...

Source file src/edge-infra.dev/pkg/lib/gcp/iam/service_account.go

Documentation: edge-infra.dev/pkg/lib/gcp/iam 

     1  package iam
     2  
     3  import (
     4  	"context"
     5  
     6  	"google.golang.org/api/googleapi"
     7  	"google.golang.org/api/iam/v1"
     8  )
     9  
    10  // NewServiceAccount returns a new iam serviceaccount.
    11  func NewServiceAccount(displayName, description string) *iam.ServiceAccount {
    12  	return &iam.ServiceAccount{
    13  		DisplayName: displayName,
    14  		Description: description,
    15  	}
    16  }
    17  
    18  // NewServiceAccountRequest returns a new createserviceaccount request.
    19  func NewServiceAccountRequest(accountID string, serviceAccount *iam.ServiceAccount) *iam.CreateServiceAccountRequest {
    20  	return &iam.CreateServiceAccountRequest{
    21  		AccountId:      accountID,
    22  		ServiceAccount: serviceAccount,
    23  	}
    24  }
    25  
    26  // CreateServiceAccount projectID in the form of projects/ID.
    27  func (i *IAMService) CreateServiceAccount(ctx context.Context, projectID string, serviceAccount *iam.CreateServiceAccountRequest) (*iam.ServiceAccount, error) {
    28  	return i.Projects.ServiceAccounts.Create(projectID, serviceAccount).Context(ctx).Do()
    29  }
    30  
    31  // name: The resource name of the service account in the following
    32  //
    33  //	format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`
    34  func (i *IAMService) DeleteServiceAccount(ctx context.Context, name string) error {
    35  	_, err := i.Projects.ServiceAccounts.Delete(name).Context(ctx).Do()
    36  	return err
    37  }
    38  
    39  // GetServiceAccount gets a service account with the specified name.
    40  // where name is in the form projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}
    41  func (i *IAMService) GetServiceAccount(ctx context.Context, name string) (*iam.ServiceAccount, error) {
    42  	return i.Projects.ServiceAccounts.Get(name).Context(ctx).Do()
    43  }
    44  
    45  // NewServiceAccountKeyRequest creates a new iam service account key request.
    46  func NewServiceAccountKeyRequest() *iam.CreateServiceAccountKeyRequest {
    47  	return &iam.CreateServiceAccountKeyRequest{}
    48  }
    49  
    50  // CreateServiceAccountKey calls the iam endpoint and returns a sa key object.
    51  func (i *IAMService) CreateServiceAccountKey(ctx context.Context, name string, saKeyRequest *iam.CreateServiceAccountKeyRequest, opts ...googleapi.CallOption) (*iam.ServiceAccountKey, error) {
    52  	return i.Projects.ServiceAccounts.Keys.Create(name, saKeyRequest).Context(ctx).Do(opts...)
    53  }
    54  
    55  // DeleteExcessServiceAccountKeys deletes keys for a Service account if it's reached the limit of keys created for the
    56  // service account. Will only be used when bootstrap is called repeatedly.
    57  func (i *IAMService) DeleteExcessServiceAccountKeys(ctx context.Context, name string, opts ...googleapi.CallOption) error {
    58  	accs, err := i.Projects.ServiceAccounts.Keys.List(name).Context(ctx).Do(opts...)
    59  	if err != nil {
    60  		return err
    61  	}
    62  	if len(accs.Keys) < 10 {
    63  		return nil
    64  	}
    65  	for _, acc := range accs.Keys {
    66  		if acc.KeyType == "SYSTEM_MANAGED" {
    67  			continue
    68  		}
    69  		_, err = i.Projects.ServiceAccounts.Keys.Delete(acc.Name).Context(ctx).Do(opts...)
    70  		if err != nil {
    71  			return err
    72  		}
    73  	}
    74  	return nil
    75  }
    76  
    77  // GetServiceAccountIamPolicy calls the iam endpoint to fetch the iam policy of a service account.
    78  func (i *IAMService) GetServiceAccountIamPolicy(ctx context.Context, resource string) (*iam.Policy, error) {
    79  	return i.Projects.ServiceAccounts.GetIamPolicy(resource).Context(ctx).Do()
    80  }
    81  
    82  // SetServiceAccountIamPolicy calls the iam endpoint to set the iam policy of a service account.
    83  func (i *IAMService) SetServiceAccountIamPolicy(ctx context.Context, resource string, policyRequest *iam.SetIamPolicyRequest) (*iam.Policy, error) {
    84  	return i.Projects.ServiceAccounts.SetIamPolicy(resource, policyRequest).Context(ctx).Do()
    85  }
    86  

View as plain text