[英]Filter result of a Python Query
I'm really noob on Python and i'm currently trying to get and filter the result of a get-iam-policy query on GCP by using this:我对 Python 真的很陌生,我目前正在尝试使用以下方法获取和过滤 GCP 上的 get-iam-policy 查询的结果:
from pprint import pprint
from googleapiclient import discovery
from oauth2client.client import GoogleCredentials
credentials = GoogleCredentials.get_application_default()
service = discovery.build('cloudresourcemanager', 'v1', credentials=credentials)
# REQUIRED: The resource for which the policy is being requested.
# See the operation documentation for the appropriate value for this field.
resource = 'my-resource' # TODO: Update placeholder value.
get_iam_policy_request_body = {
# TODO: Add desired entries to the request body.
}
request = service.projects().getIamPolicy(resource=resource, body=get_iam_policy_request_body)
response = request.execute()
pprint(response)
It's working fine and i' getting this kind of result:它工作正常,我得到这样的结果:
"version": 1,
"etag": "VfRwfrGwlFjdc=",
"bindings": [
{
"role": "roles/cloudasset.serviceAgent",
"members": [
"serviceAccount:service-999999999999@gcp-sa-cloudasset.iam.gserviceaccount.com"
]
},
{
"role": "roles/cloudbuild.builds.builder",
"members": [
"serviceAccount:999999999999@cloudbuild.gserviceaccount.com"
]
},
{
"role": "roles/cloudbuild.serviceAgent",
"members": [
"serviceAccount:service-999999999999@gcp-sa-cloudbuild.iam.gserviceaccount.com"
]
},
{
"role": "roles/cloudfunctions.serviceAgent",
"members": [
"serviceAccount:service-999999999999@gcf-admin-robot.iam.gserviceaccount.com"
]
},
{
"role": "roles/cloudsql.client",
"members": [
"serviceAccount:myproject-backup@myproject.iam.gserviceaccount.com"
]
},
{
"role": "roles/compute.serviceAgent",
"members": [
"serviceAccount:service-999999999999@compute-system.iam.gserviceaccount.com"
]
},
{
"role": "roles/container.serviceAgent",
"members": [
"serviceAccount:service-999999999999@container-engine-robot.iam.gserviceaccount.com"
]
},
{
"role": "roles/containeranalysis.ServiceAgent",
"members": [
"serviceAccount:service-999999999999@container-analysis.iam.gserviceaccount.com"
]
},
{
"role": "roles/containerscanning.ServiceAgent",
"members": [
"serviceAccount:service-999999999999@gcp-sa-containerscanning.iam.gserviceaccount.com"
]
},
{
"role": "roles/containerthreatdetection.serviceAgent",
"members": [
"serviceAccount:service-999999999999@gcp-sa-ktd-control.iam.gserviceaccount.com"
]
},
{
"role": "roles/editor",
"members": [
"serviceAccount:999999999999-compute@developer.gserviceaccount.com",
"serviceAccount:999999999999@cloudservices.gserviceaccount.com",
"serviceAccount:myproject@appspot.gserviceaccount.com",
"serviceAccount:service-999999999999@containerregistry.iam.gserviceaccount.com"
]
},
{
"role": "roles/owner",
"members": [
"serviceAccount:terraform@myproject.iam.gserviceaccount.com",
"user:myuser@acme.com"
]
},
{
"role": "roles/servicenetworking.serviceAgent",
"members": [
"serviceAccount:service-999999999999@service-networking.iam.gserviceaccount.com"
]
},
{
"role": "roles/websecurityscanner.serviceAgent",
"members": [
"serviceAccount:service-999999999999@gcp-sa-websecurityscanner.iam.gserviceaccount.com"
]
}
]
}
But I don't know how to to filtering for getting only the members of the "roles/owner" group.但我不知道如何过滤以仅获取“角色/所有者”组的成员。 In my case:就我而言:
{
"role": "roles/owner",
"members": [
"serviceAccount:terraform@myproject.iam.gserviceaccount.com",
"user:myuser@acme.com"
]
}
and put them into a variable for a later print or reuse并将它们放入变量中以供以后打印或重用
is somebody got an idea about how to do that?有人知道如何做到这一点吗?
Have a nice day.祝你今天过得愉快。
If you search IAM policy, I recommend you to use Asset Inventory Search IAM policies .如果您搜索 IAM 策略,我建议您使用Asset Inventory Search IAM 策略。 You can use it in command line like this:您可以像这样在命令行中使用它:
gcloud asset search-all-iam-policies --query="policy: roles/owner"
And in your python code like this在你的 python 代码中
from google.cloud import asset_v1
scope = 'projects/gbl-imt-homerider-basguillaueb'
query = 'policy: roles/owner'
client = asset_v1.AssetServiceClient()
response = client.search_all_iam_policies(scope,query=query)
for page in response.pages:
for policy in page:
print(policy)
break
Please add below lines to your existing code:请将以下几行添加到您现有的代码中:
roleList = response['bindings']
for role in roleList:
for k, v in role.items():
if v == "roles/owner":
print(role)
response
is a dict which contains a key called 'bindings'
, which is a list of dicts. response
是一个字典,其中包含一个名为'bindings'
的键,它是一个字典列表。 Dicts can be accessed with []
and lists can be filtered with filter
from the python core library.可以使用[]
访问字典,并且可以使用来自 python 核心库的过滤filter
列表。
Putting that together, you could do:把它放在一起,你可以这样做:
members = list(filter(lambda x: x['role'] == 'roles/owner', response['bindings']))[0]['members']
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.