Google Cloud Access Context Manager

0.4.0 · active · verified Sun Apr 12

Google Cloud Access Context Manager is a Python client library for interacting with the Access Context Manager API. It enables Google Cloud organization administrators to programmatically define fine-grained, attribute-based access control policies, including access levels and service perimeters, for resources within Google Cloud. The library is currently at version 0.4.0 and receives regular updates to align with API evolution and bug fixes.

Warnings

breaking Frequent and specific `protobuf` version requirements can lead to dependency conflicts, especially when combining with other Google Cloud libraries or third-party tools that pin `protobuf` versions. This library has required `protobuf < 5.0.0` and later `protobuf >=3.20.2, <6`.
Fix: Carefully manage your `protobuf` version by checking the `google-cloud-access-context-manager` library's `install_requires` in its `setup.py` or `pyproject.toml` (if available on PyPI) and ensuring compatibility with other installed packages. Use virtual environments to isolate dependencies.
gotcha This library (and underlying API) is designed for Python 3.9 and higher. Earlier Python versions (e.g., 3.8 and below) are not supported by recent releases, which can cause installation or runtime failures.
Fix: Ensure your development and deployment environments are using Python 3.9 or newer. Upgrade your Python interpreter if necessary.
gotcha The Access Context Manager API is listed as 'preview' in some Google Cloud documentation contexts, implying that certain features or API surfaces might still be under active development and subject to change without standard deprecation periods.
Fix: Be aware of the 'preview' status when building critical systems. Monitor Google Cloud release notes for Access Context Manager for potential changes to APIs you rely on. Implement robust error handling and resilience in your applications.
gotcha Managing Access Policies (creating, updating, deleting) cannot be done directly through the Google Cloud Console. These operations must be performed using the `gcloud` command-line tool or through the Access Context Manager API via this client library.
Fix: For administrative tasks on Access Policies, always plan to use either the `gcloud` CLI or programmatically interact via the `google-cloud-access-context-manager` library. Refer to the official Google Cloud documentation for Access Context Manager for management instructions.
deprecated The original GitHub repository `googleapis/python-access-context-manager` has been archived. Development now occurs within the larger `googleapis/google-cloud-python` monorepo.
Fix: Refer to the monorepo at `https://github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-access-context-manager` for the latest source code, issues, and contributions.

Install

pip install google-cloud-access-context-manager Install latest version

Imports

AccessContextManagerClient
```
from google.cloud import accesscontextmanager_v1
```
Client classes for Google Cloud often reside in versioned submodules like `accesscontextmanager_v1`.

Quickstart

This quickstart demonstrates how to initialize the `google-cloud-access-context-manager` client and list all Access Policies associated with a specified Google Cloud organization. Ensure the `GOOGLE_CLOUD_ORGANIZATION_ID` environment variable is set and your authentication is configured (e.g., `gcloud auth application-default login`).

import os
from google.cloud import accesscontextmanager_v1

def list_access_policies(organization_id: str):
    """Lists all Access Policies for a given Google Cloud organization.

    Args:
        organization_id: The Google Cloud organization ID.
    """
    # Create a client
    client = accesscontextmanager_v1.AccessContextManagerClient()

    # The parent format for listing access policies is 'organizations/{organization_id}'
    parent = f"organizations/{organization_id}"

    try:
        print(f"Listing Access Policies for organization: {organization_id}")
        # The list_access_policies method returns an iterable of policies.
        for policy in client.list_access_policies(parent=parent):
            print(f"  Policy Name: {policy.name}, Title: {policy.title}")
    except Exception as e:
        print(f"An error occurred: {e}")

if __name__ == "__main__":
    # Set your Google Cloud Organization ID as an environment variable
    # Example: export GOOGLE_CLOUD_ORGANIZATION_ID='1234567890'
    organization_id = os.environ.get("GOOGLE_CLOUD_ORGANIZATION_ID")

    if not organization_id:
        print("ERROR: Please set the 'GOOGLE_CLOUD_ORGANIZATION_ID' environment variable.")
        print("You can usually find this in the Google Cloud Console or via `gcloud organizations list`.")
    else:
        list_access_policies(organization_id)

view raw JSON →