Grole β
Description π
Grole is a tool used for establishing which Google
Cloud Roles contain a given permission,
and also which permissions a given Role has.
If you have ever found yourself wondering:
- "Which google cloud permissions does a given role have?"
- "Which google cloud role has x permissions included?"
Then grole
is the tool for you!
Pre-Requisites β
- Gcloud
- Run
gcloud auth application-default login
Installing & Updating π¦
If you already have Go installed, you can simply install grole
using:
go install github.com/jay-kinder/grole@latest
This will also allow you to update to the latest version.
If you don't have Go installed, you can install and update grole
manually:
Linux
GROLE_VERSION=v1.0.0 \
sudo rm -rf /usr/local/bin/grole \
wget -c https://github.com/jay-kinder/grole/releases/download/"${GROLE_VERSION}"/grole-"${GROLE_VERSION}"-linux-"$(dpkg --print-architecture)".tar.gz \
sudo tar -C /usr/local/bin -xzf grole-"${GROLE_VERSION}"-linux-"$(dpkg --print-architecture)".tar.gz \
rm -f grole-"${GROLE_VERSION}"-linux-"$(dpkg --print-architecture)".tar.gz
Mac
GROLE_VERSION=v1.0.0 \
sudo rm -rf /usr/local/bin/grole \
wget -c https://github.com/jay-kinder/grole/releases/download/"${GROLE_VERSION}"/grole-"${GROLE_VERSION}"-"$(dpkg --print-architecture)".tar.gz \
sudo tar -C /usr/local/bin -xzf grole-"${GROLE_VERSION}"-"$(dpkg --print-architecture)".tar.gz \
rm -f grole-"${GROLE_VERSION}"-"$(dpkg --print-architecture)".tar.gz
Windows
Go to the Releases
page and download the zip file you require.
Once unzipped, you will find a .exe
you can run to install grole
.
Usage β
-r, --role: Provide a role name to see all the permissions it has
-p, --perm: Provide permission(s) and see which role(s) contain both this permission(s) and the smallest number of other permissions (helps to follow the principle of least privilege)
grole [-p|--perm] <value> # optional: --all
# you can pass multiple permissions by using multiple -p flags
# grole will provide role(s) which contain all permissions provided
grole [-r|--role] <value>
Example π
grole [-p|--perm] resourcemanager.organizations.get
grole [-p|--perm] resourcemanager.projects.get [-p|--perm] compute.vpnGateways.list
grole [-r|--role] compute.admin
Additional Flags π
-h, --help: Print help information
--all: Provide permission(s) with [-p | --perm ] and see all role(s) that contain this permission(s)
-v, --version: Get currently installed version of grole
Issues πͺ²
If you find any bugs, or think of any issues you would like to raise, please raise
them here.
It will be a big help if you could please try to choose the most appropriate label
when raising an issue for grole
.
Contributing
See the CONTRIBUTING.md
for the project's contributing
guidelines.
Code of Conduct
π€ Be nice.
License β
Grole is released under the GNU GENERAL PUBLIC license.
See LICENSE
for details.
Uninstalling π
To uninstall grole
, you simply need to delete the grole
directory from the install
location.
This is likely to either be $(go env GOPATH)/bin
or /usr/local/bin/grole
for Linux/Mac, and your chosen install location for Windows.