use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method createServiceAccountKey.
/**
* Using the supplied {@link ServiceAccount}, this creates and returns a new {@link
* ServiceAccountKey}.
*/
private static ServiceAccountKey createServiceAccountKey(CredentialedUser user, ServiceAccount serviceAccount) throws IOException {
Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.getCredential());
CreateServiceAccountKeyRequest keyRequest = new CreateServiceAccountKeyRequest();
return iam.projects().serviceAccounts().keys().create(serviceAccount.getName(), keyRequest).execute();
}
use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method addRolesToServiceAccount.
/**
* Adds a set of {@link Role roles} to a {@link ServiceAccount}.
*
* <p>This is done by fetching the cloud project's existing IAM Policy, adding the new roles to
* the given service account, and then writing the updated policy back to the cloud project.
*
* @param user the current {@link CredentialedUser}
* @param serviceAccount the {@link ServiceAccount} to which to add roles
* @param roles the set of {@link Role} to be added to the service account
* @param cloudProject the current {@link CloudProject}
* @throws IOException if the API call fails to update the IAM policy
*/
private static void addRolesToServiceAccount(CredentialedUser user, ServiceAccount serviceAccount, Set<Role> roles, CloudProject cloudProject) throws IOException {
CloudResourceManager resourceManager = GoogleApiClientFactory.getInstance().getCloudResourceManagerClient(user.getCredential());
Policy existingPolicy = resourceManager.projects().getIamPolicy(cloudProject.projectId(), new GetIamPolicyRequest()).execute();
List<Binding> bindings = Lists.newArrayList(existingPolicy.getBindings());
List<Binding> additionalBindings = roles.stream().map(role -> {
Binding binding = new Binding();
binding.setRole(role.getName());
binding.setMembers(createServiceAccountMemberBindings(serviceAccount));
return binding;
}).collect(Collectors.toList());
bindings.addAll(additionalBindings);
SetIamPolicyRequest policyRequest = new SetIamPolicyRequest();
Policy newPolicy = new Policy();
newPolicy.setBindings(bindings);
policyRequest.setPolicy(newPolicy);
resourceManager.projects().setIamPolicy(cloudProject.projectId(), policyRequest).execute();
}
use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method createServiceAccount.
/**
* Creates a new {@link ServiceAccount} for the given {@link CloudProject} using the IAM API.
*/
private static ServiceAccount createServiceAccount(CredentialedUser user, String name, CloudProject cloudProject) throws IOException {
CreateServiceAccountRequest request = new CreateServiceAccountRequest();
ServiceAccount serviceAccount = new ServiceAccount();
serviceAccount.setDisplayName(name);
request.setServiceAccount(serviceAccount);
request.setAccountId(createServiceAccountId(name));
Iam iam = GoogleApiClientFactory.getInstance().getIamClient(user.getCredential());
return iam.projects().serviceAccounts().create(String.format(SERVICE_ACCOUNT_CREATE_REQUEST_PROJECT_FORMAT, cloudProject.projectId()), request).execute();
}
use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManager method createServiceAccountAndDownloadKey.
/**
* Creates a new {@link ServiceAccount}, adds the supplied set of {@link Role roles} to it, and
* creates and downloads the service account private key to the user's file system.
*
* @param roles the set of {@link Role} to add to the new service account
* @param name the name of the new service account to be created
* @param downloadDir the {@link Path} of the download directory of the service account private
* key json file
* @param cloudProject the current {@link CloudProject}
* @param project the current {@link Project}
*/
static void createServiceAccountAndDownloadKey(Set<Role> roles, String name, Path downloadDir, CloudProject cloudProject, Project project) {
Optional<CredentialedUser> user = Services.getLoginService().getLoggedInUser(cloudProject.googleUsername());
if (!user.isPresent()) {
LOG.error("Cannot enable APIs: logged in user not found.");
return;
}
ProgressIndicator progress = ServiceManager.getService(ProgressManager.class).getProgressIndicator();
try {
int numSteps = roles.isEmpty() ? 3 : 4;
double step = 0;
updateProgress(progress, GctBundle.message("cloud.apis.service.account.create.account.progress.message", name), step / numSteps);
step++;
ServiceAccount serviceAccount = createServiceAccount(user.get(), name, cloudProject);
if (!roles.isEmpty()) {
updateProgress(progress, GctBundle.message("cloud.apis.service.account.add.roles.progress.message"), step / numSteps);
step++;
addRolesToServiceAccount(user.get(), serviceAccount, roles, cloudProject);
}
updateProgress(progress, GctBundle.message("cloud.apis.service.account.create.key.progress.message"), step / numSteps);
step++;
ServiceAccountKey serviceAccountKey = createServiceAccountKey(user.get(), serviceAccount);
updateProgress(progress, GctBundle.message("cloud.apis.service.account.download.key.progress.message"), step / numSteps);
Path keyPath = writeServiceAccountKey(serviceAccountKey, downloadDir, cloudProject);
notifyServiceAccountCreated(project, name, keyPath);
} catch (IOException e) {
LOG.warn("Exception occurred attempting to create service account on GCP and download its key", e);
notifyServiceAccountError(project, name, e.toString());
}
}
use of com.google.api.services.iam.v1.model.ServiceAccount in project google-cloud-intellij by GoogleCloudPlatform.
the class CloudApiManagerTest method setupFakeServiceAccount.
private void setupFakeServiceAccount() {
serviceAccount = new ServiceAccount();
serviceAccount.setName("my-service-account");
}
Aggregations