Module pipelines.utils.policy_matrix.tasks

Tasks for the policy matrix generation.

Functions

def generate_roles_matrix(policies: Dict[str, List[Dict[str, Union[str, List[str]]]]]) ‑> Dict[str, Dict[str, List[str]]]

Generates a roles matrix from the given IAM policies in the format: { "project_id": { "member": [role, …], … }, … }

def get_discovery_api(mode: str = 'prod') ‑> googleapiclient.discovery.Resource

Get the discovery API for the given mode.

def get_iam_policy(project_ids: list, discovery_api: googleapiclient.discovery.Resource) ‑> List[Dict[str, Union[int, str, List[Dict[str, Union[str, List[str]]]]]]]

Get the IAM policy for the given project.

Output format is: { "version": 1 (int), "etag": etag (str), "bindings": [ { "role": role (str), "members": [member (str), …] }, … ] }

def merge_iam_policies(project_ids: List[str], policies: List[Dict[str, Union[int, str, List[Dict[str, Union[str, List[str]]]]]]]) ‑> Dict[str, List[Dict[str, Union[str, List[str]]]]]

Merges IAM policies from different projects into one dictionary in the format: { "project_id": [ { "role": role (str), "members": [member (str), …] }, … ], … }

def roles_matrix_to_pandas_dataframe(roles_matrix: Dict[str, Dict[str, List[str]]]) ‑> pandas.core.frame.DataFrame

Converts the roles matrix to a pandas dataframe with the following format: project_id | member | role