GCP使用Python获取自定义IAM角色权限

时间:2020-04-20 15:00:51

标签: python google-cloud-platform google-iam

我正在使用Python代码获取自定义IAM角色中存在的权限。即使我按照文档https://cloud.google.com/iam/docs/creating-custom-roles#iam-custom-roles-get-metadata-python传递参数。它引发了以下错误。 role['name']承担IAM角色的角色ID。我无法从Google文档中找出答案。任何帮助将不胜感激。

TypeError:参数“名称”值 “ projects / my-new-project-273607 / roles / CustomRole”与 模式“ ^ roles / [^ /] + $” 

roles = service.roles().list(parent='projects/' + 'my-new-project-273607').execute()['roles']
print('Name: ' + roles['name'])
role = service.roles().get(name=roles['name']).execute()
for permission in role['includedPermissions']:
    print(permission)
print('permissions:' + role['includedPermissions'])

2 个答案:

答案 0 :(得分:1)

service.roles()。get()用于获取内置的GCP角色(例如'roles / logging.configWriter')。您正在使用 service.roles()。list()获取项目角色。

如果要获取这些项目角色的详细信息,则需要使用 service.projects()。roles()。get(name = .....)。。 >

请参见https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles/get#path-parameters

答案 1 :(得分:0)

尝试这个https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles/list

projects.roles / list是一种列出自定义角色的方法。

"""
BEFORE RUNNING:
---------------
1. If not already done, enable the Identity and Access Management (IAM) API
   and check the quota for your project at
   https://console.developers.google.com/apis/api/iam
2. This sample uses Application Default Credentials for authentication.
   If not already done, install the gcloud CLI from
   https://cloud.google.com/sdk and run
   `gcloud beta auth application-default login`.
   For more information, see
   https://developers.google.com/identity/protocols/application-default-credentials
3. Install the Python client library for Google APIs by running
   `pip install --upgrade google-api-python-client`
"""
from pprint import pprint

from googleapiclient import discovery
from oauth2client.client import GoogleCredentials

credentials = GoogleCredentials.get_application_default()

service = discovery.build('iam', 'v1', credentials=credentials)

# The resource name of the parent resource in one of the following formats:
# `` (empty string) -- this refers to curated roles.
# `organizations/{ORGANIZATION_ID}`
# `projects/{PROJECT_ID}`
parent = 'projects/my-project'  # TODO: Update placeholder value.

request = service.projects().roles().list(parent=parent)
while True:
    response = request.execute()

    for role in response.get('roles', []):
        # TODO: Change code below to process each `role` resource:
        pprint(role)

    request = service.projects().roles().list_next(previous_request=request, previous_response=response)
    if request is None:
        break
相关问题
最新问题