def Run(self, args): try: return self.iam_client.projects_serviceAccounts.GetIamPolicy( self.messages.IamProjectsServiceAccountsGetIamPolicyRequest( resource=iam_util.EmailToAccountResourceName(args.name))) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args): try: # TODO(b/25212870): use resource parsing. return self.iam_client.projects_serviceAccounts.Get( self.messages.IamProjectsServiceAccountsGetRequest( name=iam_util.EmailToAccountResourceName(args.name))) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args): try: result = self.iam_client.projects_serviceAccounts_keys.Get( self.messages.IamProjectsServiceAccountsKeysGetRequest( name=iam_util.EmailAndKeyToResourceName(args.iam_account, args.key), publicKeyType=iam_util.PublicKeyTypeFromString(args.type))) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException(error, args.iam_account, args.key) self.WriteFile(args.output_file, result.publicKeyData) log.status.Print('written key [{0}] for [{2}] as [{1}]'.format( args.key, args.output_file, args.iam_account))
def Run(self, args): try: console_io.PromptContinue( message='You are about to delete service ' 'account [{0}].'.format(args.name), cancel_on_no=True) self.iam_client.projects_serviceAccounts.Delete( self.messages.IamProjectsServiceAccountsDeleteRequest( name=iam_util.EmailToAccountResourceName(args.name))) log.status.Print('deleted service account [{0}]'.format(args.name)) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args): try: policy = iam_util.ParseJsonPolicyFile(args.policy_file, self.messages.Policy) return self.iam_client.projects_serviceAccounts.SetIamPolicy( self.messages.IamProjectsServiceAccountsSetIamPolicyRequest( resource=iam_util.EmailToAccountResourceName(args.account), setIamPolicyRequest=self.messages.SetIamPolicyRequest( policy=policy))) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException( error, args.account)
def Run(self, args): try: response = self.iam_client.projects_serviceAccounts.SignJwt( self.messages.IamProjectsServiceAccountsSignJwtRequest( name=iam_util.EmailToAccountResourceName(args.iam_account), signJwtRequest=self.messages.SignJwtRequest(payload=self.ReadFile( args.input)))) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException(error, args.iam_account) self.WriteFile(args.output, response.signedJwt) log.status.Print( 'signed jwt [{0}] as [{1}] for [{2}] using key [{3}]'.format( args.input, args.output, args.iam_account, response.keyId))
def Run(self, args): try: resource_name = iam_util.EmailToAccountResourceName(args.name) current = self.iam_client.projects_serviceAccounts.Get( self.messages.IamProjectsServiceAccountsGetRequest( name=resource_name)) result = self.iam_client.projects_serviceAccounts.Update( self.messages.ServiceAccount(name=resource_name, etag=current.etag, displayName=args.display_name)) log.UpdatedResource(args.name, kind='service account') return result except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args): try: policy = self.iam_client.projects_serviceAccounts.GetIamPolicy( self.messages.IamProjectsServiceAccountsGetIamPolicyRequest( resource=iam_util.EmailToAccountResourceName(args.name))) iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role) return self.iam_client.projects_serviceAccounts.SetIamPolicy( self.messages.IamProjectsServiceAccountsSetIamPolicyRequest( resource=iam_util.EmailToAccountResourceName(args.name), setIamPolicyRequest=self.messages.SetIamPolicyRequest( policy=policy))) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args): try: result = self.iam_client.projects_serviceAccounts_keys.List( self.messages.IamProjectsServiceAccountsKeysListRequest( name=iam_util.EmailToAccountResourceName(args.iam_account), keyTypes=iam_util.ManagedByFromString(args.managed_by))) keys = result.keys if args.created_before: ts = args.created_before keys = [ key for key in keys if times.ParseDateTime(key.validAfterTime) < ts ] return keys except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException( error, args.iam_account)
def Run(self, args): try: policy = iam_util.ParseJsonPolicyFile(args.policy_file, self.messages.Policy) if not policy.etag: msg = ( 'The specified policy does not contain an "etag" field ' 'identifying a specific version to replace. Changing a ' 'policy without an "etag" can overwrite concurrent policy ' 'changes.') console_io.PromptContinue( message=msg, prompt_string='Replace existing policy', cancel_on_no=True) return self.iam_client.projects_serviceAccounts.SetIamPolicy( self.messages.IamProjectsServiceAccountsSetIamPolicyRequest( resource=iam_util.EmailToAccountResourceName(args.account), setIamPolicyRequest=self.messages.SetIamPolicyRequest( policy=policy))) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException( error, args.account)