Search in sources :

Example 1 with ServiceAccount

use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.

the class CloudApiManager method createServiceAccountKey.

/**
 * Using the supplied {@link ServiceAccount}, this creates and returns a new {@link
 * ServiceAccountKey}.
 */
private static ServiceAccountKey createServiceAccountKey(CredentialedUser user, ServiceAccount serviceAccount) throws IOException {
    Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.getCredential());
    CreateServiceAccountKeyRequest keyRequest = new CreateServiceAccountKeyRequest();
    return iam.projects().serviceAccounts().keys().create(serviceAccount.getName(), keyRequest).execute();
}
Also used : Iam(com.google.api.services.iam.v1.Iam) CreateServiceAccountKeyRequest(com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)

Example 2 with ServiceAccount

use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.

the class CloudApiManager method addRolesToServiceAccount.

/**
 * Adds a set of {@link Role roles} to a {@link ServiceAccount}.
 *
 * <p>This is done by fetching the cloud project's existing IAM Policy, adding the new roles to
 * the given service account, and then writing the updated policy back to the cloud project.
 *
 * @param user the current {@link CredentialedUser}
 * @param serviceAccount the {@link ServiceAccount} to which to add roles
 * @param roles the set of {@link Role} to be added to the service account
 * @param cloudProject the current {@link CloudProject}
 * @throws IOException if the API call fails to update the IAM policy
 */
private static void addRolesToServiceAccount(CredentialedUser user, ServiceAccount serviceAccount, Set<Role> roles, CloudProject cloudProject) throws IOException {
    CloudResourceManager resourceManager = GoogleApiClientFactory.getInstance().getCloudResourceManagerClient(user.getCredential());
    Policy existingPolicy = resourceManager.projects().getIamPolicy(cloudProject.projectId(), new GetIamPolicyRequest()).execute();
    List<Binding> bindings = Lists.newArrayList(existingPolicy.getBindings());
    List<Binding> additionalBindings = roles.stream().map(role -> {
        Binding binding = new Binding();
        binding.setRole(role.getName());
        binding.setMembers(createServiceAccountMemberBindings(serviceAccount));
        return binding;
    }).collect(Collectors.toList());
    bindings.addAll(additionalBindings);
    SetIamPolicyRequest policyRequest = new SetIamPolicyRequest();
    Policy newPolicy = new Policy();
    newPolicy.setBindings(bindings);
    policyRequest.setPolicy(newPolicy);
    resourceManager.projects().setIamPolicy(cloudProject.projectId(), policyRequest).execute();
}
Also used : Policy(com.google.api.services.cloudresourcemanager.model.Policy) Binding(com.google.api.services.cloudresourcemanager.model.Binding) ServiceAccountKey(com.google.api.services.iam.v1.model.ServiceAccountKey) ZonedDateTime(java.time.ZonedDateTime) Binding(com.google.api.services.cloudresourcemanager.model.Binding) Role(com.google.api.services.iam.v1.model.Role) CloudProject(com.google.cloud.tools.intellij.project.CloudProject) Logger(com.intellij.openapi.diagnostic.Logger) Path(java.nio.file.Path) ProgressManager(com.intellij.openapi.progress.ProgressManager) CloudLibrary(com.google.cloud.tools.libraries.json.CloudLibrary) Set(java.util.Set) EnableServiceRequest(com.google.api.services.servicemanagement.model.EnableServiceRequest) GoogleApiClientFactory(com.google.cloud.tools.intellij.resources.GoogleApiClientFactory) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) NotificationType(com.intellij.notification.NotificationType) Notification(com.intellij.notification.Notification) ProgressIndicator(com.intellij.openapi.progress.ProgressIndicator) List(java.util.List) ServiceManager(com.intellij.openapi.components.ServiceManager) Services(com.google.cloud.tools.intellij.login.Services) ApplicationManager(com.intellij.openapi.application.ApplicationManager) Optional(java.util.Optional) ServiceManagement(com.google.api.services.servicemanagement.ServiceManagement) Pattern(java.util.regex.Pattern) SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest) NotificationDisplayType(com.intellij.notification.NotificationDisplayType) ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount) ArrayList(java.util.ArrayList) GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest) CloudResourceManager(com.google.api.services.cloudresourcemanager.CloudResourceManager) Lists(com.google.common.collect.Lists) ImmutableList(com.google.common.collect.ImmutableList) PropertiesFileFlagReader(com.google.cloud.tools.intellij.flags.PropertiesFileFlagReader) NotificationGroup(com.intellij.notification.NotificationGroup) CredentialedUser(com.google.cloud.tools.intellij.login.CredentialedUser) CreateServiceAccountKeyRequest(com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest) Project(com.intellij.openapi.project.Project) GctBundle(com.google.cloud.tools.intellij.util.GctBundle) DialogManager(git4idea.DialogManager) Policy(com.google.api.services.cloudresourcemanager.model.Policy) Base64(com.google.api.client.util.Base64) Files(java.nio.file.Files) GctTracking(com.google.cloud.tools.intellij.analytics.GctTracking) IOException(java.io.IOException) UsageTrackerProvider(com.google.cloud.tools.intellij.analytics.UsageTrackerProvider) Paths(java.nio.file.Paths) CreateServiceAccountRequest(com.google.api.services.iam.v1.model.CreateServiceAccountRequest) DateTimeFormatter(java.time.format.DateTimeFormatter) Iam(com.google.api.services.iam.v1.Iam) GoogleCloudCoreIcons(com.google.cloud.tools.intellij.GoogleCloudCoreIcons) CloudResourceManager(com.google.api.services.cloudresourcemanager.CloudResourceManager) SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest) GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)

Example 3 with ServiceAccount

use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.

the class CloudApiManager method createServiceAccount.

/**
 * Creates a new {@link ServiceAccount} for the given {@link CloudProject} using the IAM API.
 */
private static ServiceAccount createServiceAccount(CredentialedUser user, String name, CloudProject cloudProject) throws IOException {
    CreateServiceAccountRequest request = new CreateServiceAccountRequest();
    ServiceAccount serviceAccount = new ServiceAccount();
    serviceAccount.setDisplayName(name);
    request.setServiceAccount(serviceAccount);
    request.setAccountId(createServiceAccountId(name));
    Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.getCredential());
    return iam.projects().serviceAccounts().create(String.format(SERVICE_ACCOUNT_CREATE_REQUEST_PROJECT_FORMAT, cloudProject.projectId()), request).execute();
}
Also used : ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount) Iam(com.google.api.services.iam.v1.Iam) CreateServiceAccountRequest(com.google.api.services.iam.v1.model.CreateServiceAccountRequest)

Example 4 with ServiceAccount

use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.

the class CloudApiManager method createServiceAccountAndDownloadKey.

/**
 * Creates a new {@link ServiceAccount}, adds the supplied set of {@link Role roles} to it, and
 * creates and downloads the service account private key to the user's file system.
 *
 * @param roles the set of {@link Role} to add to the new service account
 * @param name the name of the new service account to be created
 * @param downloadDir the {@link Path} of the download directory of the service account private
 *     key json file
 * @param cloudProject the current {@link CloudProject}
 * @param project the current {@link Project}
 */
static void createServiceAccountAndDownloadKey(Set<Role> roles, String name, Path downloadDir, CloudProject cloudProject, Project project) {
    Optional<CredentialedUser> user = Services.getLoginService().getLoggedInUser(cloudProject.googleUsername());
    if (!user.isPresent()) {
        LOG.error("Cannot enable APIs: logged in user not found.");
        return;
    }
    ProgressIndicator progress = ServiceManager.getService(ProgressManager.class).getProgressIndicator();
    try {
        int numSteps = roles.isEmpty() ? 3 : 4;
        double step = 0;
        updateProgress(progress, GctBundle.message("cloud.apis.service.account.create.account.progress.message", name), step / numSteps);
        step++;
        ServiceAccount serviceAccount = createServiceAccount(user.get(), name, cloudProject);
        if (!roles.isEmpty()) {
            updateProgress(progress, GctBundle.message("cloud.apis.service.account.add.roles.progress.message"), step / numSteps);
            step++;
            addRolesToServiceAccount(user.get(), serviceAccount, roles, cloudProject);
        }
        updateProgress(progress, GctBundle.message("cloud.apis.service.account.create.key.progress.message"), step / numSteps);
        step++;
        ServiceAccountKey serviceAccountKey = createServiceAccountKey(user.get(), serviceAccount);
        updateProgress(progress, GctBundle.message("cloud.apis.service.account.download.key.progress.message"), step / numSteps);
        Path keyPath = writeServiceAccountKey(serviceAccountKey, downloadDir, cloudProject);
        notifyServiceAccountCreated(project, name, keyPath);
    } catch (IOException e) {
        LOG.warn("Exception occurred attempting to create service account on GCP and download its key", e);
        notifyServiceAccountError(project, name, e.toString());
    }
}
Also used : Path(java.nio.file.Path) ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount) ProgressIndicator(com.intellij.openapi.progress.ProgressIndicator) ProgressManager(com.intellij.openapi.progress.ProgressManager) CredentialedUser(com.google.cloud.tools.intellij.login.CredentialedUser) IOException(java.io.IOException) ServiceAccountKey(com.google.api.services.iam.v1.model.ServiceAccountKey)

Example 5 with ServiceAccount

use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.

the class CloudApiManagerTest method setupFakeServiceAccount.

private void setupFakeServiceAccount() {
    serviceAccount = new ServiceAccount();
    serviceAccount.setName("my-service-account");
}
Also used : ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount)

Aggregations

ServiceAccount (com.google.api.services.iam.v1.model.ServiceAccount)4 Iam (com.google.api.services.iam.v1.Iam)3 CreateServiceAccountKeyRequest (com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)2 CreateServiceAccountRequest (com.google.api.services.iam.v1.model.CreateServiceAccountRequest)2 ServiceAccountKey (com.google.api.services.iam.v1.model.ServiceAccountKey)2 CredentialedUser (com.google.cloud.tools.intellij.login.CredentialedUser)2 ProgressIndicator (com.intellij.openapi.progress.ProgressIndicator)2 ProgressManager (com.intellij.openapi.progress.ProgressManager)2 IOException (java.io.IOException)2 Base64 (com.google.api.client.util.Base64)1 CloudResourceManager (com.google.api.services.cloudresourcemanager.CloudResourceManager)1 Binding (com.google.api.services.cloudresourcemanager.model.Binding)1 GetIamPolicyRequest (com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)1 Policy (com.google.api.services.cloudresourcemanager.model.Policy)1 SetIamPolicyRequest (com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)1 Role (com.google.api.services.iam.v1.model.Role)1 ServiceManagement (com.google.api.services.servicemanagement.ServiceManagement)1 EnableServiceRequest (com.google.api.services.servicemanagement.model.EnableServiceRequest)1 GoogleCloudCoreIcons (com.google.cloud.tools.intellij.GoogleCloudCoreIcons)1 GctTracking (com.google.cloud.tools.intellij.analytics.GctTracking)1