def Run(self, args):
    self.SetAddress(args.account)
    current = self.iam_client.projects_serviceAccounts.Get(
        self.messages.IamProjectsServiceAccountsGetRequest(
            name=utils.EmailToAccountResourceName(args.account)))

    return self.iam_client.projects_serviceAccounts.Update(
        self.messages.ServiceAccount(
            name=utils.EmailToAccountResourceName(args.account),
            etag=current.etag,
            displayName=args.display_name))
Beispiel #2
0
    def Run(self, args):
        try:
            current = self.iam_client.projects_serviceAccounts.Get(
                self.messages.IamProjectsServiceAccountsGetRequest(
                    name=utils.EmailToAccountResourceName(args.account)))

            return self.iam_client.projects_serviceAccounts.Update(
                self.messages.ServiceAccount(
                    name=utils.EmailToAccountResourceName(args.account),
                    etag=current.etag,
                    displayName=args.display_name))
        except exceptions.HttpError as error:
            raise utils.ConvertToServiceAccountException(error, args.account)
    def Run(self, args):
        self.SetAddress(args.account)
        policy = self.iam_client.projects_serviceAccounts.GetIamPolicy(
            self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
                resource=utils.EmailToAccountResourceName(args.account)))

        iam_util.AddBindingToIamPolicy(self.messages, policy, args)

        return self.iam_client.projects_serviceAccounts.SetIamPolicy(
            self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
                resource=utils.EmailToAccountResourceName(args.account),
                setIamPolicyRequest=self.messages.SetIamPolicyRequest(
                    policy=policy)))
Beispiel #4
0
    def Run(self, args):
        self.SetAddress(args.account)
        self.iam_client.projects_serviceAccounts.Delete(
            self.messages.IamProjectsServiceAccountsDeleteRequest(
                name=utils.EmailToAccountResourceName(args.account)))

        log.status.Print('deleted service account [{0}]'.format(args.account))
    def Run(self, args):
        try:
            policy = self.iam_client.projects_serviceAccounts.GetIamPolicy(
                self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
                    resource=utils.EmailToAccountResourceName(args.account)))

            iam_util.AddBindingToIamPolicy(self.messages, policy, args.member,
                                           args.role)

            return self.iam_client.projects_serviceAccounts.SetIamPolicy(
                self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
                    resource=utils.EmailToAccountResourceName(args.account),
                    setIamPolicyRequest=self.messages.SetIamPolicyRequest(
                        policy=policy)))
        except exceptions.HttpError as error:
            raise utils.ConvertToServiceAccountException(error, args.account)
Beispiel #6
0
 def Run(self, args):
     try:
         return self.iam_client.projects_serviceAccounts.GetIamPolicy(
             self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
                 resource=utils.EmailToAccountResourceName(args.account)))
     except exceptions.HttpError as error:
         raise utils.ConvertToServiceAccountException(error, args.account)
    def Run(self, args):
        self.SetAddress(args.account)
        policy = iam_util.ParseJsonPolicyFile(args.policy_file,
                                              self.messages.Policy)

        return self.iam_client.projects_serviceAccounts.SetIamPolicy(
            self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
                resource=utils.EmailToAccountResourceName(args.account),
                setIamPolicyRequest=self.messages.SetIamPolicyRequest(
                    policy=policy)))
Beispiel #8
0
 def Run(self, args):
     self.SetAddress(args.account)
     # TODO(user): b/25212870
     # gcloud's resource support doesn't yet work for atomic names. When it does
     # this needs to be rewritten to use it.
     # ref = self.ParseServiceAccount(args.account)
     # return self.iam_client.projects_serviceAccounts.Get(ref.Request())
     return self.iam_client.projects_serviceAccounts.Get(
         self.messages.IamProjectsServiceAccountsGetRequest(
             name=utils.EmailToAccountResourceName(args.account)))
Beispiel #9
0
    def Run(self, args):
        self.SetAddress(args.iam_account)
        response = self.iam_client.projects_serviceAccounts.SignBlob(
            self.messages.IamProjectsServiceAccountsSignBlobRequest(
                name=utils.EmailToAccountResourceName(args.iam_account),
                signBlobRequest=self.messages.SignBlobRequest(
                    bytesToSign=self.ReadFile(args.input))))

        self.WriteFile(args.output, response.signature)
        log.status.Print('signed blob [{0}] as [{1}] for [{2}]'.format(
            args.input, args.output, args.iam_account))
Beispiel #10
0
 def Run(self, args):
     try:
         # TODO(user): b/25212870
         # gcloud's resource support doesn't yet work for atomic names. When it
         # does this needs to be rewritten to use it.
         # ref = self.ParseServiceAccount(args.account)
         # return self.iam_client.projects_serviceAccounts.Get(ref.Request())
         return self.iam_client.projects_serviceAccounts.Get(
             self.messages.IamProjectsServiceAccountsGetRequest(
                 name=utils.EmailToAccountResourceName(args.account)))
     except exceptions.HttpError as error:
         raise utils.ConvertToServiceAccountException(error, args.account)
Beispiel #11
0
  def Run(self, args):
    try:
      policy = iam_util.ParseJsonPolicyFile(
          args.policy_file,
          self.messages.Policy)

      return self.iam_client.projects_serviceAccounts.SetIamPolicy(
          self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
              resource=utils.EmailToAccountResourceName(args.account),
              setIamPolicyRequest=self.messages.SetIamPolicyRequest(
                  policy=policy)))
    except exceptions.HttpError as error:
      raise utils.ConvertToServiceAccountException(error, args.account)
  def Run(self, args):
    try:
      response = self.iam_client.projects_serviceAccounts.SignBlob(
          self.messages.IamProjectsServiceAccountsSignBlobRequest(
              name=utils.EmailToAccountResourceName(args.iam_account),
              signBlobRequest=self.messages.SignBlobRequest(
                  bytesToSign=self.ReadFile(args.input))))

      self.WriteFile(args.output, response.signature)
      log.status.Print(
          'signed blob [{0}] as [{1}] for [{2}] using key [{3}]'.format(
              args.input, args.output, args.iam_account, response.keyId))
    except exceptions.HttpError as error:
      raise utils.ConvertToServiceAccountException(error, args.account)
    def Run(self, args):
        try:
            console_io.PromptContinue(
                message='You are about to delete service '
                'account [{0}].'.format(args.account),
                cancel_on_no=True)
            self.iam_client.projects_serviceAccounts.Delete(
                self.messages.IamProjectsServiceAccountsDeleteRequest(
                    name=utils.EmailToAccountResourceName(args.account)))

            log.status.Print('deleted service account [{0}]'.format(
                args.account))
        except exceptions.HttpError as error:
            raise utils.ConvertToServiceAccountException(error, args.account)
Beispiel #14
0
    def Run(self, args):
        result = self.iam_client.projects_serviceAccounts_keys.Create(
            self.messages.IamProjectsServiceAccountsKeysCreateRequest(
                name=utils.EmailToAccountResourceName(args.iam_account),
                createServiceAccountKeyRequest=self.messages.
                CreateServiceAccountKeyRequest(
                    privateKeyType=utils.KeyTypeToCreateKeyType(
                        utils.KeyTypeFromString(args.key_file_type)))))

        # Only the creating user has access. Set file permission to "-rw-------".
        self.WriteFile(args.output, result.privateKeyData, make_private=True)
        log.status.Print(
            'created key [{0}] of type [{1}] as [{2}] for [{3}]'.format(
                utils.GetKeyIdFromResourceName(result.name),
                utils.KeyTypeToString(result.privateKeyType), args.output,
                args.iam_account))
Beispiel #15
0
    def Run(self, args):
        try:
            result = self.iam_client.projects_serviceAccounts_keys.List(
                self.messages.IamProjectsServiceAccountsKeysListRequest(
                    name=utils.EmailToAccountResourceName(args.iam_account),
                    keyTypes=utils.ManagedByFromString(args.managed_by)))

            keys = result.keys
            if args.created_before:
                ts = args.created_before
                keys = [
                    key for key in keys
                    if datetime.strptime(key.validAfterTime, ZULU_FORMAT) < ts
                ]

            return keys
        except exceptions.HttpError as error:
            raise utils.ConvertToServiceAccountException(
                error, args.iam_account)
Beispiel #16
0
    def Run(self, args):
        self.SetAddress(args.iam_account)
        result = self.iam_client.projects_serviceAccounts_keys.List(
            self.messages.IamProjectsServiceAccountsKeysListRequest(
                name=utils.EmailToAccountResourceName(args.iam_account),
                keyTypes=utils.ManagedByFromString(args.managed_by)))

        keys = result.keys
        if args.created_before:
            timestamp = args.created_before
            keys = [
                key for key in keys if
                datetime.strptime(key.validAfterTime, ZULU_FORMAT) < timestamp
            ]

        # TODO(user): We can't use the default list printing functions until
        # there is support for atomic names. This property is the equivalent of
        # a COLUMN_MAP for the list printer. To be removed in the future.
        self.data_format = data_formats.SERVICE_ACCOUNT_KEY_COLUMNS
        return keys
Beispiel #17
0
 def Run(self, args):
   self.SetAddress(args.account)
   return self.iam_client.projects_serviceAccounts.GetIamPolicy(
       self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
           resource=utils.EmailToAccountResourceName(args.account)))