Commit change to native functions and wrapping

for google cloud function
gbg3 · Oct 6, 2021 · fdca566 · fdca566
1 parent 77e562f
commit fdca566
Show file tree

Hide file tree

Showing 12 changed files with 266 additions and 243 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 *.json
 !schema.json
-settings.py
+gcp/**
+__pycache__
+.DS_Store
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
@@ -0,0 +1,17 @@
+steps:
+- name: 'gcr.io/cloud-builders/gcloud'
+  waitFor: ['-']
+  id: gcp-role-audit
+  args:
+  - functions
+  - deploy
+  - gcp-role-audit
+  - --region=us-central1
+  - --runtime=python37
+  - --memory=256MB
+  - --source=.
+  - --trigger-http
+  - --service-account=gcp-role-audit@up-eit-ce-production.iam.gserviceaccount.com
+  - --timeout=540
+  - --entry-point=main_http
+  - --set-env-vars=ORGANIZATION_ID=521000005136,APPS_SCRIPT_FOLDER_ID=folders/678208053052,TABLE=UserAudit.gcp_audit
diff --git a/get_folders.py b/get_folders.py
diff --git a/get_folders_native.py b/get_folders_native.py
@@ -0,0 +1,81 @@
+import json
+import base64
+import google.auth
+from google.cloud import resourcemanager_v3
+
+from settings import ORGANIZATION_ID
+
+credentials, project_id = google.auth.default()
+
+def get_reverse_path(folder_id, path):
+    displayName = folders[folder_id]['folder'].display_name
+    parent = folders[folder_id]['folder'].parent
+
+    parts = parent.split('/')
+    type = parts[0]
+    parent_id = parts[1]
+    if type == 'folders':
+        return get_reverse_path(folder_id=parent_id,
+                                path=(path + '/' + displayName))
+    else:
+        return path + '/' + displayName
+    return parent_id
+
+
+def get_proper_path(reverse_path):
+    parts = reverse_path.split('/')
+    parts.reverse()
+
+    path = ''
+    for part in parts:
+        if part:
+            path = path + '/' + part
+
+    return path
+
+
+def get_path(folder_id):
+    displayName = folders[folder_id]['folder'].display_name
+    parent = folders[folder_id]['folder'].parent
+
+    parts = parent.split('/')
+    type = parts[0]
+    parent_id = parts[1]
+    if type != 'folders':
+        return '/' + displayName
+
+    parent_path = folders[parent_id]['path']
+    if parent_path:
+        return parent_path + '/' + displayName
+
+    reverse_path = get_reverse_path(folder_id=folder_id, path='')
+    return get_proper_path(reverse_path=reverse_path)                                                                                                                       
+
+
+def get_folders(folder_id, type_flag='folder'):
+    client = resourcemanager_v3.FoldersClient(credentials=credentials)
+    if (type_flag == 'organization'):
+        folder_list=client.list_folders(parent=f'organizations/{folder_id}').folders
+    else:
+        folder_list=client.list_folders(parent=f'folders/{folder_id}').folders
+
+    for folder in folder_list:
+        name = folder.name
+        id = name.split('/')[1]
+        policy = client.get_iam_policy(resource = name)      
+        folders[id] = {'folder': folder, 'perm': policy}
+        get_folders(folder_id=id)
+
+    return folders
+
+def add_paths():
+    for folder_id in folders:
+
+        #reverse_path = get_reverse_path(folder_id=folder_id, path='')
+        folders[folder_id]['path'] = get_path(folder_id=folder_id)
+
+folders = {}
+folders = get_folders(folder_id=ORGANIZATION_ID, type_flag="organization")
+
+add_paths()
+
diff --git a/get_projects.py b/get_projects.py
diff --git a/get_projects_native.py b/get_projects_native.py
@@ -0,0 +1,42 @@
+
+import get_folders_native 
+import google.auth
+from google.cloud import resourcemanager_v3
+
+credentials, project_id = google.auth.default()
+client = resourcemanager_v3.ProjectsClient(credentials=credentials)
+
+from settings import APPS_SCRIPT_FOLDER_ID, EXCLUDED_PROJECTS, ORGANIZATION_ID
+
+
+def init_projects():
+    projects = {}
+    for id, folder in get_folders_native.folders.items():
+        proj_list = client.list_projects(parent=folder['folder'].name).projects
+
+        for proj in proj_list:
+            project_id = proj.project_id
+            if proj.parent != APPS_SCRIPT_FOLDER_ID:
+                projects[project_id] = {
+                    'project': proj
+                }
+    return projects
+
+
+
+def get_iam_policy(project_id):
+    if project_id not in EXCLUDED_PROJECTS:
+        policy = client.get_iam_policy(resource=project_id)
+        return policy
+        #get_iam_policy_cmd = IAM_POLICY_CMD + ' ' + project_id
+        #return json.loads(subprocess.check_output(get_iam_policy_cmd,
+        #                                      shell=True,
+        #                                      stderr=subprocess.STDOUT))
+
+
+projects = init_projects()
+
+for project_id in projects:
+    if 'iam_policy' not in projects[project_id].keys():
+        projects[project_id]['iam_policy'] = get_iam_policy(project_id=projects[project_id]['project'].name)
+        #write_projects(projects=projects)
diff --git a/main.py b/main.py
@@ -0,0 +1,5 @@
+def main_http(request):
+    import owner_report_native
+
+if __name__ == '__main__':
+    main_http(None)
diff --git a/owner_report.py b/owner_report.py