|
| 1 | +#!/usr/bin/env python |
| 2 | + |
| 3 | +# Copyright 2016 Google Inc. All Rights Reserved. |
| 4 | +# |
| 5 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | +# you may not use this file except in compliance with the License. |
| 7 | +# You may obtain a copy of the License at |
| 8 | +# |
| 9 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | +# |
| 11 | +# Unless required by applicable law or agreed to in writing, software |
| 12 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | +# See the License for the specific language governing permissions and |
| 15 | +# limitations under the License. |
| 16 | + |
| 17 | +"""This application demonstrates how to perform basic operations on IAM |
| 18 | +policies with the Cloud Pub/Sub API. |
| 19 | +
|
| 20 | +For more information, see the README.md under /pubsub and the documentation |
| 21 | +at https://cloud.google.com/pubsub/docs. |
| 22 | +""" |
| 23 | + |
| 24 | +import argparse |
| 25 | + |
| 26 | +from gcloud import pubsub |
| 27 | + |
| 28 | + |
| 29 | +def get_topic_policy(topic_name): |
| 30 | + """Prints the IAM policy for the given topic.""" |
| 31 | + pubsub_client = pubsub.Client() |
| 32 | + topic = pubsub_client.topic(topic_name) |
| 33 | + |
| 34 | + policy = topic.get_iam_policy() |
| 35 | + |
| 36 | + print('Policy for topic {}:'.format(topic.name)) |
| 37 | + print('Version: {}'.format(policy.version)) |
| 38 | + print('Owners: {}'.format(policy.owners)) |
| 39 | + print('Editors: {}'.format(policy.editors)) |
| 40 | + print('Viewers: {}'.format(policy.viewers)) |
| 41 | + print('Publishers: {}'.format(policy.publishers)) |
| 42 | + print('Subscribers: {}'.format(policy.subscribers)) |
| 43 | + |
| 44 | + |
| 45 | +def get_subscription_policy(topic_name, subscription_name): |
| 46 | + """Prints the IAM policy for the given subscription.""" |
| 47 | + pubsub_client = pubsub.Client() |
| 48 | + topic = pubsub_client.topic(topic_name) |
| 49 | + subscription = topic.subscription(subscription_name) |
| 50 | + |
| 51 | + policy = subscription.get_iam_policy() |
| 52 | + |
| 53 | + print('Policy for subscription {} on topic {}:'.format( |
| 54 | + subscription.name, topic.name)) |
| 55 | + print('Version: {}'.format(policy.version)) |
| 56 | + print('Owners: {}'.format(policy.owners)) |
| 57 | + print('Editors: {}'.format(policy.editors)) |
| 58 | + print('Viewers: {}'.format(policy.viewers)) |
| 59 | + print('Publishers: {}'.format(policy.publishers)) |
| 60 | + print('Subscribers: {}'.format(policy.subscribers)) |
| 61 | + |
| 62 | + |
| 63 | +def set_topic_policy(topic_name): |
| 64 | + """Sets the IAM policy for a topic.""" |
| 65 | + pubsub_client = pubsub.Client() |
| 66 | + topic = pubsub_client.topic(topic_name) |
| 67 | + policy = topic.get_iam_policy() |
| 68 | + |
| 69 | + # Add all users as viewers. |
| 70 | + policy.viewers.add(policy.all_users()) |
| 71 | + # Add a group as editors. |
| 72 | + policy.editors.add(policy.group('cloud-logs@google.com')) |
| 73 | + |
| 74 | + # Set the policy |
| 75 | + topic.set_iam_policy(policy) |
| 76 | + |
| 77 | + print('IAM policy for topic {} set.'.format(topic.name)) |
| 78 | + |
| 79 | + |
| 80 | +def set_subscription_policy(topic_name, subscription_name): |
| 81 | + """Sets the IAM policy for a topic.""" |
| 82 | + pubsub_client = pubsub.Client() |
| 83 | + topic = pubsub_client.topic(topic_name) |
| 84 | + subscription = topic.subscription(subscription_name) |
| 85 | + policy = subscription.get_iam_policy() |
| 86 | + |
| 87 | + # Add all users as viewers. |
| 88 | + policy.viewers.add(policy.all_users()) |
| 89 | + # Add a group as editors. |
| 90 | + policy.editors.add(policy.group('cloud-logs@google.com')) |
| 91 | + |
| 92 | + # Set the policy |
| 93 | + subscription.set_iam_policy(policy) |
| 94 | + |
| 95 | + print('IAM policy for subscription {} on topic {} set.'.format( | <
9E88
/tr>
| 96 | + topic.name, subscription.name)) |
| 97 | + |
| 98 | + |
| 99 | +def check_topic_permissions(topic_name): |
| 100 | + """Checks to which permissions are available on the given topic.""" |
| 101 | + pubsub_client = pubsub.Client() |
| 102 | + topic = pubsub_client.topic(topic_name) |
| 103 | + |
| 104 | + permissions_to_check = [ |
| 105 | + 'pubsub.topics.publish', |
| 106 | + 'pubsub.topics.update' |
| 107 | + ] |
| 108 | + |
| 109 | + allowed_permissions = topic.check_iam_permissions(permissions_to_check) |
| 110 | + |
| 111 | + print('Allowed permissions for topic {}: {}'.format( |
| 112 | + topic.name, allowed_permissions)) |
| 113 | + |
| 114 | + |
| 115 | +def check_subscription_permissions(topic_name, subscription_name): |
| 116 | + """Checks to which permissions are available on the given subscription.""" |
| 117 | + pubsub_client = pubsub.Client() |
| 118 | + topic = pubsub_client.topic(topic_name) |
| 119 | + subscription = topic.subscription(subscription_name) |
| 120 | + |
| 121 | + permissions_to_check = [ |
| 122 | + 'pubsub.subscriptions.consume', |
| 123 | + 'pubsub.subscriptions.update' |
| 124 | + ] |
| 125 | + |
| 126 | + allowed_permissions = subscription.check_iam_permissions( |
| 127 | + permissions_to_check) |
| 128 | + |
| 129 | + print('Allowed permissions for subscription {} on topic {}: {}'.format( |
| 130 | + subscription.name, topic.name, allowed_permissions)) |
| 131 | + |
| 132 | + |
| 133 | +if __name__ == '__main__': |
| 134 | + parser = argparse.ArgumentParser( |
| 135 | + description=__doc__, |
| 136 | + formatter_class=argparse.RawDescriptionHelpFormatter |
| 137 | + ) |
| 138 | + |
| 139 | + subparsers = parser.add_subparsers(dest='command') |
| 140 | + |
| 141 | + get_topic_policy_parser = subparsers.add_parser( |
| 142 | + 'get-topic-policy', help=get_topic_policy.__doc__) |
| 143 | + get_topic_policy_parser.add_argument('topic_name') |
| 144 | + |
| 145 | + get_subscription_policy_parser = subparsers.add_parser( |
| 146 | + 'get-subscription-policy', help=get_subscription_policy.__doc__) |
| 147 | + get_subscription_policy_parser.add_argument('topic_name') |
| 148 | + get_subscription_policy_parser.add_argument('subscription_name') |
| 149 | + |
| 150 | + set_topic_policy_parser = subparsers.add_parser( |
| 151 | + 'set-topic-policy', help=set_topic_policy.__doc__) |
| 152 | + set_topic_policy_parser.add_argument('topic_name') |
| 153 | + |
| 154 | + set_subscription_policy_parser = subparsers.add_parser( |
| 155 | + 'set-subscription-policy', help=set_subscription_policy.__doc__) |
| 156 | + set_subscription_policy_parser.add_argument('topic_name') |
| 157 | + set_subscription_policy_parser.add_argument('subscription_name') |
| 158 | + |
| 159 | + check_topic_permissions_parser = subparsers.add_parser( |
| 160 | + 'check-topic-permissions', help=check_topic_permissions.__doc__) |
| 161 | + check_topic_permissions_parser.add_argument('topic_name') |
| 162 | + |
| 163 | + check_subscription_permissions_parser = subparsers.add_parser( |
| 164 | + 'check-subscription-permissions', |
| 165 | + help=check_subscription_permissions.__doc__) |
| 166 | + check_subscription_permissions_parser.add_argument('topic_name') |
| 167 | + check_subscription_permissions_parser.add_argument('subscription_name') |
| 168 | + |
| 169 | + args = parser.parse_args() |
| 170 | + |
| 171 | + if args.command == 'get-topic-policy': |
| 172 | + get_topic_policy(args.topic_name) |
| 173 | + elif args.command == 'get-subscription-policy': |
| 174 | + get_subscription_policy(args.topic_name, args.subscription_name) |
| 175 | + elif args.command == 'set-topic-policy': |
| 176 | + set_topic_policy(args.topic_name) |
| 177 | + elif args.command == 'set-subscription-policy': |
| 178 | + set_subscription_policy(args.topic_name, args.subscription_name) |
| 179 | + elif args.command == 'check-topic-permissions': |
| 180 | + check_topic_permissions(args.topic_name) |
| 181 | + elif args.command == 'check-subscription-permissions': |
| 182 | + check_subscription_permissions(args.topic_name, args.subscription_name) |
0 commit comments