pparse 0.2.0
Last updated:
0 purchases
Description:
pparse 0.2.0
Policy Parser
Easily parse and filter yaml or json-based Google Cloud Platform (GCP) IAM policy documents.
$ gcloud projects get-iam-policy my-project | pparse -o table
principal_type principal role
---------------- --------------------------------------------------------------------------- ------------------------------------
serviceAccount [email protected] roles/cloudbuild.builds.builder
group [email protected] roles/cloudbuild.builds.editor
serviceAccount [email protected] roles/cloudbuild.serviceAgent
serviceAccount service-555555555555@gcp-sa-computescanning.iam.gserviceaccount.com roles/computescanning.serviceAgent
group [email protected] roles/owner
user [email protected] roles/storage.admin
user [email protected] roles/storage.admin
user [email protected] roles/storage.objectAdmin
user [email protected] roles/storage.objectAdmin
group [email protected] roles/viewer
group [email protected] roles/viewer
Installation
# Requires Python >= 3.8
pip install pparse
Usage
Parse
Pass in a policy document into pparse directly from gcloud and select an output format using --output-format.
$ gcloud projects get-iam-policy my-project | pparse --output-format csv
csv
table
json
yaml
Filters
You can filter policy documents by using one of the following commands. Use the -s flag to return a simple list of users or roles.
Filter by User Principal: pparse principal
$ gcloud ... | pparse principal [email protected] -s
roles/owner
roles/storage.admin
roles/storage.objectAdmin
Filter by Role pparse role
$ gcloud ... | pparse role roles/owner -s
group:[email protected]
group:[email protected]
user:[email protected]
user:[email protected]
user:[email protected]
user:[email protected]
Filter by Domain pparse domain
$ gcloud ... | pparse domain company.com
bindings:
- members:
- group:[email protected]
role: roles/cloudbuild.builds.editor
- members:
- group:[email protected]
- group:[email protected]
- user:[email protected]
- user:[email protected]
- user:[email protected]
- user:[email protected]
role: roles/owner
Filter by Principal Type pparse type
$ gcloud ... | pparse -o csv type serviceaccount
principal_type,principal,role
serviceAccount,[email protected],roles/cloudbuild.builds.builder
serviceAccount,[email protected],roles/cloudbuild.serviceAgent
serviceAccount,[email protected],roles/compute.serviceAgent
serviceAccount,service-555555555555@gcp-sa-computescanning.iam.gserviceaccount.com,roles/computescanning.serviceAgent
serviceAccount,service-555555555555@container-engine-robot.iam.gserviceaccount.com,roles/container.serviceAgent
Filter by Permission pparse permission
$ gcloud ... | pparse -o table permission storage.objects.get
principal_type principal role
---------------- --------------------------------------------------------------------------- ------------------------------------
serviceAccount [email protected] roles/cloudbuild.builds.builder
serviceAccount [email protected] roles/cloudbuild.serviceAgent
serviceAccount [email protected] roles/containeranalysis.ServiceAgent
serviceAccount service-555555555555@dataflow-service-producer-prod.iam.gserviceaccount.com roles/dataflow.serviceAgent
serviceAccount service-555555555555@gcp-sa-datamigration.iam.gserviceaccount.com roles/datamigration.serviceAgent
serviceAccount [email protected] roles/firebaserules.system
serviceAccount [email protected] roles/firestore.serviceAgent
user [email protected] roles/storage.admin
user [email protected] roles/storage.admin
user [email protected] roles/storage.objectAdmin
user [email protected] roles/storage.objectAdmin
License:
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
Customer Reviews
There are no reviews.
