def launcherperm()

in radlab-launcher/radlab.py [0:0]


def launcherperm(projid, currentusr):
    # Hardcoded Project level required RAD Lab Launcher roles
    launcherprojroles = ['roles/storage.admin', 'roles/serviceusage.serviceUsageConsumer']
    # Hardcoded Org level required RAD Lab Launcher roles
    launcherorgroles = ['roles/iam.organizationRoleViewer']

    credentials = GoogleCredentials.get_application_default()

    service0 = discovery.build('cloudresourcemanager', 'v3', credentials=credentials)
    request0 = service0.projects().getIamPolicy(resource='projects/' + projid)
    response0 = request0.execute()

    projiam = True
    for role in launcherprojroles:
        rolefound = False
        ownerrole = False
        for y in range(len(response0['bindings'])):
            # print("ROLE --->")
            # print(response0['bindings'][y]['role'])
            # print("MEMBERS --->")
            # print(response0['bindings'][y]['members'])

            # Check for Owner role on RAD Lab Management Project
            if (response0['bindings'][y]['role'] == 'roles/owner' and 'user:' + currentusr in response0['bindings'][y]['members']):
                rolefound = True
                ownerrole = True
                print("\n" + currentusr + " has roles/owner role for RAD Lab Management Project: " + projid)
                break
            # Check for Required roles on RAD Lab Management Project
            elif (response0['bindings'][y]['role'] == role):
                rolefound = True
                if ('user:' + currentusr not in response0['bindings'][y]['members']):
                    projiam = False
                    sys.exit(
                        Fore.RED + "\nError Occured - RADLAB LAUNCHER PERMISSION ISSUE | " + role + " permission missing...\n(Review https://github.com/GoogleCloudPlatform/rad-lab/tree/main/radlab-launcher#iam-permissions-prerequisites for more details)\n" + Style.RESET_ALL)
                else:
                    pass

        if rolefound == False:
            sys.exit(
                Fore.RED + "\nError Occured - RADLAB LAUNCHER PERMISSION ISSUE | " + role + " permission missing...\n(Review https://github.com/GoogleCloudPlatform/rad-lab/tree/main/radlab-launcher#iam-permissions-prerequisites for more details)\n" + Style.RESET_ALL)

        if (ownerrole == True):
            break

    if projiam == True:
        print(Fore.GREEN + '\nRADLAB LAUNCHER - Project Permission check passed' + Style.RESET_ALL)

    service1 = discovery.build('cloudresourcemanager', 'v3', credentials=credentials)
    request1 = service1.projects().get(name='projects/' + projid)
    response1 = request1.execute()

    if 'parent' in response1.keys():
        service2 = discovery.build('cloudresourcemanager', 'v3', credentials=credentials)
        org = findorg(response1['parent'])
        request2 = service2.organizations().getIamPolicy(resource=org)
        response2 = request2.execute()

        orgiam = True
        for role in launcherorgroles:
            rolefound = False
            for x in range(len(response2['bindings'])):
                # print("ROLE --->")
                # print(response2['bindings'][x]['role'])
                # print("MEMBERS --->")
                # print(response2['bindings'][x]['members'])
                if (role == response2['bindings'][x]['role']):
                    rolefound = True
                    if ('user:' + currentusr not in response2['bindings'][x]['members']):
                        orgiam = False
                        sys.exit(Fore.RED + "\nError Occured - RADLAB LAUNCHER PERMISSION ISSUE | " + role + " permission missing...\n(Review https://github.com/GoogleCloudPlatform/rad-lab/tree/main/radlab-launcher#iam-permissions-prerequisites for more details)\n" + Style.RESET_ALL)
                    else:
                        pass

            if rolefound == False:
                sys.exit(Fore.RED + "\nError Occured - RADLAB LAUNCHER PERMISSION ISSUE | " + role + " permission missing...\n(Review https://github.com/GoogleCloudPlatform/rad-lab/tree/main/radlab-launcher#iam-permissions-prerequisites for more details)\n" + Style.RESET_ALL)

        if orgiam == True:
            print(Fore.GREEN + '\nRADLAB LAUNCHER - Organization Permission check passed' + Style.RESET_ALL)
    else:
        print(Fore.YELLOW + '\nRADLAB LAUNCHER - Skipping Organization Permission check. No Organization associated with the project: ' + projid + Style.RESET_ALL)