attraction / google-iam-roles
Manages your user's custom IAM roles
1.0.6
2020-11-24 01:27 UTC
Requires
- php: >=7.3
- google/apiclient: ^2.7
- guzzlehttp/guzzle: ^7.0
README
Manages your user's custom IAM roles. Useful for Google IAP protected applications. It only shows custom IAM roles, built-in roles are filtered out.
Installation
It's recommended that you use Composer to install google-iam-roles.
$ composer require attraction/google-iam-roles:^1.0
This will install google-iam-roles and all required dependencies. google-iam-roles requires PHP 7.4 or newer.
Requirements
First, activate the Cloud Resource Manager API here
Second, make sure your service account has the Project IAM Admin
role.
Third, this class uses Application Default Credentials
to access Google Cloud - you can read about it here if you're not familiar.
Usage
use Attraction\GoogleIAMRoles; // Project ID is available in Google Cloud Project Settings - https://console.cloud.google.com/iam-admin/settings $projectId = 'YOUR_PROJECT_ID'; $applicationName = 'A simple name to describe your application'; $iam = new GoogleIAMRoles($applicationName, $projectId); /* Returns an object in this format: [ { "role": "CustomRoleUser", "members": [ "someone@john@doe.com" ] } ] */ $roles = $iam->getProjectRoles(); // Add role(s) to user $iam->addRole('john@doe.com','CustomRoleAdmin'); $iam->addRoles('john@doe.com',['CustomRoleUser','CustomRoleAdmin']); // Remove role(s) from user $iam->removeRole('john@doe.com','CustomRoleAdmin'); $iam->removeRoles('john@doe.com',['CustomRoleUser','CustomRoleAdmin']); // Test if user has a specific role $iam->hasRole('john@doe.com','CustomRoleAdmin'); // Test if user has ANY of the roles $iam->hasRoles('john@doe.com',['CustomRoleAdmin','CustomRoleUser']); // Test if user has ALL the roles $iam->hasRoles('john@doe.com',['CustomRoleAdmin','CustomRoleUser'], true);