handle >1 access policies in org, action tests

2026-06-24 08:01:36 +00:00 · 2022-04-07 01:21:15 +00:00
parent 119538c10c
commit 41a10932cb
2 changed files with 12 additions and 5 deletions
--- a/src/gam/gapi/caa.py
+++ b/src/gam/gapi/caa.py
@@ -29,13 +29,17 @@ def get_access_policy(caa=None):
                                 'accessPolicies',
                                 throw_reasons=THROW_REASONS,
                                 parent=parent,
-                                 fields='accessPolicies/name')
+                                 fields='accessPolicies(name,title)')
    except googleapiclient.errors.HttpError:
        controlflow.system_error_exit(2, 'Your service account needs the Access Context Manager Reader or Editor role for your organization.')
-    if len(aps) != 1:
-        print(f'expected 1 access policy, got {len(aps)}.')
-        return
-    return aps[0]['name']
+    if not aps:
+        controlflow.system_error_exit(2, 'You don\'t seem to have any access policies. That is odd.')
+    elif len(aps) == 1:
+        return aps[0]['name']
+    for ap in aps:
+        if ap.get('title') == 'Access policy created in Cloud Identity Console':
+            return ap['name']
+    controlflow.system_error_exit(2, ' Could not find a org level access policy. That is odd.')


 def print_access_levels():