Example 1 with Role
use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class AddCloudLibrariesDialog method doOKAction.
/**
* Overrides {@link DialogWrapper#doOKAction()} to first check if there are any APIs to enable on
* GCP.
*
* <p>If so, the {@link CloudApiManagementConfirmationDialog} is opened confirming the API changes
* to be made. If the user cancels, the user is returned to this parent dialog. Otherwise, it is
* closed and the default {@link DialogWrapper#doOKAction()} is invoked.
*/
@Override
protected void doOKAction() {
CloudProject cloudProject = getCloudProject();
Set<CloudLibrary> selectedApis = getSelectedLibraries();
Set<CloudLibrary> apisToEnable = getApisToEnable();
Set<CloudLibrary> apisNotEnabled = Sets.difference(selectedApis, apisToEnable);
if (cloudProject != null) {
Set<Role> roles = getServiceAccountRoles(selectedApis);
CloudApiManagementConfirmationDialog managementDialog = new CloudApiManagementConfirmationDialog(getSelectedModule(), cloudProject, apisToEnable, apisNotEnabled, roles);
DialogManager.show(managementDialog);
if (managementDialog.isOK()) {
if (!apisToEnable.isEmpty()) {
runApiEnablement(apisToEnable);
}
if (managementDialog.isCreateNewServiceAccount()) {
runServiceAccountManagement(managementDialog.getSelectedRoles(), managementDialog.getServiceAccountName(), managementDialog.getServiceAccountKeyDownloadPath());
}
super.doOKAction();
}
} else {
super.doOKAction();
}
}
Also used :
Role(com.google.api.services.iam.v1.model.Role)
CloudProject(com.google.cloud.tools.intellij.project.CloudProject)
CloudLibrary(com.google.cloud.tools.libraries.json.CloudLibrary)
Example 2 with Role
use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method getServiceAccountRoles.
/**
* Fetches the list of {@link Role} for the supplied {@link CloudProject} by querying the Iam API.
*/
static List<Role> getServiceAccountRoles(CloudProject cloudProject) {
Optional<CredentialedUser> user = Services.getLoginService().getLoggedInUser(cloudProject.googleUsername());
if (!user.isPresent()) {
LOG.error("Cannot fetch service account roles: logged in user not found.");
return ImmutableList.of();
}
Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.get().getCredential());
try {
return iam.roles().list().execute().getRoles();
} catch (IOException e) {
LOG.warn("Exception occurred attempting to fetch service account roles");
return ImmutableList.of();
}
}
Also used :
Iam(com.google.api.services.iam.v1.Iam)
CredentialedUser(com.google.cloud.tools.intellij.login.CredentialedUser)
IOException(java.io.IOException)
Example 3 with Role
use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method addRolesToServiceAccount.
/**
* Adds a set of {@link Role roles} to a {@link ServiceAccount}.
*
* <p>This is done by fetching the cloud project's existing IAM Policy, adding the new roles to
* the given service account, and then writing the updated policy back to the cloud project.
*
* @param user the current {@link CredentialedUser}
* @param serviceAccount the {@link ServiceAccount} to which to add roles
* @param roles the set of {@link Role} to be added to the service account
* @param cloudProject the current {@link CloudProject}
* @throws IOException if the API call fails to update the IAM policy
*/
private static void addRolesToServiceAccount(CredentialedUser user, ServiceAccount serviceAccount, Set<Role> roles, CloudProject cloudProject) throws IOException {
CloudResourceManager resourceManager = GoogleApiClientFactory.getInstance().getCloudResourceManagerClient(user.getCredential());
Policy existingPolicy = resourceManager.projects().getIamPolicy(cloudProject.projectId(), new GetIamPolicyRequest()).execute();
List<Binding> bindings = Lists.newArrayList(existingPolicy.getBindings());
List<Binding> additionalBindings = roles.stream().map(role -> {
Binding binding = new Binding();
binding.setRole(role.getName());
binding.setMembers(createServiceAccountMemberBindings(serviceAccount));
return binding;
}).collect(Collectors.toList());
bindings.addAll(additionalBindings);
SetIamPolicyRequest policyRequest = new SetIamPolicyRequest();
Policy newPolicy = new Policy();
newPolicy.setBindings(bindings);
policyRequest.setPolicy(newPolicy);
resourceManager.projects().setIamPolicy(cloudProject.projectId(), policyRequest).execute();
}
Also used :
Policy(com.google.api.services.cloudresourcemanager.model.Policy)
Binding(com.google.api.services.cloudresourcemanager.model.Binding)
ServiceAccountKey(com.google.api.services.iam.v1.model.ServiceAccountKey)
ZonedDateTime(java.time.ZonedDateTime)
Binding(com.google.api.services.cloudresourcemanager.model.Binding)
Role(com.google.api.services.iam.v1.model.Role)
CloudProject(com.google.cloud.tools.intellij.project.CloudProject)
Logger(com.intellij.openapi.diagnostic.Logger)
Path(java.nio.file.Path)
ProgressManager(com.intellij.openapi.progress.ProgressManager)
CloudLibrary(com.google.cloud.tools.libraries.json.CloudLibrary)
Set(java.util.Set)
EnableServiceRequest(com.google.api.services.servicemanagement.model.EnableServiceRequest)
GoogleApiClientFactory(com.google.cloud.tools.intellij.resources.GoogleApiClientFactory)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
NotificationType(com.intellij.notification.NotificationType)
Notification(com.intellij.notification.Notification)
ProgressIndicator(com.intellij.openapi.progress.ProgressIndicator)
List(java.util.List)
ServiceManager(com.intellij.openapi.components.ServiceManager)
Services(com.google.cloud.tools.intellij.login.Services)
ApplicationManager(com.intellij.openapi.application.ApplicationManager)
Optional(java.util.Optional)
ServiceManagement(com.google.api.services.servicemanagement.ServiceManagement)
Pattern(java.util.regex.Pattern)
SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)
NotificationDisplayType(com.intellij.notification.NotificationDisplayType)
ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount)
ArrayList(java.util.ArrayList)
GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)
CloudResourceManager(com.google.api.services.cloudresourcemanager.CloudResourceManager)
Lists(com.google.common.collect.Lists)
ImmutableList(com.google.common.collect.ImmutableList)
PropertiesFileFlagReader(com.google.cloud.tools.intellij.flags.PropertiesFileFlagReader)
NotificationGroup(com.intellij.notification.NotificationGroup)
CredentialedUser(com.google.cloud.tools.intellij.login.CredentialedUser)
CreateServiceAccountKeyRequest(com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)
Project(com.intellij.openapi.project.Project)
GctBundle(com.google.cloud.tools.intellij.util.GctBundle)
DialogManager(git4idea.DialogManager)
Policy(com.google.api.services.cloudresourcemanager.model.Policy)
Base64(com.google.api.client.util.Base64)
Files(java.nio.file.Files)
GctTracking(com.google.cloud.tools.intellij.analytics.GctTracking)
IOException(java.io.IOException)
UsageTrackerProvider(com.google.cloud.tools.intellij.analytics.UsageTrackerProvider)
Paths(java.nio.file.Paths)
CreateServiceAccountRequest(com.google.api.services.iam.v1.model.CreateServiceAccountRequest)
DateTimeFormatter(java.time.format.DateTimeFormatter)
Iam(com.google.api.services.iam.v1.Iam)
GoogleCloudCoreIcons(com.google.cloud.tools.intellij.GoogleCloudCoreIcons)
CloudResourceManager(com.google.api.services.cloudresourcemanager.CloudResourceManager)
SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)
GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)
Example 4 with Role
use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManagementConfirmationDialogTest method roleTable_whenRolesExist_isPopulated_andAllSelectedByDefault.
@Test
public void roleTable_whenRolesExist_isPopulated_andAllSelectedByDefault() {
Set<CloudLibrary> librariesNotToEnable = ImmutableSet.of(TestCloudLibrary.createEmpty().toCloudLibrary());
Role role1 = new Role();
role1.setName("my_role");
role1.setTitle("My Role");
Role role2 = new Role();
role2.setName("my_role_2");
role2.setTitle("My Role 2");
Set<Role> roles = ImmutableSet.of(role1, role2);
ApplicationManager.getApplication().invokeAndWait(() -> {
CloudApiManagementConfirmationDialog dialog = new CloudApiManagementConfirmationDialog(module, cloudProject, ImmutableSet.of(), librariesNotToEnable, roles);
TableModel model = dialog.getRoleTable().getModel();
assertThat(model.getRowCount()).isEqualTo(2);
Set<Role> allValues = ImmutableSet.of((Role) model.getValueAt(0, 0), (Role) model.getValueAt(1, 0));
assertThat(allValues).containsExactlyElementsIn(roles);
assertThat(dialog.getSelectedRoles()).containsExactlyElementsIn(roles);
});
}
Also used :
Role(com.google.api.services.iam.v1.model.Role)
CloudLibrary(com.google.cloud.tools.libraries.json.CloudLibrary)
TestCloudLibrary(com.google.cloud.tools.intellij.testing.apis.TestCloudLibrary)
TableModel(javax.swing.table.TableModel)
Test(org.junit.Test)
Example 5 with Role
use of com.google.api.services.iam.v1.model.Role in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManagerTest method createServiceAccountAndDownloadKey_whenThrowingException_notifiesUser.
@Test
public void createServiceAccountAndDownloadKey_whenThrowingException_notifiesUser() throws IOException {
when(serviceAccountCreate.execute()).thenThrow(new IOException());
Set<Role> roles = ImmutableSet.of();
CloudApiManager.createServiceAccountAndDownloadKey(roles, SERVICE_ACCOUNT_NAME, downloadDir.toPath(), cloudProject, testFixture.getProject());
ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
verify(notifications).notify(captor.capture());
assertThat(captor.getAllValues().size()).isEqualTo(1);
assertThat(captor.getValue().getTitle()).isEqualTo("Error Creating Service Account");
}
Also used :
Role(com.google.api.services.iam.v1.model.Role)
IOException(java.io.IOException)
Notification(com.intellij.notification.Notification)
Test(org.junit.Test)
Aggregations
Role (com.google.api.services.iam.v1.model.Role)6
CloudLibrary (com.google.cloud.tools.libraries.json.CloudLibrary)4
IOException (java.io.IOException)4
Test (org.junit.Test)4
CredentialedUser (com.google.cloud.tools.intellij.login.CredentialedUser)3
Iam (com.google.api.services.iam.v1.Iam)2
ServiceAccount (com.google.api.services.iam.v1.model.ServiceAccount)2
ServiceAccountKey (com.google.api.services.iam.v1.model.ServiceAccountKey)2
CloudProject (com.google.cloud.tools.intellij.project.CloudProject)2
TestCloudLibrary (com.google.cloud.tools.intellij.testing.apis.TestCloudLibrary)2
Notification (com.intellij.notification.Notification)2
ProgressIndicator (com.intellij.openapi.progress.ProgressIndicator)2
ProgressManager (com.intellij.openapi.progress.ProgressManager)2
Base64 (com.google.api.client.util.Base64)1
CloudResourceManager (com.google.api.services.cloudresourcemanager.CloudResourceManager)1
Binding (com.google.api.services.cloudresourcemanager.model.Binding)1
GetIamPolicyRequest (com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)1
Policy (com.google.api.services.cloudresourcemanager.model.Policy)1
SetIamPolicyRequest (com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)1
CreateServiceAccountKeyRequest (com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)1
