def main()

in tools/permission-discrepancy-finder/permission_discrepancy_finder.py [0:0]

• 82 lines of code
• 6 McCabe index (conditional complexity)

def main():
    parser = argparse.ArgumentParser(
        description="Find prinicipals having missing permissions.")
    parser.add_argument(
        "--organization",
        required=True,
        type=str,
        help=
        "Enter the organization id in the format organizations/[ORGANIZATION_ID]."
    )
    parser.add_argument(
        "--resource",
        required=False,
        type=str,
        default='"*-compute@developer.gserviceaccount.com*"',
        help="Enter the query for the resouce for which to check the discrepancy."
        " For more detail about how to construct a query for a resource, see"
        " https://cloud.google.com/asset-inventory/docs/query-syntax ")
    parser.add_argument(
        "--project_permissions",
        required=True,
        type=str,
        help=
        "Enter the project's permissions that a user should have on project.")
    parser.add_argument(
        "--resource_permissions",
        required=True,
        type=str,
        help=
        "Enter the resouce's permissions that a user should have on project.")
    parser.add_argument(
        "--project_ids_location",
        type=str,
        default="",
        help=
        "Location of json file containing project ids for which the discrepancy should be checked."
    )
    parser.add_argument(
        "--service_account_file_path",
        required=True,
        type=str,
        help="Enter the location of service account key for getting credentials."
    )
    parser.add_argument("--to_json",
                        type=str,
                        nargs="?",
                        default="",
                        help="Enter the json file name to store the data.")
    parser.add_argument(
        "--log",
        type=str,
        nargs="?",
        default="INFO",
        help="Enter the log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)")

    args = parser.parse_args()

    numeric_level = getattr(logging, args.log.upper(), None)
    if not isinstance(numeric_level, int):
        raise ValueError("Invalid log level: %s" % args.log)
    logging.basicConfig(format="%(levelname)s[%(asctime)s]:%(message)s",
                        level=numeric_level)

    sa_credentials = service_account.Credentials.from_service_account_file(
        args.service_account_file_path, scopes=SCOPES)

    project_permissions = [
        p.strip() for p in args.project_permissions.split(",")
    ]
    resource_permissions = [
        p.strip() for p in args.resource_permissions.split(",")
    ]
    if args.project_ids_location:
        project_ids = json.load(args.project_ids_location)["project_ids"]
    else:
        project_ids = []

    all_projects = get_projects(args.organization, project_permissions,
                                resource_permissions, args.resource,
                                sa_credentials)

    filtered_projects = combine_projects_with_given_projects(
        all_projects, project_ids)

    if not args.to_json:
        print(filtered_projects)
    else:
        writefile(filtered_projects, args.to_json)
        print("The output of the script is in " + args.to_json)