gcp-platforms-auto 0.7.0__py3-none-any.whl → 0.7.5__py3-none-any.whl

gcp_platforms_auto/__init__.py

@@ -1 +1,15 @@
-from .git import get_github_app_token, generate_github_path, get_repo, git_push, create_repo
+from .git import get_github_app_token, generate_github_path, get_repo, git_push, create_repo
+from .db import (
+    get_sql_engine, 
+    execute_query, 
+    cleanup_connector, 
+    create_tables, 
+    save_model, 
+    get_all, 
+    get_by_id, 
+    get_by_filter, 
+    get_one,
+    update_model,
+    delete_model,
+    Base
+)

gcp_platforms_auto/db.py

@@ -0,0 +1,277 @@
+import os
+import logging
+import sqlalchemy
+from sqlalchemy.orm import sessionmaker, scoped_session, declarative_base
+from sqlalchemy import text
+
+# Configure the logger
+logger = logging.getLogger("uvicorn")
+logger.setLevel(logging.INFO)
+
+Base = declarative_base()
+
+def get_sql_engine(db_host, db_user, db_pass, db_name, db_port=5432) -> sqlalchemy.engine.base.Engine:
+    """Initializes a TCP connection pool for a Cloud SQL instance of Postgres.
+    
+    Args:
+        db_host: Database host address (e.g., '127.0.0.1')
+        db_user: Database username
+        db_pass: Database password
+        db_name: Database name
+        db_port: Database port (default: 5432)
+    
+    Returns:
+        SQLAlchemy Engine instance
+    """
+    logger.info(f"Connecting to database '{db_name}' at {db_host}:{db_port}")
+    
+    try:
+        pool = sqlalchemy.create_engine(
+            # Equivalent URL:
+            # postgresql+pg8000://<db_user>:<db_pass>@<db_host>:<db_port>/<db_name>
+            sqlalchemy.engine.url.URL.create(
+                drivername="postgresql+pg8000",
+                username=db_user,
+                password=db_pass,
+                host=db_host,
+                port=db_port,
+                database=db_name,
+            ),
+        )
+        logger.info("Successfully created database connection pool.")
+        return pool
+    except Exception as e:
+        logger.exception(f"Error connecting to database: {str(e)}")
+        raise e
+
+def get_session(engine):
+    """Creates and returns a new session for the provided engine.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+    
+    Returns:
+        SQLAlchemy Session instance
+    """
+    Session = sessionmaker(bind=engine)
+    return Session()
+
+def execute_query(engine, query_str: str, params: dict = None):
+    """Executes a raw SQL query.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+        query_str: SQL query string
+        params: Dictionary of query parameters (optional)
+    
+    Returns:
+        Query result
+    """
+    session = get_session(engine)
+    try:
+        logger.info(f"Executing query: {query_str[:100]}...")
+        result = session.execute(text(query_str), params or {})
+        session.commit()
+        logger.info("Query executed successfully.")
+        return result
+    except Exception as e:
+        session.rollback()
+        logger.exception(f"Error executing query: {str(e)}")
+        raise e
+    finally:
+        session.close()
+
+def create_tables(engine, base_class=Base):
+    """Creates all tables defined in the SQLAlchemy Base metadata.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+        base_class: SQLAlchemy declarative base class (default: Base)
+    """
+    try:
+        logger.info("Creating database tables...")
+        base_class.metadata.create_all(engine)
+        logger.info("Successfully created database tables.")
+    except Exception as e:
+        logger.exception(f"Error creating tables: {str(e)}")
+        raise e
+
+def save_model(engine, model_instance):
+    """Saves a single model instance to the database.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+        model_instance: SQLAlchemy model instance to save
+    
+    Returns:
+        The saved model instance with refreshed data
+    """
+    session = get_session(engine)
+    try:
+        logger.info(f"Saving model instance: {type(model_instance).__name__}")
+        session.add(model_instance)
+        session.commit()
+        session.refresh(model_instance)
+        logger.info("Successfully saved model instance.")
+        return model_instance
+    except Exception as e:
+        session.rollback()
+        logger.exception(f"Error saving model: {str(e)}")
+        raise e
+    finally:
+        session.close()
+
+def get_all(engine, model_class):
+    """Retrieves all records for a given model class.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+        model_class: SQLAlchemy model class
+    
+    Returns:
+        List of all records for the model
+    """
+    session = get_session(engine)
+    try:
+        logger.info(f"Retrieving all records for {model_class.__name__}")
+        results = session.query(model_class).all()
+        logger.info(f"Retrieved {len(results)} records.")
+        return results
+    except Exception as e:
+        logger.exception(f"Error retrieving records: {str(e)}")
+        raise e
+    finally:
+        session.close()
+
+def get_by_id(engine, model_class, record_id):
+    """Retrieves a single record by its primary key ID.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+        model_class: SQLAlchemy model class
+        record_id: Primary key value to search for
+    
+    Returns:
+        Model instance if found, None otherwise
+    """
+    session = get_session(engine)
+    try:
+        logger.info(f"Retrieving {model_class.__name__} with ID: {record_id}")
+        result = session.query(model_class).get(record_id)
+        if result:
+            logger.info(f"Found record with ID: {record_id}")
+        else:
+            logger.info(f"No record found with ID: {record_id}")
+        return result
+    except Exception as e:
+        logger.exception(f"Error retrieving record by ID: {str(e)}")
+        raise e
+    finally:
+        session.close()
+
+def get_by_filter(engine, model_class, **filters):
+    """Retrieves records matching the provided filter criteria.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+        model_class: SQLAlchemy model class
+        **filters: Keyword arguments for filtering (e.g., name="John", age=30)
+    
+    Returns:
+        List of matching records
+    """
+    session = get_session(engine)
+    try:
+        logger.info(f"Filtering {model_class.__name__} with criteria: {filters}")
+        results = session.query(model_class).filter_by(**filters).all()
+        logger.info(f"Found {len(results)} matching records.")
+        return results
+    except Exception as e:
+        logger.exception(f"Error filtering records: {str(e)}")
+        raise e
+    finally:
+        session.close()
+
+def get_one(engine, model_class, **filters):
+    """Retrieves a single record matching the provided filter criteria.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+        model_class: SQLAlchemy model class
+        **filters: Keyword arguments for filtering (e.g., email="user@example.com")
+    
+    Returns:
+        First matching model instance if found, None otherwise
+    """
+    session = get_session(engine)
+    try:
+        logger.info(f"Retrieving single {model_class.__name__} with criteria: {filters}")
+        result = session.query(model_class).filter_by(**filters).first()
+        if result:
+            logger.info(f"Found matching record.")
+        else:
+            logger.info(f"No matching record found.")
+        return result
+    except Exception as e:
+        logger.exception(f"Error retrieving single record: {str(e)}")
+        raise e
+    finally:
+        session.close()
+
+def update_model(engine, model_instance):
+    """Updates an existing model instance in the database.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+        model_instance: SQLAlchemy model instance with updated values
+    
+    Returns:
+        The updated model instance with refreshed data
+    """
+    session = get_session(engine)
+    try:
+        logger.info(f"Updating model instance: {type(model_instance).__name__}")
+        session.merge(model_instance)
+        session.commit()
+        logger.info("Successfully updated model instance.")
+        return model_instance
+    except Exception as e:
+        session.rollback()
+        logger.exception(f"Error updating model: {str(e)}")
+        raise e
+    finally:
+        session.close()
+
+def delete_model(engine, model_instance):
+    """Deletes a model instance from the database.
+    
+    Args:
+        engine: SQLAlchemy Engine instance
+        model_instance: SQLAlchemy model instance to delete
+    """
+    session = get_session(engine)
+    try:
+        logger.info(f"Deleting model instance: {type(model_instance).__name__}")
+        session.delete(model_instance)
+        session.commit()
+        logger.info("Successfully deleted model instance.")
+    except Exception as e:
+        session.rollback()
+        logger.exception(f"Error deleting model: {str(e)}")
+        raise e
+    finally:
+        session.close()
+
+def cleanup_connector(engine):
+    """Disposes the connection pool for the provided engine.
+    
+    Args:
+        engine: SQLAlchemy Engine instance to dispose
+    """
+    try:
+        logger.info("Disposing database connection pool...")
+        engine.dispose()
+        logger.info("Successfully disposed connection pool.")
+    except Exception as e:
+        logger.exception(f"Error disposing connection pool: {str(e)}")
+        raise e

gcp_platforms_auto/iam.py

@@ -0,0 +1,212 @@
+"""IAM access management utilities for GCP."""
+
+import logging
+import google.cloud.logging
+from google.cloud import asset_v1, resourcemanager_v3
+from typing import Optional
+
+# Initialize Google Cloud Logging
+client = google.cloud.logging.Client()
+client.setup_logging()
+
+# Configure the logger
+logger = logging.getLogger("uvicorn")
+logger.setLevel(logging.INFO)
+
+
+def _get_identity_string(email: str) -> str:
+    """
+    Helper function to construct the proper identity string.
+    Automatically detects if the email is a service account or user.
+    
+    Args:
+        email: Email address (user or service account)
+        
+    Returns:
+        str: Properly formatted identity string
+    """
+    if ".gserviceaccount.com" in email.lower():
+        return f"serviceAccount:{email}"
+    else:
+        return f"user:{email}"
+
+
+def check_user_has_role(
+    project_id: str,
+    user_email: str,
+    organization_id: str,
+    role: str = "roles/owner",
+    expand_groups: bool = True
+) -> bool:
+    """
+    Check if a user or service account has a specific role in a GCP project.
+    
+    Args:
+        user_email: Email of the user or service account to check
+                   (e.g., 'oshasha10@dev.sky320.com' or 'my-sa@project.iam.gserviceaccount.com')
+        role: Role to check (e.g., 'roles/owner', 'roles/editor')
+        project_id: GCP project ID (e.g., 'sky-starfi-mam-res-gcpro-1')
+        organization_id: GCP organization ID (e.g., '111111111111')
+        expand_groups: Whether to expand group memberships (default: True)
+        
+    Returns:
+        bool: True if the user/service account has the role in the project, False otherwise
+        
+    Example:
+        >>> has_access = check_user_has_role(
+        ...     user_email='oshasha10@dev.sky320.com',
+        ...     role='roles/owner',
+        ...     project_id='sky-starfi-mam-res-gcpro-1'
+        ... )
+    """
+    client = asset_v1.AssetServiceClient()
+    
+    # Construct the full resource name
+    scope = f"organizations/{organization_id}"
+    full_resource_name = f"//cloudresourcemanager.googleapis.com/projects/{project_id}"
+    identity = _get_identity_string(user_email)
+    
+    # Build the request
+    request = asset_v1.AnalyzeIamPolicyRequest(
+        analysis_query=asset_v1.IamPolicyAnalysisQuery(
+            scope=scope,
+            resource_selector=asset_v1.IamPolicyAnalysisQuery.ResourceSelector(
+                full_resource_name=full_resource_name
+            ),
+            identity_selector=asset_v1.IamPolicyAnalysisQuery.IdentitySelector(
+                identity=identity
+            ),
+            access_selector=asset_v1.IamPolicyAnalysisQuery.AccessSelector(
+                roles=[role]
+            ),
+            options=asset_v1.IamPolicyAnalysisQuery.Options(
+                expand_groups=expand_groups,
+                expand_roles=True,
+                # expand_resources=True
+            )
+        )
+    )
+    
+    try:
+        # Execute the analysis
+        logger.info(f"Checking if {user_email} has role {role} in project {project_id}")
+        response = client.analyze_iam_policy(request=request)
+        
+        # Check if any results were returned
+        # If the user has the role, there will be analysis results
+        if response.main_analysis and response.main_analysis.analysis_results:
+            logger.info(f"{user_email} has role {role} in project {project_id}")
+            return True
+        
+        logger.info(f"{user_email} does not have role {role} in project {project_id}")
+        return False
+        
+    except Exception as e:
+        logger.exception(f"Error analyzing IAM policy: {e}")
+        raise
+
+
+def _get_all_folders_recursive(parent: str, folders_client) -> list:
+    """
+    Recursively get all folders under a parent (organization or folder).
+    
+    Args:
+        parent: Parent resource (e.g., 'organizations/123' or 'folders/456')
+        folders_client: FoldersClient instance
+        
+    Returns:
+        list: List of all folder resource names
+    """
+    all_folders = []
+    
+    try:
+        request = resourcemanager_v3.ListFoldersRequest(parent=parent)
+        folders = folders_client.list_folders(request=request)
+        
+        for folder in folders:
+            folder_name = folder.name  # Format: folders/123
+            all_folders.append(folder_name)
+            logger.info(f"Found folder: {folder_name}")
+            
+            # Recursively get subfolders
+            subfolders = _get_all_folders_recursive(folder_name, folders_client)
+            all_folders.extend(subfolders)
+            
+    except Exception as e:
+        logger.warning(f"Error listing folders under {parent}: {e}")
+    
+    return all_folders
+
+
+def get_projects_with_role(
+    user_email: str,
+    organization_id: str,
+    role: str = "roles/owner",
+    expand_groups: bool = True
+) -> list:
+    """
+    Get all projects where a user or service account has a specific role.
+    Searches recursively through all folders in the organization.
+    
+    Args:
+        user_email: Email of the user or service account to check
+                   (e.g., 'oshasha10@dev.sky320.com' or 'my-sa@project.iam.gserviceaccount.com')
+        organization_id: GCP organization ID (e.g., '111111111111')
+        role: Role to check (e.g., 'roles/owner', 'roles/editor')
+        expand_groups: Whether to expand group memberships (default: True)
+        
+    Returns:
+        list: List of project IDs where the user/service account has the specified role
+        
+    Example:
+        >>> projects = get_projects_with_role(
+        ...     user_email='oshasha10@dev.sky320.com',
+        ...     organization_id='111111111111',
+        ...     role='roles/owner'
+        ... )
+    """
+    logger.info(f"Fetching all projects in organization {organization_id} (including folders)")
+    
+    try:
+        # Initialize clients
+        projects_client = resourcemanager_v3.ProjectsClient()
+        folders_client = resourcemanager_v3.FoldersClient()
+        
+        # Get all folders recursively
+        org_parent = f"organizations/{organization_id}"
+        all_folders = _get_all_folders_recursive(org_parent, folders_client)
+        logger.info(f"Found {len(all_folders)} folder(s) in organization")
+        
+        # Create list of all parents to search (organization + all folders)
+        parents_to_search = [org_parent] + all_folders
+        
+        # Collect all projects from all parents
+        all_projects = []
+        for parent in parents_to_search:
+            request = resourcemanager_v3.ListProjectsRequest(parent=parent)
+            projects = projects_client.list_projects(request=request)
+            for project in projects:
+                all_projects.append(project.project_id)
+        
+        logger.info(f"Found {len(all_projects)} total project(s) across organization and folders")
+        
+        # Filter projects where user has the specified role
+        matching_projects = []
+        
+        for project_id in all_projects:
+            # Check if user has the role in this project
+            if check_user_has_role(
+                project_id=project_id,
+                user_email=user_email,
+                organization_id=organization_id,
+                role=role,
+                expand_groups=expand_groups
+            ):
+                matching_projects.append(project_id)
+        
+        logger.info(f"Checked {len(all_projects)} projects, found {len(matching_projects)} where {user_email} has role {role}")
+        return sorted(matching_projects)
+        
+    except Exception as e:
+        logger.exception(f"Error fetching projects: {e}")
+        raise

{gcp_platforms_auto-0.7.0.dist-info → gcp_platforms_auto-0.7.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gcp_platforms_auto
-Version: 0.7.0
+Version: 0.7.5
 Summary: A brief description of your package
 Author-email: ofir4858 <ofirshasha10@gmail.com>
 License: MIT
@@ -12,6 +12,10 @@ Description-Content-Type: text/markdown
 Requires-Dist: requests
 Requires-Dist: pyjwt
 Requires-Dist: google-cloud-logging
+Requires-Dist: google-cloud-asset
+Requires-Dist: google-cloud-resource-manager
 Requires-Dist: gitpython
+Requires-Dist: sqlalchemy
+Requires-Dist: pg8000
 
 # gcp_sdk

gcp_platforms_auto-0.7.5.dist-info/RECORD

@@ -0,0 +1,8 @@
+gcp_platforms_auto/__init__.py,sha256=jpdcmFArf_rwuQ0Cn26GUq5_DxSbGF6oMwxSKYu7ELY,322
+gcp_platforms_auto/db.py,sha256=jE5nwmqVHcxT4m6-meUgUz4V4DM8M_sMmeTpvKr2Z2Y,8768
+gcp_platforms_auto/git.py,sha256=NnLDfRzzrzbm9yekepc-qgu8ejYmjNxQ4VDlW46gG2o,5508
+gcp_platforms_auto/iam.py,sha256=h3NytTLB04eO6TvxVwBN2vWJOElGQaEkWeoNkRD6BVI,7653
+gcp_platforms_auto-0.7.5.dist-info/METADATA,sha256=IJDfoM9XSyYJlKAk7dEGE1o7noOIDBpF6p0j5rAoFfo,621
+gcp_platforms_auto-0.7.5.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+gcp_platforms_auto-0.7.5.dist-info/top_level.txt,sha256=4q-ofPMmvBaTnIbAzs-Wp_OwheAVxxmJ1fW9vl3-kyE,19
+gcp_platforms_auto-0.7.5.dist-info/RECORD,,

{gcp_platforms_auto-0.7.0.dist-info → gcp_platforms_auto-0.7.5.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.9.0)
+Generator: setuptools (80.10.2)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

gcp_platforms_auto-0.7.0.dist-info/RECORD

@@ -1,6 +0,0 @@
-gcp_platforms_auto/__init__.py,sha256=7CmPCQxUqAvZTHKCREhL2b4MKD8Pn7FnKZUcMxYC09g,92
-gcp_platforms_auto/git.py,sha256=NnLDfRzzrzbm9yekepc-qgu8ejYmjNxQ4VDlW46gG2o,5508
-gcp_platforms_auto-0.7.0.dist-info/METADATA,sha256=QaX8CCdAbVNESyK1jCJU-ykpKXYtXQUcdFQYh9La0R0,494
-gcp_platforms_auto-0.7.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-gcp_platforms_auto-0.7.0.dist-info/top_level.txt,sha256=4q-ofPMmvBaTnIbAzs-Wp_OwheAVxxmJ1fW9vl3-kyE,19
-gcp_platforms_auto-0.7.0.dist-info/RECORD,,