FdZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l mZd Zd d d Zej"ej$j&Gddej(Zej"ej$j,GddeZej"ej$j0GddeZy)zICommand to analyze IAM policy asynchronously in the specified root asset.)absolute_import)division)unicode_literals) client_util)base)flags)utils)logz gcloud asset operations describez Analyzes IAM policies that match a request asynchronously and writes the results to Google Cloud Storage or BigQuery destination. a To find out which users have been granted the iam.serviceAccounts.actAs permission on a service account, and write analysis results to Google Cloud Storage, run: $ {command} --organization=YOUR_ORG_ID --full-resource-name=YOUR_SERVICE_ACCOUNT_FULL_RESOURCE_NAME --permissions='iam.serviceAccounts.actAs' --gcs-output-path='gs://YOUR_BUCKET_NAME/YOUR_OBJECT_NAME' To find out which resources a user can access, and write analysis results to Google Cloud Storage, run: $ {command} --organization=YOUR_ORG_ID --identity='user:u1@foo.com' --gcs-output-path='gs://YOUR_BUCKET_NAME/YOUR_OBJECT_NAME' To find out which roles or permissions a user has been granted on a project, and write analysis results to BigQuery, run: $ {command} --organization=YOUR_ORG_ID --full-resource-name=YOUR_PROJECT_FULL_RESOURCE_NAME --identity='user:u1@foo.com' --bigquery-dataset='projects/YOUR_PROJECT_ID/datasets/YOUR_DATASET_ID' --bigquery-table-prefix='YOUR_BIGQUERY_TABLE_PREFIX' To find out which users have been granted the iam.serviceAccounts.actAs permission on any applicable resources, and write analysis results to BigQuery, run: $ {command} --organization=YOUR_ORG_ID --permissions='iam.serviceAccounts.actAs' --bigquery-dataset='projects/YOUR_PROJECT_ID/datasets/YOUR_DATASET_ID' --bigquery-table-prefix='YOUR_BIGQUERY_TABLE_PREFIX' ) DESCRIPTIONEXAMPLESc*eZdZdZeZedZdZy)AnalyzeIamPolicyLongrunningAnalyzes IAM policies that match a request asynchronously and writes the results to Google Cloud Storage or BigQuery destination.ctj|tj|tj|dtj|tj |y)NF)rAddAnalyzerParentArgsAddAnalyzerSelectorsGroupAddAnalyzerOptionsGroup AddAnalyzerConditionContextGroupAddDestinationGroupparsers 3lib/surface/asset/analyze_iam_policy_longrunning.pyArgsz AnalyzeIamPolicyLongrunning.ArgsDsJ ' ##F+ !!&%0 **62 f%crtj|j|j|j}t j }|j||}tjjdtjjdjt|jy)NzAnalyze IAM Policy in progress.z1Use [{} {}] to check the status of the operation.) asset_utils GetParentNameForAnalyzeIamPolicy organizationprojectfolderr"IamPolicyAnalysisLongrunningClientAnalyzer statusPrintformatOPERATION_DESCRIBE_COMMANDname)selfargsparentclient operations rRunzAnalyzeIamPolicyLongrunning.RunLs  9 9 4<<6F  ; ; =Fvt,IJJ67JJHOO"INN45rN) __name__ __module__ __qualname____doc__ DETAILED_HELP detailed_help staticmethodrr-rrrr>s$J-&&5rrc eZdZdZedZy)AnalyzeIamPolicyLongrunningBETArc.tj|yN)rrrs rrz$AnalyzeIamPolicyLongrunningBETA.Args[s$$V,rNr.r/r0r1r4rr5rrr7r7WsJ--rr7c eZdZdZedZy) AnalyzeIamPolicyLongrunningALPHArctj|tj|}tj|yr9)r7rrGetOrAddOptionGroup(AddAnalyzerIncludeDenyPolicyAnalysisArgs)r options_groups rrz%AnalyzeIamPolicyLongrunningALPHA.Argsds0#((0--f5M 22=ArNr:r5rrr<r<`sJBBrr<N)r1 __future__rrrgooglecloudsdk.api_lib.assetrgooglecloudsdk.callioper googlecloudsdk.command_lib.assetrr rgooglecloudsdk.corer r&r2 ReleaseTracks ReleaseTrackGACommandrBETAr7ALPHAr<r5rrrLsP&'4(2A#?   @D%%(()5$,,5*50D%%**+-&A-,-D%%++, B'F B- Br