Skip to content

configs

Contains classes representing user provided configs for different levels (group, env, bucket/role) of the wanted iam bindings.

AuthGroupIAMConfig

Bases: BaseModel

Represents IAM config for one auth group.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
class AuthGroupIAMConfig(BaseModel):
    """Represents IAM config for one auth group."""

    name: str
    shortname: str
    envs: List[EnvironmentIAMConfig]

    def combine(self) -> None:
        """Combine EnvironmentIAMConfigs if they are the same env."""
        combined_envs = []
        same_env = igroupby(self.envs, lambda e: e.name)
        for env, confs in same_env.items():
            buckets: List[BucketIAMConfig] = []
            roles: List[RoleIAMConfig] = []
            for conf in confs:
                buckets = buckets + conf.buckets
                roles = roles + conf.roles
            combined_envs.append(EnvironmentIAMConfig(name=env, buckets=buckets, roles=roles))

        self.envs = combined_envs

combine()

Combine EnvironmentIAMConfigs if they are the same env.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
64
65
66
67
68
69
70
71
72
73
74
75
76
def combine(self) -> None:
    """Combine EnvironmentIAMConfigs if they are the same env."""
    combined_envs = []
    same_env = igroupby(self.envs, lambda e: e.name)
    for env, confs in same_env.items():
        buckets: List[BucketIAMConfig] = []
        roles: List[RoleIAMConfig] = []
        for conf in confs:
            buckets = buckets + conf.buckets
            roles = roles + conf.roles
        combined_envs.append(EnvironmentIAMConfig(name=env, buckets=buckets, roles=roles))

    self.envs = combined_envs

BucketIAMConfig

Bases: BaseModel

Represents one bucket IAM binding.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
13
14
15
16
17
18
19
20
21
22
23
24
25
26
class BucketIAMConfig(BaseModel):
    """Represents one bucket IAM binding."""

    name: str
    access: str
    expiry: Expiry

    def identifier(self) -> Tuple[str, str]:
        """A bucket config is identified by its name and access type."""
        return (self.name, self.access)

    def sorter(self) -> str:
        """Sort bucket configs based on the expiry timestamp."""
        return self.expiry.timestamp

identifier()

A bucket config is identified by its name and access type.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
20
21
22
def identifier(self) -> Tuple[str, str]:
    """A bucket config is identified by its name and access type."""
    return (self.name, self.access)

sorter()

Sort bucket configs based on the expiry timestamp.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
24
25
26
def sorter(self) -> str:
    """Sort bucket configs based on the expiry timestamp."""
    return self.expiry.timestamp

EnvironmentIAMConfig

Bases: BaseModel

Represents IAM Config for one environment for one auth group.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
44
45
46
47
48
49
50
51
52
53
54
class EnvironmentIAMConfig(BaseModel):
    """Represents IAM Config for one environment for one auth group."""

    name: str
    buckets: List[BucketIAMConfig]
    roles: List[RoleIAMConfig]

    def combine(self) -> None:
        """Combine buckets and roles if they share the same name, and choose the one with the longest expiry."""
        self.buckets = combine_and_maximize(self.buckets)
        self.roles = combine_and_maximize(self.roles)

combine()

Combine buckets and roles if they share the same name, and choose the one with the longest expiry.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
51
52
53
54
def combine(self) -> None:
    """Combine buckets and roles if they share the same name, and choose the one with the longest expiry."""
    self.buckets = combine_and_maximize(self.buckets)
    self.roles = combine_and_maximize(self.roles)

IAMBindingConfig

Bases: BaseModel

Represents the overall IAM binding config to commit.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
class IAMBindingConfig(BaseModel):
    """Represents the overall IAM binding config to commit."""

    team_name: str
    auth_groups: List[AuthGroupIAMConfig]
    rationale: str

    def combine(self) -> None:
        """Combine multiple AuthGroupIAMConfigs into a single one if they represent the same auth group."""
        combined_groups = []

        same_group = igroupby(self.auth_groups, lambda g: (g.name, g.shortname))
        for group, confs in same_group.items():
            envs: List[EnvironmentIAMConfig] = []
            for conf in confs:
                envs = envs + conf.envs
            combined_groups.append(AuthGroupIAMConfig(name=group[0], shortname=group[1], envs=envs))

        self.auth_groups = combined_groups

combine()

Combine multiple AuthGroupIAMConfigs into a single one if they represent the same auth group.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
86
87
88
89
90
91
92
93
94
95
96
97
def combine(self) -> None:
    """Combine multiple AuthGroupIAMConfigs into a single one if they represent the same auth group."""
    combined_groups = []

    same_group = igroupby(self.auth_groups, lambda g: (g.name, g.shortname))
    for group, confs in same_group.items():
        envs: List[EnvironmentIAMConfig] = []
        for conf in confs:
            envs = envs + conf.envs
        combined_groups.append(AuthGroupIAMConfig(name=group[0], shortname=group[1], envs=envs))

    self.auth_groups = combined_groups

RoleIAMConfig

Bases: BaseModel

Represents one project role IAM binding.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
29
30
31
32
33
34
35
36
37
38
39
40
41
class RoleIAMConfig(BaseModel):
    """Represents one project role IAM binding."""

    role: GCPRole
    expiry: Expiry

    def identifier(self) -> GCPRole:
        """A role config is identified by its role."""
        return self.role

    def sorter(self) -> str:
        """Sort role configs based on the expiry timestamp."""
        return self.expiry.timestamp

identifier()

A role config is identified by its role.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
35
36
37
def identifier(self) -> GCPRole:
    """A role config is identified by its role."""
    return self.role

sorter()

Sort role configs based on the expiry timestamp.

Source code in dapla_team_cli/tf/iam_bindings/configs.py 
39
40
41
def sorter(self) -> str:
    """Sort role configs based on the expiry timestamp."""
    return self.expiry.timestamp