dZddlmZddlmZddlmZddlmZddlmZddl m Z dd d Z ejejjGd d ejZejejj"Gd deZejejj&GddeZy)z:Command to analyze IAM policy in the specified root asset.)absolute_import)division)unicode_literals) client_util)base)flagsz8 Analyzes IAM policies that match a request. a\ To find out which users have been granted the iam.serviceAccounts.actAs permission on a service account, run: $ {command} --organization=YOUR_ORG_ID --full-resource-name=YOUR_SERVICE_ACCOUNT_FULL_RESOURCE_NAME --permissions='iam.serviceAccounts.actAs' To find out which resources a user can access, run: $ {command} --organization=YOUR_ORG_ID --identity='user:u1@foo.com' To find out which roles or permissions a user has been granted on a project, run: $ {command} --organization=YOUR_ORG_ID --full-resource-name=YOUR_PROJECT_FULL_RESOURCE_NAME --identity='user:u1@foo.com' To find out which users have been granted the iam.serviceAccounts.actAs permission on any applicable resources, run: $ {command} --organization=YOUR_ORG_ID --permissions='iam.serviceAccounts.actAs' ) DESCRIPTIONEXAMPLEScBeZdZdZeZejZe dZ dZ y)AnalyzeIamPolicyGAz+Analyzes IAM policies that match a request.ctj|tj|tj|dtj|tj |y)NT)rAddAnalyzerParentArgsAddAnalyzerSelectorsGroupAddAnalyzerOptionsGroup AddAnalyzerConditionContextGroup!AddAnalyzerSavedAnalysisQueryArgsclsparsers 'lib/surface/asset/analyze_iam_policy.pyArgszAnalyzeIamPolicyGA.Args>sJ ' ##F+ !!&$/ **62 ++F3cbtj|j}|j|SN)rAnalyzeIamPolicyClient _API_VERSIONAnalyze)selfargsclients rRunzAnalyzeIamPolicyGA.RunFs'  / /0A0A BF >>$ rN) __name__ __module__ __qualname____doc__ DETAILED_HELP detailed_helprDEFAULT_API_VERSIONr classmethodrr!rrr r 6s,3-00,44 rr c eZdZdZedZy)AnalyzeIamPolicyBETAz9BETA version, Analyzes IAM policies that match a request.c.tj|yr)r rrs rrzAnalyzeIamPolicyBETA.ArgsOsF#rNr"r#r$r%r)rr*rrr,r,KsA$$rr,c eZdZdZedZy)AnalyzeIamPolicyALPHAz:ALPHA version, Analyzes IAM policies that match a request.ctj|tj|}tj|yr)r,rrGetOrAddOptionGroup(AddAnalyzerIncludeDenyPolicyAnalysisArgs)rr options_groups rrzAnalyzeIamPolicyALPHA.ArgsXs0f%--f5M 22=ArNr.r*rrr0r0TsBBBrr0N)r% __future__rrrgooglecloudsdk.api_lib.assetrgooglecloudsdk.callioper googlecloudsdk.command_lib.assetrr& ReleaseTracks ReleaseTrackGACommandr BETAr,ALPHAr0r*rrr?sA&'4(2    6D%%(()  * (D%%**+$-$,$D%%++, B0 B- Br