{"id":20002964,"url":"https://github.com/zefdelgadillo/policy-parser","last_synced_at":"2025-09-03T13:33:37.727Z","repository":{"id":42007226,"uuid":"480977135","full_name":"zefdelgadillo/policy-parser","owner":"zefdelgadillo","description":"🕵️‍♂️ Google Cloud IAM policy document parser ","archived":false,"fork":false,"pushed_at":"2022-04-19T01:11:57.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-12T19:19:28.652Z","etag":null,"topics":["google","google-cloud","iam"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zefdelgadillo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-12T21:23:27.000Z","updated_at":"2022-04-13T05:25:58.000Z","dependencies_parsed_at":"2022-08-12T02:10:38.544Z","dependency_job_id":null,"html_url":"https://github.com/zefdelgadillo/policy-parser","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zefdelgadillo%2Fpolicy-parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zefdelgadillo%2Fpolicy-parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zefdelgadillo%2Fpolicy-parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zefdelgadillo%2Fpolicy-parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zefdelgadillo","download_url":"https://codeload.github.com/zefdelgadillo/policy-parser/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241441095,"owners_count":19963356,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["google","google-cloud","iam"],"created_at":"2024-11-13T05:23:50.749Z","updated_at":"2025-03-02T00:23:05.890Z","avatar_url":"https://github.com/zefdelgadillo.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Policy Parser\nEasily parse and filter yaml or json-based Google Cloud Platform (GCP) IAM policy documents.\n\n```bash\n$ gcloud projects get-iam-policy my-project | pparse -o table\nprincipal_type    principal                                                                    role\n----------------  ---------------------------------------------------------------------------  ------------------------------------\nserviceAccount    555555555555@cloudbuild.gserviceaccount.com                                  roles/cloudbuild.builds.builder\ngroup             tech-dev-team@company.com                                                    roles/cloudbuild.builds.editor\nserviceAccount    service-555555555555@gcp-sa-cloudbuild.iam.gserviceaccount.com               roles/cloudbuild.serviceAgent\nserviceAccount    service-555555555555@gcp-sa-computescanning.iam.gserviceaccount.com          roles/computescanning.serviceAgent\ngroup             tech-dev-managers@company.com                                                roles/owner\nuser              annbaker@company.com                                                         roles/storage.admin\nuser              louiefranco@company.com                                                      roles/storage.admin\nuser              annbaker@company.com                                                         roles/storage.objectAdmin\nuser              louiefranco@company.com                                                      roles/storage.objectAdmin\ngroup             tech-all@company.com                                                         roles/viewer\ngroup             tech-dev-team@company.com                                                    roles/viewer\n```\n\n## Installation\n```\n# Requires Python \u003e= 3.8\npip install pparse\n```\n\n## Usage\n### Parse\nPass in a policy document into `pparse` directly from gcloud and select an output format using `--output-format`.\n\n```bash \n$ gcloud projects get-iam-policy my-project | pparse --output-format csv\n```\n* csv\n* table\n* json\n* yaml\n\n\n### Filters\nYou can filter policy documents by using one of the following commands. Use the `-s` flag to return a simple list of users or roles.\n\n#### Filter by User Principal: `pparse principal`\n```bash\n$ gcloud ... | pparse principal louiefranco@company.com -s\nroles/owner\nroles/storage.admin\nroles/storage.objectAdmin\n```\n\n#### Filter by Role `pparse role`\n```bash\n$ gcloud ... | pparse role roles/owner -s\ngroup:tech-code-guidance@company.com\ngroup:tech-dev-managers@company.com\nuser:annbaker@company.com\nuser:jimmyjohn@company.com\nuser:louiefranco@company.com\nuser:rhondaseltzer@company.com\n```\n\n#### Filter by Domain `pparse domain`\n```bash\n$ gcloud ... | pparse domain company.com\nbindings:\n- members:\n  - group:tech-dev-team@company.com\n  role: roles/cloudbuild.builds.editor\n- members:\n  - group:tech-code-guidance@company.com\n  - group:tech-dev-managers@company.com\n  - user:annbaker@company.com\n  - user:jimmyjohn@company.com\n  - user:louiefranco@company.com\n  - user:rhondaseltzer@company.com\n  role: roles/owner\n```\n\n#### Filter by Principal Type `pparse type`\n```bash\n$ gcloud ... | pparse -o csv type serviceaccount\nprincipal_type,principal,role\nserviceAccount,555555555555@cloudbuild.gserviceaccount.com,roles/cloudbuild.builds.builder\nserviceAccount,service-555555555555@gcp-sa-cloudbuild.iam.gserviceaccount.com,roles/cloudbuild.serviceAgent\nserviceAccount,service-555555555555@compute-system.iam.gserviceaccount.com,roles/compute.serviceAgent\nserviceAccount,service-555555555555@gcp-sa-computescanning.iam.gserviceaccount.com,roles/computescanning.serviceAgent\nserviceAccount,service-555555555555@container-engine-robot.iam.gserviceaccount.com,roles/container.serviceAgent\n```\n\n#### Filter by Permission `pparse permission`\n```bash\n$ gcloud ... | pparse -o table permission storage.objects.get\nprincipal_type    principal                                                                    role\n----------------  ---------------------------------------------------------------------------  ------------------------------------\nserviceAccount    555555555555@cloudbuild.gserviceaccount.com                                  roles/cloudbuild.builds.builder\nserviceAccount    service-555555555555@gcp-sa-cloudbuild.iam.gserviceaccount.com               roles/cloudbuild.serviceAgent\nserviceAccount    service-555555555555@container-analysis.iam.gserviceaccount.com              roles/containeranalysis.ServiceAgent\nserviceAccount    service-555555555555@dataflow-service-producer-prod.iam.gserviceaccount.com  roles/dataflow.serviceAgent\nserviceAccount    service-555555555555@gcp-sa-datamigration.iam.gserviceaccount.com            roles/datamigration.serviceAgent\nserviceAccount    service-555555555555@firebase-rules.iam.gserviceaccount.com                  roles/firebaserules.system\nserviceAccount    service-555555555555@gcp-sa-firestore.iam.gserviceaccount.com                roles/firestore.serviceAgent\nuser              annbaker@company.com                                                         roles/storage.admin\nuser              louiefranco@company.com                                                      roles/storage.admin\nuser              annbaker@company.com                                                         roles/storage.objectAdmin\nuser              louiefranco@company.com                                                      roles/storage.objectAdmin\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzefdelgadillo%2Fpolicy-parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzefdelgadillo%2Fpolicy-parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzefdelgadillo%2Fpolicy-parser/lists"}