Skip to main content
Glama
enesjakozh
henihaddad

GCP MCP

by henihaddad
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

check_iam_permissions

Verify IAM permissions for the current user in a specified GCP project to ensure access and compliance with required roles and policies.

Instructions

    Check IAM permissions for the current user in a GCP project.
    
    Args:
        project_id: The ID of the GCP project to check permissions for
    
    Returns:
        List of IAM permissions for the current user in the specified GCP project

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
project_idYes

Implementation Reference

  • src/gcp_mcp/gcp_modules/iam/tools.py:9-60 (handler)
    The handler function for the 'check_iam_permissions' tool. It retrieves the IAM policy for the specified GCP project and lists the roles assigned to the current user or service account.
        @mcp.tool()
    def check_iam_permissions(project_id: str) -> str:
        """
        Check IAM permissions for the current user in a GCP project.
        
        Args:
            project_id: The ID of the GCP project to check permissions for
        
        Returns:
            List of IAM permissions for the current user in the specified GCP project
        """
        try:
            from google.cloud import resourcemanager_v3
            from google.iam.v1 import iam_policy_pb2
            
            # Initialize the Resource Manager client
            client = resourcemanager_v3.ProjectsClient()
            
            # Get the IAM policy for the project
            request = iam_policy_pb2.GetIamPolicyRequest(
                resource=f"projects/{project_id}"
            )
            policy = client.get_iam_policy(request=request)
            
            # Get the current user
            import google.auth
            credentials, _ = google.auth.default()
            user = credentials.service_account_email if hasattr(credentials, 'service_account_email') else "current user"
            
            # Check which roles the user has
            user_bindings = []
            for binding in policy.bindings:
                role = binding.role
                members = binding.members
                
                # Check if the current user is in the members list
                for member in members:
                    if member == f"user:{user}" or member == "serviceAccount:{user}" or member == "allUsers" or member == "allAuthenticatedUsers":
                        user_bindings.append(f"- {role}")
                        break
            
            if not user_bindings:
                return f"No explicit IAM permissions found for {user} in project {project_id}."
            
            user_bindings_str = "\n".join(user_bindings)
            
            return f"""
IAM Permissions for {user} in GCP Project {project_id}:
{user_bindings_str}
"""
        except Exception as e:
            return f"Error checking IAM permissions: {str(e)}"
  • src/gcp_mcp/server.py:36-36 (registration)
    Registration of the IAM tools module, which defines and registers the check_iam_permissions tool via its register_tools function.
    iam_tools.register_tools(mcp)
  • src/gcp_mcp/server.py:7-7 (registration)
    Import of the IAM tools module alias, enabling registration of check_iam_permissions.
    from .gcp_modules.iam import tools as iam_tools
Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/henihaddad/gcp-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server