137 lines
5.1 KiB
Python
137 lines
5.1 KiB
Python
# -*- coding: utf-8 -*- #
|
|
# Copyright 2020 Google LLC. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""Access approval settings API helper."""
|
|
|
|
from __future__ import absolute_import
|
|
from __future__ import division
|
|
from __future__ import unicode_literals
|
|
|
|
from googlecloudsdk.api_lib.util import apis
|
|
|
|
|
|
def Delete(name):
|
|
"""Delete the access approval settings for a resource."""
|
|
client = apis.GetClientInstance('accessapproval', 'v1')
|
|
msgs = apis.GetMessagesModule('accessapproval', 'v1')
|
|
|
|
if 'organizations/' in name:
|
|
req = msgs.AccessapprovalOrganizationsDeleteAccessApprovalSettingsRequest(
|
|
name=name
|
|
)
|
|
return client.organizations.DeleteAccessApprovalSettings(req)
|
|
if 'folders/' in name:
|
|
req = msgs.AccessapprovalFoldersDeleteAccessApprovalSettingsRequest(
|
|
name=name
|
|
)
|
|
return client.folders.DeleteAccessApprovalSettings(req)
|
|
|
|
req = msgs.AccessapprovalProjectsDeleteAccessApprovalSettingsRequest(
|
|
name=name
|
|
)
|
|
return client.projects.DeleteAccessApprovalSettings(req)
|
|
|
|
|
|
def Get(name):
|
|
"""Get the access approval settings for a resource."""
|
|
client = apis.GetClientInstance('accessapproval', 'v1')
|
|
msgs = apis.GetMessagesModule('accessapproval', 'v1')
|
|
|
|
if 'organizations/' in name:
|
|
req = msgs.AccessapprovalOrganizationsGetAccessApprovalSettingsRequest(
|
|
name=name
|
|
)
|
|
return client.organizations.GetAccessApprovalSettings(req)
|
|
if 'folders/' in name:
|
|
req = msgs.AccessapprovalFoldersGetAccessApprovalSettingsRequest(name=name)
|
|
return client.folders.GetAccessApprovalSettings(req)
|
|
|
|
req = msgs.AccessapprovalProjectsGetAccessApprovalSettingsRequest(name=name)
|
|
return client.projects.GetAccessApprovalSettings(req)
|
|
|
|
|
|
def Update(
|
|
name,
|
|
notification_emails,
|
|
enrolled_services,
|
|
active_key_version,
|
|
preferred_request_expiration_days,
|
|
prefer_no_broad_approval_requests,
|
|
notification_pubsub_topic,
|
|
request_scope_max_width_preference,
|
|
require_customer_visible_justification,
|
|
approval_policy,
|
|
update_mask,
|
|
):
|
|
"""Update the access approval settings for a resource.
|
|
|
|
Args:
|
|
name: the settings resource name (e.g. projects/123/accessApprovalSettings)
|
|
notification_emails: list of email addresses
|
|
enrolled_services: list of services
|
|
active_key_version: KMS signing key version resource name
|
|
preferred_request_expiration_days: the default expiration time for approval
|
|
requests
|
|
prefer_no_broad_approval_requests: communicates the preference to Google
|
|
personnel to request access with as targeted a resource scope as possible
|
|
notification_pubsub_topic: A pubsub topic to which notifications relating to
|
|
approval requests should be sent
|
|
request_scope_max_width_preference: specifies broadest scope of access for
|
|
access requests without a specific method
|
|
require_customer_visible_justification: to configure if a customer visible
|
|
justification (i.e. Vector Case) is required for a Googler to create an
|
|
Access Ticket to send to the customer when attempting to access customer
|
|
resources.
|
|
approval_policy: the policy for approving requests
|
|
update_mask: which fields to update
|
|
|
|
Returns:
|
|
updated settings
|
|
"""
|
|
client = apis.GetClientInstance('accessapproval', 'v1')
|
|
msgs = apis.GetMessagesModule('accessapproval', 'v1')
|
|
|
|
settings = None
|
|
services_protos = [
|
|
msgs.EnrolledService(cloudProduct=s) for s in enrolled_services
|
|
]
|
|
settings = msgs.AccessApprovalSettings(
|
|
name=name,
|
|
enrolledServices=services_protos,
|
|
notificationEmails=notification_emails,
|
|
activeKeyVersion=active_key_version,
|
|
preferredRequestExpirationDays=preferred_request_expiration_days,
|
|
preferNoBroadApprovalRequests=prefer_no_broad_approval_requests,
|
|
notificationPubsubTopic=notification_pubsub_topic,
|
|
requestScopeMaxWidthPreference=request_scope_max_width_preference,
|
|
requireCustomerVisibleJustification=require_customer_visible_justification,
|
|
approvalPolicy=approval_policy,
|
|
)
|
|
|
|
if 'organizations/' in name:
|
|
req = msgs.AccessapprovalOrganizationsUpdateAccessApprovalSettingsRequest(
|
|
name=name, accessApprovalSettings=settings, updateMask=update_mask
|
|
)
|
|
return client.organizations.UpdateAccessApprovalSettings(req)
|
|
if 'folders/' in name:
|
|
req = msgs.AccessapprovalFoldersUpdateAccessApprovalSettingsRequest(
|
|
name=name, accessApprovalSettings=settings, updateMask=update_mask
|
|
)
|
|
return client.folders.UpdateAccessApprovalSettings(req)
|
|
|
|
req = msgs.AccessapprovalProjectsUpdateAccessApprovalSettingsRequest(
|
|
name=name, accessApprovalSettings=settings, updateMask=update_mask
|
|
)
|
|
return client.projects.UpdateAccessApprovalSettings(req)
|