use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class AddCloudLibrariesDialog method doOKAction.
/**
* Overrides {@link DialogWrapper#doOKAction()} to first check if there are any APIs to enable on
* GCP.
*
* <p>If so, the {@link CloudApiManagementConfirmationDialog} is opened confirming the API changes
* to be made. If the user cancels, the user is returned to this parent dialog. Otherwise, it is
* closed and the default {@link DialogWrapper#doOKAction()} is invoked.
*/
@Override
protected void doOKAction() {
CloudProject cloudProject = getCloudProject();
Set<CloudLibrary> selectedApis = getSelectedLibraries();
Set<CloudLibrary> apisToEnable = getApisToEnable();
Set<CloudLibrary> apisNotEnabled = Sets.difference(selectedApis, apisToEnable);
if (cloudProject != null) {
Set<Role> roles = getServiceAccountRoles(selectedApis);
CloudApiManagementConfirmationDialog managementDialog = new CloudApiManagementConfirmationDialog(getSelectedModule(), cloudProject, apisToEnable, apisNotEnabled, roles);
DialogManager.show(managementDialog);
if (managementDialog.isOK()) {
if (!apisToEnable.isEmpty()) {
runApiEnablement(apisToEnable);
}
if (managementDialog.isCreateNewServiceAccount()) {
runServiceAccountManagement(managementDialog.getSelectedRoles(), managementDialog.getServiceAccountName(), managementDialog.getServiceAccountKeyDownloadPath());
}
super.doOKAction();
}
} else {
super.doOKAction();
}
}
use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method getServiceAccountRoles.
/**
* Fetches the list of {@link Role} for the supplied {@link CloudProject} by querying the Iam API.
*/
static List<Role> getServiceAccountRoles(CloudProject cloudProject) {
Optional<CredentialedUser> user = Services.getLoginService().getLoggedInUser(cloudProject.googleUsername());
if (!user.isPresent()) {
LOG.error("Cannot fetch service account roles: logged in user not found.");
return ImmutableList.of();
}
Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.get().getCredential());
try {
return iam.roles().list().execute().getRoles();
} catch (IOException e) {
LOG.warn("Exception occurred attempting to fetch service account roles");
return ImmutableList.of();
}
}
use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method addRolesToServiceAccount.
/**
* Adds a set of {@link Role roles} to a {@link ServiceAccount}.
*
* <p>This is done by fetching the cloud project's existing IAM Policy, adding the new roles to
* the given service account, and then writing the updated policy back to the cloud project.
*
* @param user the current {@link CredentialedUser}
* @param serviceAccount the {@link ServiceAccount} to which to add roles
* @param roles the set of {@link Role} to be added to the service account
* @param cloudProject the current {@link CloudProject}
* @throws IOException if the API call fails to update the IAM policy
*/
private static void addRolesToServiceAccount(CredentialedUser user, ServiceAccount serviceAccount, Set<Role> roles, CloudProject cloudProject) throws IOException {
CloudResourceManager resourceManager = GoogleApiClientFactory.getInstance().getCloudResourceManagerClient(user.getCredential());
Policy existingPolicy = resourceManager.projects().getIamPolicy(cloudProject.projectId(), new GetIamPolicyRequest()).execute();
List<Binding> bindings = Lists.newArrayList(existingPolicy.getBindings());
List<Binding> additionalBindings = roles.stream().map(role -> {
Binding binding = new Binding();
binding.setRole(role.getName());
binding.setMembers(createServiceAccountMemberBindings(serviceAccount));
return binding;
}).collect(Collectors.toList());
bindings.addAll(additionalBindings);
SetIamPolicyRequest policyRequest = new SetIamPolicyRequest();
Policy newPolicy = new Policy();
newPolicy.setBindings(bindings);
policyRequest.setPolicy(newPolicy);
resourceManager.projects().setIamPolicy(cloudProject.projectId(), policyRequest).execute();
}
use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManagementConfirmationDialogTest method roleTable_whenRolesExist_isPopulated_andAllSelectedByDefault.
@Test
public void roleTable_whenRolesExist_isPopulated_andAllSelectedByDefault() {
Set<CloudLibrary> librariesNotToEnable = ImmutableSet.of(TestCloudLibrary.createEmpty().toCloudLibrary());
Role role1 = new Role();
role1.setName("my_role");
role1.setTitle("My Role");
Role role2 = new Role();
role2.setName("my_role_2");
role2.setTitle("My Role 2");
Set<Role> roles = ImmutableSet.of(role1, role2);
ApplicationManager.getApplication().invokeAndWait(() -> {
CloudApiManagementConfirmationDialog dialog = new CloudApiManagementConfirmationDialog(module, cloudProject, ImmutableSet.of(), librariesNotToEnable, roles);
TableModel model = dialog.getRoleTable().getModel();
assertThat(model.getRowCount()).isEqualTo(2);
Set<Role> allValues = ImmutableSet.of((Role) model.getValueAt(0, 0), (Role) model.getValueAt(1, 0));
assertThat(allValues).containsExactlyElementsIn(roles);
assertThat(dialog.getSelectedRoles()).containsExactlyElementsIn(roles);
});
}
use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManagerTest method createServiceAccountAndDownloadKey_whenThrowingException_notifiesUser.
@Test
public void createServiceAccountAndDownloadKey_whenThrowingException_notifiesUser() throws IOException {
when(serviceAccountCreate.execute()).thenThrow(new IOException());
Set<Role> roles = ImmutableSet.of();
CloudApiManager.createServiceAccountAndDownloadKey(roles, SERVICE_ACCOUNT_NAME, downloadDir.toPath(), cloudProject, testFixture.getProject());
ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
verify(notifications).notify(captor.capture());
assertThat(captor.getAllValues().size()).isEqualTo(1);
assertThat(captor.getValue().getTitle()).isEqualTo("Error Creating Service Account");
}
Aggregations