GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → etsy → Apotheosis

etsy / Apotheosis

Licence: Apache-2.0 license
No description or website provided.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

non-sox

Projects that are alternatives of or similar to Apotheosis

DebriefingFacilitationGuide
Leading Groups at Etsy to Learn From Accidents
Stars: ✭ 237 (+777.78%)
Mutual labels:  non-sox
etsy.github.com
Etsy! on Github!
Stars: ✭ 15 (-44.44%)
Mutual labels:  non-sox
ELK-utils
Utilities for working with the ELK (Elasticsearch, Logstash, Kibana) stack
Stars: ✭ 58 (+114.81%)
Mutual labels:  non-sox
ab
Etsy's little framework for A/B testing, feature ramp up, and more.
Stars: ✭ 129 (+377.78%)
Mutual labels:  non-sox
Skyline
It'll detect your anomalies! Part of the Kale stack.
Stars: ✭ 2,129 (+7785.19%)
Mutual labels:  non-sox
Logster
Parse log files, generate metrics for Graphite and Ganglia
Stars: ✭ 1,967 (+7185.19%)
Mutual labels:  non-sox
Deployinator
Deployinate!
Stars: ✭ 1,889 (+6896.3%)
Mutual labels:  non-sox
Androidstaggeredgrid
An Android staggered grid view which supports multiple columns with rows of varying sizes.
Stars: ✭ 4,794 (+17655.56%)
Mutual labels:  non-sox
geonames
Scripts for using Geonames
Stars: ✭ 24 (-11.11%)
Mutual labels:  non-sox
PushBot
An IRC Bot for organizing code pushes
Stars: ✭ 80 (+196.3%)
Mutual labels:  non-sox
incpath
PHP extension to support atomic deploys
Stars: ✭ 50 (+85.19%)
Mutual labels:  non-sox
cdncontrol ui
A web UI for Etsy's cdncontrol tool
Stars: ✭ 13 (-51.85%)
Mutual labels:  non-sox

Apotheosis

Apotheosis is a tool you can run in the command line to grant yourself temporary Google Cloud Platform (GCP) Identity and Access Management (IAM) privileges which will expire after a specified amount of time. It is meant to allow high privilege users, who would otherwise have Owner or Org Admin roles, not to have any roles themselves except for Service Account User and Service Account Token Creator on a service account which will have the Owner role which would otherwise be assigned to these users.

To run the application:

git clone [email protected]:etsy/Apotheosis.git
cd apotheosis
virtualenv -p python2 venv
source venv/bin/activate
sudo python setup.py install
apotheosis -h

Usage Examples:

Adding to an organization:

apotheosis -d 30 -res 305014881247 -r roles/appengine.deployer
Added roles/appengine.deployer to user:[email protected] for 30 seconds
Removed roles/appengine.deployer from user:[email protected]

Adding to a project:

apotheosis -d 60 -res apotheosis-test -r roles/viewer -m group:[email protected]
Added roles/viewer to group:[email protected] for 60 seconds
Removed roles/viewer from group:[email protected]

It makes sense to configure defaults for the command line arguments. These can be hardcoded in the file apotheosis.py, like:

default_resource = "a-project-id"
default_role = "roles/viewer"
default_member = "user:[email protected]"
default_service_account = "[email protected]"

If you are signed in to gcloud your default credentials should be set. In some cases it may be necessary to run gcloud auth application-default login and authenticate with the account which has permissions on the service account.

Also you can press enter in the terminal to revoke the permissions early.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].