

Policy.conf:
## The following user, adam.arnold, is used to test gcloud query. if (user in { "adam.arnold" } && basename(command) in { "gcloud_test.sh","gcloud_test"}) { # do not allow these commands to be delegated print ("user called gcloud_test.sh"); if (basename(command) in { "gcloud_test.sh","gcloud_test"}) { print ("command is gcloud_test.sh"); include '/etc/pb/gcloud_functions.conf'; RetrieveGCloud_Group(); DELIM=","; gcloudFIELDS=split(gcloudDATA,DELIM); print(gcloudFIELDS); COUNT=0; COUNTER=0; TEST=split(gcloudDATA, "\n"); for Lines in TEST { TEST2=split(Lines, ","); COUNT=length(TEST2); COUNT2=( COUNT -1); while ( COUNTER <= COUNT2 ) { #print(COUNTER); #print(TEST2[COUNTER]); if ( TEST2[COUNTER] == "roles/cloudbuild.builds.editor" ) { print("Congratulations - you are a member of the DevOps Group(roles/cloudbuild.builds.editor), so you are authorized to execute this command"); COUNTER++; } else { COUNTER++; } } # End while COUNT=0; COUNTER=0; } # End for } accept; #reject("This is a restricted command gcloud_test.sh -- '" + basename(command) + "'."); }When you execute the script as a part of a “test” policy, you are able to determine the Google Cloud IAM group membership as shown below:

- The power of the PowerBroker for Unix & Linux scripting language to integrate into third-party solutions.
- The integration from PowerBroker for Unix & Linux to support group membership of Google Cloud IAM users.
- The support of PowerBroker for Unix & Linux in DevOps and Cloud environments in support of next-generation technologies.