Skip to content

Commit c65bb2c

Browse files
matthyxmatthyx
authored
Merge pull request #52 from basit9958/get-IAM-GCP
add method to retrieve roles and service accounts
2 parents 26d475c + 1d5d11d commit c65bb2c

File tree

3 files changed

+71
-1
lines changed

3 files changed

+71
-1
lines changed

cloudsupport/v1/gkesupport.go

+64
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ import (
99
container "cloud.google.com/go/container/apiv1"
1010
"github.com/kubescape/k8s-interface/k8sinterface"
1111
"golang.org/x/oauth2/google"
12+
"google.golang.org/api/iam/v1"
13+
"google.golang.org/api/option"
1214
containerpb "google.golang.org/genproto/googleapis/container/v1"
1315
)
1416

@@ -18,6 +20,7 @@ type IGKESupport interface {
1820
GetProject(cluster string) (string, error)
1921
GetRegion(cluster string) (string, error)
2022
GetContextName(cluster string) string
23+
GetIAMMappings(project string) (map[string]string, map[string]string, error)
2124
}
2225
type GKESupport struct {
2326
}
@@ -111,3 +114,64 @@ func (gkeSupport *GKESupport) GetContextName(cluster string) string {
111114
}
112115
return parsedName[3]
113116
}
117+
118+
// GetIAMMappings returns iam-roles and service accounts
119+
func (gkeSupport *GKESupport) GetIAMMappings(project string) (map[string]string, map[string]string, error) {
120+
ctx := context.Background()
121+
client, err := google.DefaultClient(ctx, iam.CloudPlatformScope)
122+
if err != nil {
123+
return nil, nil, fmt.Errorf("failed to create Google Cloud client: %w", err)
124+
}
125+
if err != nil {
126+
return nil, nil, fmt.Errorf("failed to create Google Cloud client: %w", err)
127+
}
128+
129+
iamService, err := iam.NewService(ctx, option.WithHTTPClient(client))
130+
if err != nil {
131+
return nil, nil, fmt.Errorf("failed to create IAM service client: %w", err)
132+
}
133+
134+
roleMappings := make(map[string]string)
135+
saMappings := make(map[string]string)
136+
137+
roleIterator, err := iamService.Projects.Roles.List("projects/" + project).Do()
138+
if err != nil {
139+
return nil, nil, fmt.Errorf("failed to retrieve roles: %w", err)
140+
}
141+
for {
142+
for _, role := range roleIterator.Roles {
143+
roleMappings[role.Name] = role.Title
144+
}
145+
146+
if roleIterator.NextPageToken == "" {
147+
break
148+
}
149+
150+
roleIterator, err = iamService.Projects.Roles.List("projects/" + project).PageToken(roleIterator.NextPageToken).Do()
151+
if err != nil {
152+
return nil, nil, fmt.Errorf("failed to retrieve roles: %w", err)
153+
}
154+
}
155+
156+
saIterator, err := iamService.Projects.ServiceAccounts.List("projects/" + project).Do()
157+
if err != nil {
158+
return nil, nil, fmt.Errorf("failed to retrieve service accounts: %w", err)
159+
}
160+
for {
161+
162+
for _, sa := range saIterator.Accounts {
163+
saMappings[sa.Name] = sa.Name
164+
}
165+
166+
if saIterator.NextPageToken == "" {
167+
break
168+
}
169+
170+
saIterator, err = iamService.Projects.ServiceAccounts.List("projects/" + project).PageToken(saIterator.NextPageToken).Do()
171+
if err != nil {
172+
return nil, nil, fmt.Errorf("failed to retrieve service accounts: %w", err)
173+
}
174+
}
175+
176+
return roleMappings, saMappings, nil
177+
}

cloudsupport/v1/gkesupportmock.go

+4
Original file line numberDiff line numberDiff line change
@@ -51,3 +51,7 @@ func (gkeSupportM *GKESupportMock) GetContextName(cluster string) string {
5151
}
5252
return parsedName[3]
5353
}
54+
55+
func (gkeSupportM *GKESupportMock) GetIAMMappings(project string) (map[string]string, map[string]string, error) {
56+
return nil, nil, nil
57+
}

go.mod

+3-1
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ require (
4242
github.com/cespare/xxhash/v2 v2.3.0 // indirect
4343
github.com/cilium/cilium v1.16.6 // indirect
4444
github.com/fatih/color v1.17.0 // indirect
45+
github.com/felixge/httpsnoop v1.0.4 // indirect
4546
github.com/francoispqt/gojay v1.2.13 // indirect
4647
github.com/fsnotify/fsnotify v1.8.0 // indirect
4748
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -92,6 +93,7 @@ require (
9293
go.mongodb.org/mongo-driver v1.17.1 // indirect
9394
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
9495
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
96+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
9597
go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0 // indirect
9698
go.opentelemetry.io/otel v1.33.0 // indirect
9799
go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.41.0 // indirect
@@ -169,7 +171,7 @@ require (
169171
golang.org/x/term v0.27.0 // indirect
170172
golang.org/x/text v0.21.0 // indirect
171173
golang.org/x/time v0.8.0 // indirect
172-
google.golang.org/api v0.171.0 // indirect
174+
google.golang.org/api v0.171.0
173175
google.golang.org/grpc v1.69.0 // indirect
174176
google.golang.org/protobuf v1.35.2 // indirect
175177
gopkg.in/inf.v0 v0.9.1 // indirect

0 commit comments

Comments
 (0)