from subprocess import check_output from cloudfoundry_client.client import CloudFoundryClient ORG_NAME = "gsa-tts-benefits-studio" client = CloudFoundryClient.build_from_cf_config() org_guid = check_output(f"cf org {ORG_NAME} --guid", shell=True).decode().strip() space_guids = list( map(lambda item: item["guid"], client.v3.spaces.list(organization_guids=org_guid)) ) class RoleCollector: def __init__(self): self._map = {} def add(self, role): user = role.user if self._map.get(user.guid) is None: self._map[user.guid] = {"user": user, "roles": [role]} else: self._map[user.guid]["roles"].append(role) def print(self): for user_roles in self._map.values(): user = user_roles["user"] print(f"{user.type}: {user.username} has roles:") for role in user_roles["roles"]: if role.space: print(f" {role.type} in {role.space.name}") else: print(f" {role.type}") role_collector = RoleCollector() class User: def __init__(self, entity): self.guid = entity["guid"] self._username = entity["username"] self._is_service_account = entity["origin"] != "gsa.gov" self.type = "Bot" if self._is_service_account else "User" @property def username(self): if self._is_service_account: return client.v3.service_credential_bindings.get( self._username, include="service_instance" ).service_instance()["name"] else: return self._username class Space: def __init__(self, entity): self.name = entity["name"] class Role: def __init__(self, entity): self._fields = entity self.type = entity["type"] self.user = User(entity.user()) @property def space(self): try: return Space(self._fields.space()) except AttributeError: return None for role in map( Role, client.v3.roles.list(organization_guids=org_guid, include="user") ): role_collector.add(role) for role in map(Role, client.v3.roles.list(space_guids=space_guids, include="user")): role_collector.add(role) if __name__ == "__main__": role_collector.print()