def generate_modified_policy()

in terraform-modules/cloud-functions/src/provide-project-permissions/main.py [0:0]

• 13 lines of code
• 4 McCabe index (conditional complexity)

def generate_modified_policy(policy, role, member):
  """Function to generate the new policy of the organization.
  Args:
      policy (string); IAM policy of the organization.
      role (string); IAM role that needs to be added to the policy for the given member.
      member (string); Service Account which needs to be added for the roles in the policy.

  Returns:
      policy (dict); new IAM policy of the organization.
  """
  from google.oauth2 import service_account
  import googleapiclient.discovery
  role_binding_exists = 0
  #If role binding exists, add a member
  for b in policy['bindings']:
    if b["role"] == role:
      b["members"].append('serviceAccount:' + member)
      role_binding_exists = 1
      break
  #If role binding doesnt exists, add one
  if role_binding_exists == 0:
    binding = {"role": role, "members": ['serviceAccount:' + member]}
    policy["bindings"].append(binding)

  return policy