Python and GCP getIamPolicy for a project

Question

I am trying to get a list of users and their access for a project.

Http doesn't work as we're behind a firewall and I just get a response not ready error.

I have some code ...

import google.cloud.resource_manager

keyfile="xxxxx.json"
client = google.cloud.resource_manager.client.Client.from_service_account_json(keyfile)

for project in client.list_projects():
    print("%s, %s" % (project.project_id, project.status))    # Works Fine
    print project.getIamPolicy()

The first print statement works but I can't find the correct syntax for getIamPolicy although it does seem to be possible according to documentation.

If any one else have done this, can you supply me with the full syntax?

I wish to do this from within a python script, not using the command line or sub processes.

Thanks, Ian

Answer 1

You can use the following:

Install the client library.

pip install --upgrade google-api-python-client google-auth google-auth-httplib2

And use the following code to list all the users and their role on the project, just update PROJECT_ID with the project ID you want to check and xxxxxx.json with your credentials.

from google.oauth2 import service_account
import googleapiclient.discovery

credentials = service_account.Credentials.from_service_account_file(
    filename='xxxxxx.json',
    scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
    'cloudresourcemanager', 'v1', credentials=credentials)

response = service.projects().getIamPolicy(resource=PROJECT_ID, body={}).execute()
print response

For more references you can the check the following documentation.