Example 1 with ServiceAccount
use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method createServiceAccountKey.
/**
* Using the supplied {@link ServiceAccount}, this creates and returns a new {@link
* ServiceAccountKey}.
*/
private static ServiceAccountKey createServiceAccountKey(CredentialedUser user, ServiceAccount serviceAccount) throws IOException {
Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.getCredential());
CreateServiceAccountKeyRequest keyRequest = new CreateServiceAccountKeyRequest();
return iam.projects().serviceAccounts().keys().create(serviceAccount.getName(), keyRequest).execute();
}
Also used :
Iam(com.google.api.services.iam.v1.Iam)
CreateServiceAccountKeyRequest(com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)
Example 2 with ServiceAccount
use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method addRolesToServiceAccount.
/**
* Adds a set of {@link Role roles} to a {@link ServiceAccount}.
*
* <p>This is done by fetching the cloud project's existing IAM Policy, adding the new roles to
* the given service account, and then writing the updated policy back to the cloud project.
*
* @param user the current {@link CredentialedUser}
* @param serviceAccount the {@link ServiceAccount} to which to add roles
* @param roles the set of {@link Role} to be added to the service account
* @param cloudProject the current {@link CloudProject}
* @throws IOException if the API call fails to update the IAM policy
*/
private static void addRolesToServiceAccount(CredentialedUser user, ServiceAccount serviceAccount, Set<Role> roles, CloudProject cloudProject) throws IOException {
CloudResourceManager resourceManager = GoogleApiClientFactory.getInstance().getCloudResourceManagerClient(user.getCredential());
Policy existingPolicy = resourceManager.projects().getIamPolicy(cloudProject.projectId(), new GetIamPolicyRequest()).execute();
List<Binding> bindings = Lists.newArrayList(existingPolicy.getBindings());
List<Binding> additionalBindings = roles.stream().map(role -> {
Binding binding = new Binding();
binding.setRole(role.getName());
binding.setMembers(createServiceAccountMemberBindings(serviceAccount));
return binding;
}).collect(Collectors.toList());
bindings.addAll(additionalBindings);
SetIamPolicyRequest policyRequest = new SetIamPolicyRequest();
Policy newPolicy = new Policy();
newPolicy.setBindings(bindings);
policyRequest.setPolicy(newPolicy);
resourceManager.projects().setIamPolicy(cloudProject.projectId(), policyRequest).execute();
}
Also used :
Policy(com.google.api.services.cloudresourcemanager.model.Policy)
Binding(com.google.api.services.cloudresourcemanager.model.Binding)
ServiceAccountKey(com.google.api.services.iam.v1.model.ServiceAccountKey)
ZonedDateTime(java.time.ZonedDateTime)
Binding(com.google.api.services.cloudresourcemanager.model.Binding)
Role(com.google.api.services.iam.v1.model.Role)
CloudProject(com.google.cloud.tools.intellij.project.CloudProject)
Logger(com.intellij.openapi.diagnostic.Logger)
Path(java.nio.file.Path)
ProgressManager(com.intellij.openapi.progress.ProgressManager)
CloudLibrary(com.google.cloud.tools.libraries.json.CloudLibrary)
Set(java.util.Set)
EnableServiceRequest(com.google.api.services.servicemanagement.model.EnableServiceRequest)
GoogleApiClientFactory(com.google.cloud.tools.intellij.resources.GoogleApiClientFactory)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
NotificationType(com.intellij.notification.NotificationType)
Notification(com.intellij.notification.Notification)
ProgressIndicator(com.intellij.openapi.progress.ProgressIndicator)
List(java.util.List)
ServiceManager(com.intellij.openapi.components.ServiceManager)
Services(com.google.cloud.tools.intellij.login.Services)
ApplicationManager(com.intellij.openapi.application.ApplicationManager)
Optional(java.util.Optional)
ServiceManagement(com.google.api.services.servicemanagement.ServiceManagement)
Pattern(java.util.regex.Pattern)
SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)
NotificationDisplayType(com.intellij.notification.NotificationDisplayType)
ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount)
ArrayList(java.util.ArrayList)
GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)
CloudResourceManager(com.google.api.services.cloudresourcemanager.CloudResourceManager)
Lists(com.google.common.collect.Lists)
ImmutableList(com.google.common.collect.ImmutableList)
PropertiesFileFlagReader(com.google.cloud.tools.intellij.flags.PropertiesFileFlagReader)
NotificationGroup(com.intellij.notification.NotificationGroup)
CredentialedUser(com.google.cloud.tools.intellij.login.CredentialedUser)
CreateServiceAccountKeyRequest(com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)
Project(com.intellij.openapi.project.Project)
GctBundle(com.google.cloud.tools.intellij.util.GctBundle)
DialogManager(git4idea.DialogManager)
Policy(com.google.api.services.cloudresourcemanager.model.Policy)
Base64(com.google.api.client.util.Base64)
Files(java.nio.file.Files)
GctTracking(com.google.cloud.tools.intellij.analytics.GctTracking)
IOException(java.io.IOException)
UsageTrackerProvider(com.google.cloud.tools.intellij.analytics.UsageTrackerProvider)
Paths(java.nio.file.Paths)
CreateServiceAccountRequest(com.google.api.services.iam.v1.model.CreateServiceAccountRequest)
DateTimeFormatter(java.time.format.DateTimeFormatter)
Iam(com.google.api.services.iam.v1.Iam)
GoogleCloudCoreIcons(com.google.cloud.tools.intellij.GoogleCloudCoreIcons)
CloudResourceManager(com.google.api.services.cloudresourcemanager.CloudResourceManager)
SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)
GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)
Example 3 with ServiceAccount
use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method createServiceAccount.
/**
* Creates a new {@link ServiceAccount} for the given {@link CloudProject} using the IAM API.
*/
private static ServiceAccount createServiceAccount(CredentialedUser user, String name, CloudProject cloudProject) throws IOException {
CreateServiceAccountRequest request = new CreateServiceAccountRequest();
ServiceAccount serviceAccount = new ServiceAccount();
serviceAccount.setDisplayName(name);
request.setServiceAccount(serviceAccount);
request.setAccountId(createServiceAccountId(name));
Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.getCredential());
return iam.projects().serviceAccounts().create(String.format(SERVICE_ACCOUNT_CREATE_REQUEST_PROJECT_FORMAT, cloudProject.projectId()), request).execute();
}
Also used :
ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount)
Iam(com.google.api.services.iam.v1.Iam)
CreateServiceAccountRequest(com.google.api.services.iam.v1.model.CreateServiceAccountRequest)
Example 4 with ServiceAccount
use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method createServiceAccountAndDownloadKey.
/**
* Creates a new {@link ServiceAccount}, adds the supplied set of {@link Role roles} to it, and
* creates and downloads the service account private key to the user's file system.
*
* @param roles the set of {@link Role} to add to the new service account
* @param name the name of the new service account to be created
* @param downloadDir the {@link Path} of the download directory of the service account private
* key json file
* @param cloudProject the current {@link CloudProject}
* @param project the current {@link Project}
*/
static void createServiceAccountAndDownloadKey(Set<Role> roles, String name, Path downloadDir, CloudProject cloudProject, Project project) {
Optional<CredentialedUser> user = Services.getLoginService().getLoggedInUser(cloudProject.googleUsername());
if (!user.isPresent()) {
LOG.error("Cannot enable APIs: logged in user not found.");
return;
}
ProgressIndicator progress = ServiceManager.getService(ProgressManager.class).getProgressIndicator();
try {
int numSteps = roles.isEmpty() ? 3 : 4;
double step = 0;
updateProgress(progress, GctBundle.message("cloud.apis.service.account.create.account.progress.message", name), step / numSteps);
step++;
ServiceAccount serviceAccount = createServiceAccount(user.get(), name, cloudProject);
if (!roles.isEmpty()) {
updateProgress(progress, GctBundle.message("cloud.apis.service.account.add.roles.progress.message"), step / numSteps);
step++;
addRolesToServiceAccount(user.get(), serviceAccount, roles, cloudProject);
}
updateProgress(progress, GctBundle.message("cloud.apis.service.account.create.key.progress.message"), step / numSteps);
step++;
ServiceAccountKey serviceAccountKey = createServiceAccountKey(user.get(), serviceAccount);
updateProgress(progress, GctBundle.message("cloud.apis.service.account.download.key.progress.message"), step / numSteps);
Path keyPath = writeServiceAccountKey(serviceAccountKey, downloadDir, cloudProject);
notifyServiceAccountCreated(project, name, keyPath);
} catch (IOException e) {
LOG.warn("Exception occurred attempting to create service account on GCP and download its key", e);
notifyServiceAccountError(project, name, e.toString());
}
}
Also used :
Path(java.nio.file.Path)
ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount)
ProgressIndicator(com.intellij.openapi.progress.ProgressIndicator)
ProgressManager(com.intellij.openapi.progress.ProgressManager)
CredentialedUser(com.google.cloud.tools.intellij.login.CredentialedUser)
IOException(java.io.IOException)
ServiceAccountKey(com.google.api.services.iam.v1.model.ServiceAccountKey)
Example 5 with ServiceAccount
use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManagerTest method setupFakeServiceAccount.
private void setupFakeServiceAccount() {
serviceAccount = new ServiceAccount();
serviceAccount.setName("my-service-account");
}
Also used :
ServiceAccount(com.google.api.services.iam.v1.model.ServiceAccount)
Aggregations
ServiceAccount (com.google.api.services.iam.v1.model.ServiceAccount)4
Iam (com.google.api.services.iam.v1.Iam)3
CreateServiceAccountKeyRequest (com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest)2
CreateServiceAccountRequest (com.google.api.services.iam.v1.model.CreateServiceAccountRequest)2
ServiceAccountKey (com.google.api.services.iam.v1.model.ServiceAccountKey)2
CredentialedUser (com.google.cloud.tools.intellij.login.CredentialedUser)2
ProgressIndicator (com.intellij.openapi.progress.ProgressIndicator)2
ProgressManager (com.intellij.openapi.progress.ProgressManager)2
IOException (java.io.IOException)2
Base64 (com.google.api.client.util.Base64)1
CloudResourceManager (com.google.api.services.cloudresourcemanager.CloudResourceManager)1
Binding (com.google.api.services.cloudresourcemanager.model.Binding)1
GetIamPolicyRequest (com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest)1
Policy (com.google.api.services.cloudresourcemanager.model.Policy)1
SetIamPolicyRequest (com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest)1
Role (com.google.api.services.iam.v1.model.Role)1
ServiceManagement (com.google.api.services.servicemanagement.ServiceManagement)1
EnableServiceRequest (com.google.api.services.servicemanagement.model.EnableServiceRequest)1
GoogleCloudCoreIcons (com.google.cloud.tools.intellij.GoogleCloudCoreIcons)1
GctTracking (com.google.cloud.tools.intellij.analytics.GctTracking)1
