notifications-api/terraform/ops/cloudgov_user_report.py

from subprocess import check_output

from cloudfoundry_client.client import CloudFoundryClient

ORG_NAME = "gsa-tts-benefits-studio"


client = CloudFoundryClient.build_from_cf_config()
org_guid = check_output(f"cf org {ORG_NAME} --guid", shell=True).decode().strip()
space_guids = list(
    map(lambda item: item["guid"], client.v3.spaces.list(organization_guids=org_guid))
)


class RoleCollector:
    def __init__(self):
        self._map = {}

    def add(self, role):
        user = role.user
        if self._map.get(user.guid) is None:
            self._map[user.guid] = {"user": user, "roles": [role]}
        else:
            self._map[user.guid]["roles"].append(role)

    def print(self):
        for user_roles in self._map.values():
            user = user_roles["user"]
            print(f"{user.type}: {user.username} has roles:")
            for role in user_roles["roles"]:
                if role.space:
                    print(f"  {role.type} in {role.space.name}")
                else:
                    print(f"  {role.type}")


role_collector = RoleCollector()


class User:
    def __init__(self, entity):
        self.guid = entity["guid"]
        self._username = entity["username"]
        self._is_service_account = entity["origin"] != "gsa.gov"
        self.type = "Bot" if self._is_service_account else "User"

    @property
    def username(self):
        if self._is_service_account:
            return client.v3.service_credential_bindings.get(
                self._username, include="service_instance"
            ).service_instance()["name"]
        else:
            return self._username


class Space:
    def __init__(self, entity):
        self.name = entity["name"]


class Role:
    def __init__(self, entity):
        self._fields = entity
        self.type = entity["type"]
        self.user = User(entity.user())

    @property
    def space(self):
        try:
            return Space(self._fields.space())
        except AttributeError:
            return None


for role in map(
    Role, client.v3.roles.list(organization_guids=org_guid, include="user")
):
    role_collector.add(role)
for role in map(Role, client.v3.roles.list(space_guids=space_guids, include="user")):
    role_collector.add(role)


if __name__ == "__main__":
    role_collector.print()