iam_policy(self, bucket_id): """Bucket IAM policy Iterator from gcp API call. Args: bucket_id (str): id of the bucket to query. """
[docs] @abc.abstractmethod def fetch_storage_object_iam_policy(self, bucket_name, object_name): """Object IAM policy Iterator for an object from gcp API call. Args: bucket_name (str): name of the bucket. object_name (str): name of the object. """
[docs] @abc.abstractmethod def iter_storage_buckets(self, project_number): """Iterate Buckets from GCP API. Args: project_number (str): id of the project to query. """
[docs] @abc.abstractmethod def iter_storage_objects(self, bucket_id): """Iterate Objects from GCP API. Args: bucket_id (str): id of the bucket to get. """
[docs]def create_lazy(attribute, factory): """Create attributes right before they are needed. Args: attribute (str): Attribute name to check/create. factory (function): Factory to create object. Returns: function: Decorator. """ def f_wrapper(func): """Create decorator. Args: func (function): Function to wrap. Returns: function: Decorator. """ def wrapper(*args, **kwargs): """Decorator implementation. Args: *args (list): Original func arguments. **kwargs (dict): Original func arguments. Returns: object: Result produced by the wrapped func. """ this = args[0] if not hasattr(this, attribute) or not getattr(this, attribute): setattr(this, attribute, factory(this)) return func(*args, **kwargs) return wrapper return f_wrapper
[docs]class ApiClientImpl(ApiClient): """The gcp api client Implementation""" def __init__(self, config): """Initialize. Args: config (dict): GCP API client configuration. """ self.ad = None self.appengine = None self.bigquery = None self.crm = None self.cloudbilling = None self.cloudsql = None self.compute = None self.container = None self.iam = None self.servicemanagement = None self.stackdriver_logging = None self.storage = None self.config = config
[docs] def _create_ad(self): """Create admin directory API client. Returns: object: Client. """ return admin_directory.AdminDirectoryClient(self.config)
[docs] def _create_appengine(self): """Create AppEngine API client. Returns: object: Client. """ return appengine.AppEngineClient(self.config)
[docs] def _create_bq(self): """Create bigquery API client. Returns: object: Client. """ return bigquery.BigQueryClient(self.config)
[docs] def _create_crm(self): """Create resource manager API client. Returns: object: Client. """ return cloud_resource_manager.CloudResourceManagerClient(self.config)
[docs] def _create_cloudbilling(self): """Create cloud billing API client. Returns: object: Client. """ return cloudbilling.CloudBillingClient(self.config)
[docs] def _create_cloudsql(self): """Create cloud sql API client. Returns: object: Client. """ return cloudsql.CloudsqlClient(self.config)
[docs] def _create_compute(self): """Create compute API client. Returns: object: Client. """ return compute.ComputeClient(self.config)
[docs] def _create_container(self): """Create Kubernetes Engine API client. Returns: object: Client. """ return container.ContainerClient(self.config)
[docs] def _create_iam(self): """Create IAM API client. Returns: object: Client. """ return iam.IAMClient(self.config)
[docs] def _create_servicemanagement(self): """Create servicemanagement API client. Returns: object: Client. """ return servicemanagement.ServiceManagementClient(self.config)
[docs] def _create_stackdriver_logging(self): """Create stackdriver_logging API client. Returns: object: Client. """ return stackdriver_logging.StackdriverLoggingClient(self.config)
[docs] def _create_storage(self): """Create storage API client. Returns: object: Client. """ return storage.StorageClient(self.config)
[docs] @create_lazy('bigquery', _create_bq) def fetch_bigquery_dataset_policy(self, project_id, dataset_id): """Dataset policy Iterator for a dataset from gcp API call. Args: project_id (str): id of the project to query. dataset_id (str): id of the dataset to query. Returns: dict: Dataset Policy. """ return self.bigquery.get_dataset_access(project_id, dataset_id)
[docs] @create_lazy('bigquery', _create_bq) def iter_bigquery_datasets(self, project_number): """Iterate Datasets from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of datasets. """ for dataset in self.bigquery.get_datasets_for_projectid(project_number): yield dataset
[docs] @create_lazy('cloudbilling', _create_cloudbilling) def fetch_billing_account_iam_policy(self, account_id): """Gets IAM policy of a Billing Account from GCP API. Args: account_id (str): id of the billing account to get policy. Returns: dict: Billing Account IAM policy. """ return self.cloudbilling.get_billing_acct_iam_policies(account_id)
[docs] @create_lazy('cloudbilling', _create_cloudbilling) def fetch_billing_project_info(self, project_number): """Project Billing Info from gcp API call. Args: project_number (str): id of the project to query. Returns: dict: Project Billing Info resource. """ return self.cloudbilling.get_billing_info(project_number)
[docs] @create_lazy('cloudbilling', _create_cloudbilling) def iter_billing_accounts(self): """Iterate visible Billing Accounts in an organization from GCP API. Yields: dict: Generator of billing accounts. """ for account in self.cloudbilling.get_billing_accounts(): yield account
[docs] @create_lazy('cloudsql', _create_cloudsql) def iter_cloudsql_instances(self, project_number): """Iterate Cloud sql instances from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of cloudsql instance. """ for item in self.cloudsql.get_instances(project_number): yield item
[docs] @create_lazy('compute', _create_compute) def is_compute_api_enabled(self, project_number): """Verifies the Compute API is enabled on a project. Args: project_number (str): id of the project to query. Returns: bool: True if API is enabled, else False. """ return self.compute.is_api_enabled(project_number)
[docs] @create_lazy('compute', _create_compute) def fetch_compute_project(self, project_number): """Fetch compute project data from GCP API. Args: project_number (str): id of the project to query. Returns: dict: Compute project metadata resource. """ return self.compute.get_project(project_number)
[docs] @create_lazy('compute', _create_compute) def iter_compute_backendservices(self, project_number): """Iterate Backend services from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of backend service. """ for backendservice in self.compute.get_backend_services(project_number): yield backendservice
[docs] @create_lazy('compute', _create_compute) def iter_compute_disks(self, project_number): """Iterate Compute Engine disks from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of Compute Disk. """ for disk in self.compute.get_disks(project_number): yield disk
[docs] @create_lazy('compute', _create_compute) def iter_compute_firewalls(self, project_number): """Iterate Compute Engine Firewalls from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of Compute Engine Firewall. """ for rule in self.compute.get_firewall_rules(project_number): yield rule
[docs] @create_lazy('compute', _create_compute) def iter_compute_forwardingrules(self, project_number): """Iterate Forwarding Rules from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of forwarding rule resources. """ for forwardingrule in self.compute.get_forwarding_rules(project_number): yield forwardingrule
[docs] @create_lazy('compute', _create_compute) def iter_compute_ig_managers(self, project_number): """Iterate Instance Group Manager from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of instance group manager resources. """ for igmanager in self.compute.get_instance_group_managers( project_number): yield igmanager
[docs] @create_lazy('compute', _create_compute) def iter_compute_images(self, project_number): """Iterate Images from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of image resources. """ for image in self.compute.get_images(project_number): yield image
[docs] @create_lazy('compute', _create_compute) def iter_compute_instancegroups(self, project_number): """Iterate Compute Engine groups from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of Compute Instance group. """ for instancegroup in self.compute.get_instance_groups(project_number): yield instancegroup
[docs] @create_lazy('compute', _create_compute) def iter_compute_instances(self, project_number): """Iterate compute engine instance from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of Compute Engine Instance. """ for instance in self.compute.get_instances(project_number): yield instance
[docs] @create_lazy('compute', _create_compute) def iter_compute_instancetemplates(self, project_number): """Iterate Instance Templates from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of instance template resources. """ for instancetemplate in self.compute.get_instance_templates( project_number): yield instancetemplate
[docs] @create_lazy('compute', _create_compute) def iter_compute_networks(self, project_number): """Iterate Networks from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of network resources. """ for network in self.compute.get_networks(project_number): yield network
[docs] @create_lazy('compute', _create_compute) def iter_compute_snapshots(self, project_number): """Iterate Compute Engine snapshots from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of Compute Snapshots. """ for snapshot in self.compute.get_snapshots(project_number): yield snapshot
[docs] @create_lazy('compute', _create_compute) def iter_compute_subnetworks(self, project_number): """Iterate Subnetworks from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of subnetwork resources. """ for subnetwork in self.compute.get_subnetworks(project_number): yield subnetwork
[docs] @create_lazy('container', _create_container) def fetch_container_serviceconfig(self, project_id, zone=None, location=None): """Fetch Kubernetes Engine per zone service config from GCP API. Args: project_id (str): id of the project to query. zone (str): zone of the Kubernetes Engine. location (str): location of the Kubernetes Engine. Returns: dict: Generator of Kubernetes Engine Cluster resources. """ return self.container.get_serverconfig(project_id, zone=zone, location=location)
[docs] @create_lazy('container', _create_container) def iter_container_clusters(self, project_number): """Iterate Kubernetes Engine Cluster from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of Kubernetes Engine Cluster resources. """ for cluster in self.container.get_clusters(project_number): # Don't store the master auth data in the database. if 'masterAuth' in cluster: cluster['masterAuth'] = { k: '[redacted]' for k in cluster['masterAuth'].keys()} yield cluster
[docs] @create_lazy('crm', _create_crm) def fetch_crm_folder(self, folder_id): """Fetch Folder data from GCP API. Args: folder_id (str): id of the folder to query. Returns: dict: Generator of folder. """ return self.crm.get_folder(folder_id)
[docs] @create_lazy('crm', _create_crm) def fetch_crm_folder_iam_policy(self, folder_id): """Folder IAM policy in a folder from gcp API call. Args: folder_id (str): id of the folder to get policy. Returns: dict: Folder IAM policy. """ return self.crm.get_folder_iam_policies(folder_id)
[docs] @create_lazy('crm', _create_crm) def fetch_crm_organization(self, org_id): """Fetch Organization data from GCP API. Args: org_id (str): id of the organization to get. Returns: dict: Generator of organization. """ return self.crm.get_organization(org_id)
[docs] @create_lazy('crm', _create_crm) def fetch_crm_organization_iam_policy(self, org_id): """Organization IAM policy from gcp API call. Args: org_id (str): id of the organization to get policy. Returns: dict: Organization IAM policy. """ return self.crm.get_org_iam_policies(org_id)
[docs] @create_lazy('crm', _create_crm) def fetch_crm_project(self, project_number): """Fetch Project data from GCP API. Args: project_number (str): id of the project to query. Returns: dict: Generator of project. """ return self.crm.get_project(project_number)
[docs] @create_lazy('crm', _create_crm) def fetch_crm_project_iam_policy(self, project_number): """Project IAM policy from gcp API call. Args: project_number (str): id of the project to query. Returns: dict: Project IAM Policy. """ return self.crm.get_project_iam_policies(project_number)
[docs] @create_lazy('crm', _create_crm) def iter_crm_folders(self, parent_id): """Iterate Folders from GCP API. Args: parent_id (str): id of the parent of the folder. Yields: dict: Generator of folders. """ for folder in self.crm.get_folders(parent_id): yield folder
[docs] @create_lazy('crm', _create_crm) def iter_crm_project_liens(self, project_number): """Iterate Liens from GCP API. Args: project_number (str): id of the parent project of the lien. Yields: dict: Generator of liens. """ for lien in self.crm.get_project_liens(project_number): yield lien
[docs] @create_lazy('crm', _create_crm) def iter_crm_projects(self, parent_type, parent_id): """Iterate Projects from GCP API. Args: parent_type (str): type of the parent, "folder" or "organization". parent_id (str): id of the parent of the folder. Yields: dict: Generator of projects. """ for page in self.crm.get_projects(parent_id=parent_id, parent_type=parent_type): for project in page.get('projects', []): yield project
[docs] @create_lazy('appengine', _create_appengine) def fetch_gae_app(self, project_id): """Fetch the AppEngine App. Args: project_id (str): id of the project to query. Returns: dict: AppEngine App resource. """ return self.appengine.get_app(project_id)
[docs] @create_lazy('appengine', _create_appengine) def iter_gae_instances(self, project_id, service_id, version_id): """Iterate gae instances from GCP API. Args: project_id (str): id of the project to query. service_id (str): id of the appengine service. version_id (str): version id of the appengine. Yields: dict: Generator of AppEngine Instance resources. """ for instance in self.appengine.list_instances( project_id, service_id, version_id): yield instance
[docs] @create_lazy('appengine', _create_appengine) def iter_gae_services(self, project_id): """Iterate gae services from GCP API. Args: project_id (str): id of the project to query. Yields: dict: Generator of AppEngine Service resources. """ for service in self.appengine.list_services(project_id): yield service
[docs] @create_lazy('appengine', _create_appengine) def iter_gae_versions(self, project_id, service_id): """Iterate gae versions from GCP API. Args: project_id (str): id of the project to query. service_id (str): id of the appengine service. Yields: dict: Generator of AppEngine Version resources. """ for version in self.appengine.list_versions(project_id, service_id): yield version
[docs] @create_lazy('ad', _create_ad) def iter_gsuite_group_members(self, group_key): """Iterate Gsuite group members from GCP API. Args: group_key (str): key of the group to get. Yields: dict: Generator of group_member """ for member in self.ad.get_group_members(group_key): yield member
[docs] @create_lazy('ad', _create_ad) def iter_gsuite_groups(self, gsuite_id): """Iterate Gsuite groups from GCP API. Args: gsuite_id (str): Gsuite id. Yields: dict: Generator of groups. """ result = self.ad.get_groups(gsuite_id) for group in result: yield group
[docs] @create_lazy('ad', _create_ad) def iter_gsuite_users(self, gsuite_id): """Iterate Gsuite users from GCP API. Args: gsuite_id (str): Gsuite id. Yields: dict: Generator of user. """ for user in self.ad.get_users(gsuite_id): yield user
[docs] @create_lazy('iam', _create_iam) def fetch_iam_serviceaccount_iam_policy(self, name): """Service Account IAM policy from gcp API call. Args: name (str): The service account name to query, must be in the format projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} Returns: dict: Service Account IAM policy. """ return self.iam.get_service_account_iam_policy(name)
[docs] @create_lazy('iam', _create_iam) def iter_iam_curated_roles(self): """Iterate Curated roles in an organization from GCP API. Yields: dict: Generator of curated roles. """ for role in self.iam.get_curated_roles(): yield role
[docs] @create_lazy('iam', _create_iam) def iter_iam_organization_roles(self, org_id): """Iterate Organization roles from GCP API. Args: org_id (str): id of the organization to get. Yields: dict: Generator of organization role. """ for role in self.iam.get_organization_roles(org_id): yield role
[docs] @create_lazy('iam', _create_iam) def iter_iam_project_roles(self, project_id): """Iterate Project roles in a project from GCP API. Args: project_id (str): id of the project to query. Yields: dict: Generator of project roles. """ for role in self.iam.get_project_roles(project_id): yield role
[docs] @create_lazy('iam', _create_iam) def iter_iam_serviceaccount_exported_keys(self, name): """Iterate Service Account User Managed Keys from GCP API. Args: name (str): name of the service account. Yields: dict: Generator of service account user managed (exported) keys """ for key in self.iam.get_service_account_keys( name, key_type=iam.IAMClient.USER_MANAGED): yield key
[docs] @create_lazy('iam', _create_iam) def iter_iam_serviceaccounts(self, project_id): """Iterate Service Accounts in a project from GCP API. Args: project_id (str): id of the project to query. Yields: dict: Generator of service account. """ for serviceaccount in self.iam.get_service_accounts(project_id): yield serviceaccount
[docs] @create_lazy('servicemanagement', _create_servicemanagement) def fetch_services_enabled_apis(self, project_number): """Project enabled API services from gcp API call. Args: project_number (str): id of the project to query. Returns: list: A list of ManagedService resource dicts. """ return self.servicemanagement.get_enabled_apis(project_number)
[docs] @create_lazy('stackdriver_logging', _create_stackdriver_logging) def iter_stackdriver_billing_account_sinks(self, acct_id): """Iterate Billing Account logging sinks from GCP API. Args: acct_id (str): id of the billing account to query. Yields: dict: Generator of billing account logging sinks. """ for sink in self.stackdriver_logging.get_billing_account_sinks(acct_id): yield sink
[docs] @create_lazy('stackdriver_logging', _create_stackdriver_logging) def iter_stackdriver_folder_sinks(self, folder_id): """Iterate Folder logging sinks from GCP API. Args: folder_id (str): id of the folder to query. Yields: dict: Generator of folder logging sinks. """ for sink in self.stackdriver_logging.get_folder_sinks(folder_id): yield sink
[docs] @create_lazy('stackdriver_logging', _create_stackdriver_logging) def iter_stackdriver_organization_sinks(self, org_id): """Iterate Organization logging sinks from GCP API. Args: org_id (str): id of the organization to query. Yields: dict: Generator of organization logging sinks. """ for sink in self.stackdriver_logging.get_organization_sinks(org_id): yield sink
[docs] @create_lazy('stackdriver_logging', _create_stackdriver_logging) def iter_stackdriver_project_sinks(self, project_number): """Iterate Project logging sinks from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of project logging sinks. """ for sink in self.stackdriver_logging.get_project_sinks(project_number): yield sink
[docs] @create_lazy('storage', _create_storage) def fetch_storage_bucket_iam_policy(self, bucket_id): """Bucket IAM policy Iterator from gcp API call. Args: bucket_id (str): id of the bucket to query. Returns: dict: Bucket IAM policy. """ return self.storage.get_bucket_iam_policy(bucket_id)
[docs] @create_lazy('storage', _create_storage) def fetch_storage_object_iam_policy(self, bucket_name, object_name): """Object IAM policy Iterator for an object from gcp API call. Args: bucket_name (str): name of the bucket. object_name (str): name of the object. Returns: dict: Object IAM policy. """ return self.storage.get_storage_object_iam_policy(bucket_name, object_name)
[docs] @create_lazy('storage', _create_storage) def iter_storage_buckets(self, project_number): """Iterate Buckets from GCP API. Args: project_number (str): id of the project to query. Yields: dict: Generator of buckets. """ for bucket in self.storage.get_buckets(project_number): yield bucket
[docs] @create_lazy('storage', _create_storage) def iter_storage_objects(self, bucket_id): """Iterate Objects from GCP API. Args: bucket_id (str): id of the bucket to get. Yields: dict: Generator of objects. """ for gcs_object in self.storage.get_objects(bucket_name=bucket_id): yield gcs_object