README
ΒΆ
Grole β
Description π
Grole is a tool used for establishing which Google Cloud Roles contain a given permission, and also which permissions a given Role has.
If you have ever found yourself wondering:
- "Which google cloud permissions does a given role have?"
- "Which google cloud role has x permissions included?"
Then grole is the tool for you!
Pre-Requisites β
- Gcloud
- Run
gcloud auth application-default login
Installing & Updating π¦
If you already have Go installed, you can simply install grole using:
go install github.com/jay-kinder/grole@latest
This will also allow you to update to the latest version.
If you don't have Go installed, you can install and update grole manually:
Linux
GROLE_VERSION=v1.0.0 \
sudo rm -rf /usr/local/bin/grole \
wget -c https://github.com/jay-kinder/grole/releases/download/"${GROLE_VERSION}"/grole-"${GROLE_VERSION}"-linux-"$(dpkg --print-architecture)".tar.gz \
sudo tar -C /usr/local/bin -xzf grole-"${GROLE_VERSION}"-linux-"$(dpkg --print-architecture)".tar.gz \
rm -f grole-"${GROLE_VERSION}"-linux-"$(dpkg --print-architecture)".tar.gz
Mac
GROLE_VERSION=v1.0.0 \
sudo rm -rf /usr/local/bin/grole \
wget -c https://github.com/jay-kinder/grole/releases/download/"${GROLE_VERSION}"/grole-"${GROLE_VERSION}"-"$(dpkg --print-architecture)".tar.gz \
sudo tar -C /usr/local/bin -xzf grole-"${GROLE_VERSION}"-"$(dpkg --print-architecture)".tar.gz \
rm -f grole-"${GROLE_VERSION}"-"$(dpkg --print-architecture)".tar.gz
Windows
Go to the Releases page and download the zip file you require.
Once unzipped, you will find a .exe you can run to install grole.
Usage β
-r, --role: Provide a role name to see all the permissions it has
-p, --perm: Provide permission(s) and see which role(s) contain both this permission(s) and the smallest number of other permissions (helps to follow the principle of least privilege)
grole [-p|--perm] <value> # optional: --all
# you can pass multiple permissions by using multiple -p flags
# grole will provide role(s) which contain all permissions provided
grole [-r|--role] <value>
Example π
grole [-p|--perm] resourcemanager.organizations.get
grole [-p|--perm] resourcemanager.projects.get [-p|--perm] compute.vpnGateways.list
grole [-r|--role] compute.admin
Additional Flags π
-h, --help: Print help information
--all: Provide permission(s) with [-p | --perm ] and see all role(s) that contain this permission(s)
-v, --version: Get currently installed version of grole
Issues πͺ²
If you find any bugs, or think of any issues you would like to raise, please raise them here.
It will be a big help if you could please try to choose the most appropriate label
when raising an issue for grole.
Contributing
See the CONTRIBUTING.md for the project's contributing
guidelines.
Code of Conduct
π€ Be nice.
License β
Grole is released under the GNU GENERAL PUBLIC license.
See LICENSE for details.
Uninstalling π
To uninstall grole, you simply need to delete the grole directory from the install
location.
This is likely to either be $(go env GOPATH)/bin or /usr/local/bin/grole
for Linux/Mac, and your chosen install location for Windows.
Documentation
ΒΆ
There is no documentation for this package.
Source Files
Directories