Python查询的筛选结果

from pprint import pprint from googleapiclient import discovery from oauth2client.client import GoogleCredentials credentials = GoogleCredentials.get_application_default() service = discovery.build('cloudresourcemanager', 'v1', credentials=credentials) # REQUIRED: The resource for which the policy is being requested. # See the operation documentation for the appropriate value for this field. resource = 'my-resource' # TODO: Update placeholder value. get_iam_policy_request_body = { # TODO: Add desired entries to the request body. } request = service.projects().getIamPolicy(resource=resource, body=get_iam_policy_request_body) response = request.execute() pprint(response)

"version": 1, "etag": "VfRwfrGwlFjdc=", "bindings": [ { "role": "roles/cloudasset.serviceAgent", "members": [ "serviceAccount:service-999999999999@gcp-sa-cloudasset.iam.gserviceaccount.com" ] }, { "role": "roles/cloudbuild.builds.builder", "members": [ "serviceAccount:999999999999@cloudbuild.gserviceaccount.com" ] }, { "role": "roles/cloudbuild.serviceAgent", "members": [ "serviceAccount:service-999999999999@gcp-sa-cloudbuild.iam.gserviceaccount.com" ] }, { "role": "roles/cloudfunctions.serviceAgent", "members": [ "serviceAccount:service-999999999999@gcf-admin-robot.iam.gserviceaccount.com" ] }, { "role": "roles/cloudsql.client", "members": [ "serviceAccount:myproject-backup@myproject.iam.gserviceaccount.com" ] }, { "role": "roles/compute.serviceAgent", "members": [ "serviceAccount:service-999999999999@compute-system.iam.gserviceaccount.com" ] }, { "role": "roles/container.serviceAgent", "members": [ "serviceAccount:service-999999999999@container-engine-robot.iam.gserviceaccount.com" ] }, { "role": "roles/containeranalysis.ServiceAgent", "members": [ "serviceAccount:service-999999999999@container-analysis.iam.gserviceaccount.com" ] }, { "role": "roles/containerscanning.ServiceAgent", "members": [ "serviceAccount:service-999999999999@gcp-sa-containerscanning.iam.gserviceaccount.com" ] }, { "role": "roles/containerthreatdetection.serviceAgent", "members": [ "serviceAccount:service-999999999999@gcp-sa-ktd-control.iam.gserviceaccount.com" ] }, { "role": "roles/editor", "members": [ "serviceAccount:999999999999-compute@developer.gserviceaccount.com", "serviceAccount:999999999999@cloudservices.gserviceaccount.com", "serviceAccount:myproject@appspot.gserviceaccount.com", "serviceAccount:service-999999999999@containerregistry.iam.gserviceaccount.com" ] }, { "role": "roles/owner", "members": [ "serviceAccount:terraform@myproject.iam.gserviceaccount.com", "user:myuser@acme.com" ] }, { "role": "roles/servicenetworking.serviceAgent", "members": [ "serviceAccount:service-999999999999@service-networking.iam.gserviceaccount.com" ] }, { "role": "roles/websecurityscanner.serviceAgent", "members": [ "serviceAccount:service-999999999999@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ] } ] }

3条回答

网友

1楼 · 编辑于 2024-04-26 22:08:48

response是一个dict，其中包含一个名为'bindings'的键，它是dict的列表。DICT可以通过[]访问，列表可以通过python核心库中的filter过滤

把这些放在一起，你可以做到：

members = list(filter(lambda x: x['role'] == 'roles/owner', response['bindings']))[0]['members']

网友

2楼 · 编辑于 2024-04-26 22:08:48

请在现有代码中添加以下行：

roleList = response['bindings']

for role in roleList:
    for k, v in role.items():
        if v == "roles/owner":
            print(role)

网友

3楼 · 编辑于 2024-04-26 22:08:48

如果您搜索IAM策略，我建议您使用Asset Inventory Search IAM policies。您可以在命令行中使用它，如下所示：

gcloud asset search-all-iam-policies  query="policy: roles/owner"

在python代码中like this

from google.cloud import asset_v1

scope = 'projects/gbl-imt-homerider-basguillaueb'
query = 'policy: roles/owner'

client = asset_v1.AssetServiceClient()
response = client.search_all_iam_policies(scope,query=query)
for page in response.pages:
    for policy in page:
        print(policy)
    break

相关问题更多 >

编程相关推荐

热门问题

热门文章