Example 1 with Iam
use of com.google.api.services.iam.v1.Iam in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method getServiceAccountRoles.
/**
* Fetches the list of {@link Role} for the supplied {@link CloudProject} by querying the Iam API.
*/
static List<Role> getServiceAccountRoles(CloudProject cloudProject) {
Optional<CredentialedUser> user = Services.getLoginService().getLoggedInUser(cloudProject.googleUsername());
if (!user.isPresent()) {
LOG.error("Cannot fetch service account roles: logged in user not found.");
return ImmutableList.of();
}
Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.get().getCredential());
try {
return iam.roles().list().execute().getRoles();
} catch (IOException e) {
LOG.warn("Exception occurred attempting to fetch service account roles");
return ImmutableList.of();
}
}
Also used :
Iam(com.google.api.services.iam.v1.Iam)
CredentialedUser(com.google.cloud.tools.intellij.login.CredentialedUser)
IOException(java.io.IOException)
Example 2 with Iam
use of com.google.api.services.iam.v1.Iam in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method createServiceAccountKey.
/**
* Using the supplied {@link ServiceAccount}, this creates and returns a new {@link
* ServiceAccountKey}.
*/
private static ServiceAccountKey createServiceAccountKey(CredentialedUser user, ServiceAccount serviceAccount) throws IOException {
Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.getCredential());
CreateServiceAccountKeyRequest keyRequest = new CreateServiceAccountKeyRequest();
return iam.projects().serviceAccounts().keys().create(serviceAccount.getName(), keyRequest).execute();
}
Also used :
Iam(com.google.api.services.iam.v1.Iam)
CreateServiceAccountKeyRequest(com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)
Example 3 with Iam
use of com.google.api.services.iam.v1.Iam in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method addRolesToServiceAccount.
/**
* Adds a set of {@link Role roles} to a {@link ServiceAccount}.
*
* <p>This is done by fetching the cloud project's existing IAM Policy, adding the new roles to
* the given service account, and then writing the updated policy back to the cloud project.
*
* @param user the current {@link CredentialedUser}
* @param serviceAccount the {@link ServiceAccount} to which to add roles
* @param roles the set of {@link Role} to be added to the service account
* @param cloudProject the current {@link CloudProject}
* @throws IOException if the API call fails to update the IAM policy
*/
private static void addRolesToServiceAccount(CredentialedUser user, ServiceAccount serviceAccount, Set<Role> roles, CloudProject cloudProject) throws IOException {
CloudResourceManager resourceManager = GoogleApiClientFactory.getInstance().getCloudResourceManagerClient(user.getCredential());
Policy existingPolicy = resourceManager.projects().getIamPolicy(cloudProject.projectId(), new GetIamPolicyRequest()).execute();
List<Binding> bindings = Lists.newArrayList(existingPolicy.getBindings());
List<Binding> additionalBindings = roles.stream().map(role -> {
Binding binding = new Binding();
binding.setRole(role.getName());
binding.setMembers(createServiceAccountMemberBindings(serviceAccount));
return binding;
}).collect(Collectors.toList());
bindings.addAll(additionalBindings);
SetIamPolicyRequest policyRequest = new SetIamPolicyRequest();
Policy newPolicy = new Policy();
newPolicy.setBindings(bindings);
policyRequest.setPolicy(newPolicy);
resourceManager.projects().setIamPolicy(cloudProject.projectId(), policyRequest).execute();
}
Also used :
Policy(com.google.api.services.cloudresourcemanager.model.Policy)
Binding(com.google.api.services.cloudresourcemanager.model.Binding)
ServiceAccountKey(com.google.api.services.iam.v1.model.ServiceAccountKey)
ZonedDateTime(java.time.ZonedDateTime)
Binding(com.google.api.services.cloudresourcemanager.model.Binding)
Role(com.google.api.services.iam.v1.model.Role)
CloudProject(com.google.cloud.tools.intellij.project.CloudProject)
Logger(com.intellij.openapi.diagnostic.Logger)
Path(java.nio.file.Path)
ProgressManager(com.intellij.openapi.progress.ProgressManager)
CloudLibrary(com.google.cloud.tools.libraries.json.CloudLibrary)
Set(java.util.Set)
EnableServiceRequest(com.google.api.services.servicemanagement.model.EnableServiceRequest)
GoogleApiClientFactory(com.google.cloud.tools.intellij.resources.GoogleApiClientFactory)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
NotificationType(com.intellij.notification.NotificationType)
Notification(com.intellij.notification.Notification)
ProgressIndicator(com.intellij.openapi.progress.ProgressIndicator)
List(java.util.List)
ServiceManager(com.intellij.openapi.components.ServiceManager)
Services(com.google.cloud.tools.intellij.login.Services)
ApplicationManager(com.intellij.openapi.application.ApplicationManager)
Optional(java.util.Optional)
ServiceManagement(com.google.api.services.servicemanagement.ServiceManagement)
Pattern(java.util.regex.Pattern)
SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)
NotificationDisplayType(com.intellij.notification.NotificationDisplayType)
ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount)
ArrayList(java.util.ArrayList)
GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)
CloudResourceManager(com.google.api.services.cloudresourcemanager.CloudResourceManager)
Lists(com.google.common.collect.Lists)
ImmutableList(com.google.common.collect.ImmutableList)
PropertiesFileFlagReader(com.google.cloud.tools.intellij.flags.PropertiesFileFlagReader)
NotificationGroup(com.intellij.notification.NotificationGroup)
CredentialedUser(com.google.cloud.tools.intellij.login.CredentialedUser)
CreateServiceAccountKeyRequest(com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)
Project(com.intellij.openapi.project.Project)
GctBundle(com.google.cloud.tools.intellij.util.GctBundle)
DialogManager(git4idea.DialogManager)
Policy(com.google.api.services.cloudresourcemanager.model.Policy)
Base64(com.google.api.client.util.Base64)
Files(java.nio.file.Files)
GctTracking(com.google.cloud.tools.intellij.analytics.GctTracking)
IOException(java.io.IOException)
UsageTrackerProvider(com.google.cloud.tools.intellij.analytics.UsageTrackerProvider)
Paths(java.nio.file.Paths)
CreateServiceAccountRequest(com.google.api.services.iam.v1.model.CreateServiceAccountRequest)
DateTimeFormatter(java.time.format.DateTimeFormatter)
Iam(com.google.api.services.iam.v1.Iam)
GoogleCloudCoreIcons(com.google.cloud.tools.intellij.GoogleCloudCoreIcons)
CloudResourceManager(com.google.api.services.cloudresourcemanager.CloudResourceManager)
SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)
GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)
Example 4 with Iam
use of com.google.api.services.iam.v1.Iam in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method createServiceAccount.
/**
* Creates a new {@link ServiceAccount} for the given {@link CloudProject} using the IAM API.
*/
private static ServiceAccount createServiceAccount(CredentialedUser user, String name, CloudProject cloudProject) throws IOException {
CreateServiceAccountRequest request = new CreateServiceAccountRequest();
ServiceAccount serviceAccount = new ServiceAccount();
serviceAccount.setDisplayName(name);
request.setServiceAccount(serviceAccount);
request.setAccountId(createServiceAccountId(name));
Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.getCredential());
return iam.projects().serviceAccounts().create(String.format(SERVICE_ACCOUNT_CREATE_REQUEST_PROJECT_FORMAT, cloudProject.projectId()), request).execute();
}
Also used :
ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount)
Iam(com.google.api.services.iam.v1.Iam)
CreateServiceAccountRequest(com.google.api.services.iam.v1.model.CreateServiceAccountRequest)
Aggregations
Iam (com.google.api.services.iam.v1.Iam)4
CreateServiceAccountKeyRequest (com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)2
CreateServiceAccountRequest (com.google.api.services.iam.v1.model.CreateServiceAccountRequest)2
ServiceAccount (com.google.api.services.iam.v1.model.ServiceAccount)2
CredentialedUser (com.google.cloud.tools.intellij.login.CredentialedUser)2
IOException (java.io.IOException)2
Base64 (com.google.api.client.util.Base64)1
CloudResourceManager (com.google.api.services.cloudresourcemanager.CloudResourceManager)1
Binding (com.google.api.services.cloudresourcemanager.model.Binding)1
GetIamPolicyRequest (com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)1
Policy (com.google.api.services.cloudresourcemanager.model.Policy)1
SetIamPolicyRequest (com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)1
Role (com.google.api.services.iam.v1.model.Role)1
ServiceAccountKey (com.google.api.services.iam.v1.model.ServiceAccountKey)1
ServiceManagement (com.google.api.services.servicemanagement.ServiceManagement)1
EnableServiceRequest (com.google.api.services.servicemanagement.model.EnableServiceRequest)1
GoogleCloudCoreIcons (com.google.cloud.tools.intellij.GoogleCloudCoreIcons)1
GctTracking (com.google.cloud.tools.intellij.analytics.GctTracking)1
UsageTrackerProvider (com.google.cloud.tools.intellij.analytics.UsageTrackerProvider)1
PropertiesFileFlagReader (com.google.cloud.tools.intellij.flags.PropertiesFileFlagReader)1
