in terraform-modules/cloud-functions/src/provide-secrets-permissions/main.py [0:0]
def generate_modified_policy(policy, role, member):
"""Function to generate the new policy of the project.
Args:
policy (string); IAM policy of the project.
role (string); IAM role that needs to be added to the policy for the given member.
member (string); Service Account which needs to be added for the roles in the policy.
Returns:
policy (dict); new IAM policy of the project.
"""
import os
from google.oauth2 import service_account
import googleapiclient.discovery
role_binding_exists = 0
#If role binding exists, add a member
for b in policy['bindings']:
if b["role"] == role:
b["members"].append('serviceAccount:' + member)
role_binding_exists = 1
break
#If role binding doesnt exists, add one
if role_binding_exists == 0:
binding = {"role": role, "members": ['serviceAccount:' + member]}
policy["bindings"].append(binding)
print(policy)
return policy