def testGetsExistingAccount(self):
self.get_service_account.return_value = self.mock_service_account
result = iam_util.GetOrCreateEventingServiceAccountWithPrompt()
self.get_service_account.assert_called_once_with('cloud-run-events')
self.assertFalse(self.create_service_account.called)
self.assertEqual(result, self.mock_service_account.email)
def testCreatesNewAccountWithoutPrompt(self):
self.get_service_account.return_value = None
self.create_service_account.return_value = self.mock_service_account
result = iam_util.GetOrCreateEventingServiceAccountWithPrompt()
self.get_service_account.assert_called_once_with('cloud-run-events')
self.create_service_account.assert_called_once_with(
'cloud-run-events', 'Cloud Run Events for Anthos',
'Cloud Run Events on-cluster infrastructure')
self.assertEqual(result, self.mock_service_account.email)
def testCreatesNewAccountWithPrompt(self):
self.get_service_account.return_value = None
self.create_service_account.return_value = self.mock_service_account
self.can_prompt.return_value = True
result = iam_util.GetOrCreateEventingServiceAccountWithPrompt()
email = '*****@*****.**'
self.prompt_continue.assert_called_once_with(
message='\nThis will create service account [{}]'.format(email),
cancel_on_no=True)
self.get_service_account.assert_called_once_with('cloud-run-events')
self.create_service_account.assert_called_once_with(
'cloud-run-events', 'Cloud Run Events for Anthos',
'Cloud Run Events on-cluster infrastructure')
self.assertEqual(result, self.mock_service_account.email)
def Run(self, args):
"""Executes when the user runs the delete command."""
if serverless_flags.GetPlatform() == serverless_flags.PLATFORM_MANAGED:
raise exceptions.UnsupportedArgumentError(
'This command is only available with Cloud Run for Anthos.')
project = properties.VALUES.core.project.Get(required=True)
conn_context = connection_context.GetConnectionContext(
args, serverless_flags.Product.EVENTS, self.ReleaseTrack())
_EnableMissingServices(project)
if not args.IsSpecified('service_account'):
sa_email = iam_util.GetOrCreateEventingServiceAccountWithPrompt()
else:
sa_email = args.service_account
service_account_ref = resources.REGISTRY.Parse(
sa_email,
params={'projectsId': '-'},
collection=core_iam_util.SERVICE_ACCOUNTS_COLLECTION)
secret_ref = resources.REGISTRY.Parse(
_CONTROL_PLANE_SECRET_NAME,
params={'namespacesId': _CONTROL_PLANE_NAMESPACE},
collection='run.api.v1.namespaces.secrets',
api_version='v1')
with eventflow_operations.Connect(conn_context) as client:
iam_util.BindMissingRolesWithPrompt(service_account_ref,
_CONTROL_PLANE_REQUIRED_ROLES)
_PromptIfCanPrompt(
'\nThis will create a new key for the provided service account.'
)
_, key_ref = client.CreateOrReplaceServiceAccountSecret(
secret_ref, service_account_ref)
command_string = 'gcloud '
if self.ReleaseTrack() != base.ReleaseTrack.GA:
command_string += self.ReleaseTrack().prefix + ' '
command_string += 'events brokers create'
log.status.Print(
'Initialized cluster [{}] for Cloud Run eventing with '
'key [{}] for service account [{}]. '
'Next, create a broker in the namespace(s) you plan to '
'use via `{}`.'.format(args.CONCEPTS.cluster.Parse().Name(),
key_ref.Name(), service_account_ref.Name(),
command_string))
def Run(self, args):
"""Executes when the user runs the create command."""
if serverless_flags.GetPlatform() == serverless_flags.PLATFORM_MANAGED:
raise exceptions.UnsupportedArgumentError(
'This command is only available with Cloud Run for Anthos.')
if args.BROKER != _DEFAULT_BROKER_NAME:
raise exceptions.UnsupportedArgumentError(
'Only brokers named "default" may be created.')
conn_context = connection_context.GetConnectionContext(
args, serverless_flags.Product.EVENTS, self.ReleaseTrack())
if not args.IsSpecified('service_account'):
sa_email = iam_util.GetOrCreateEventingServiceAccountWithPrompt()
else:
sa_email = args.service_account
service_account_ref = resources.REGISTRY.Parse(
sa_email,
params={'projectsId': '-'},
collection=core_iam_util.SERVICE_ACCOUNTS_COLLECTION)
namespace_ref = args.CONCEPTS.namespace.Parse()
secret_ref = resources.REGISTRY.Parse(
_DATA_PLANE_SECRET_NAME,
params={'namespacesId': namespace_ref.Name()},
collection='run.api.v1.namespaces.secrets',
api_version='v1')
with eventflow_operations.Connect(conn_context) as client:
iam_util.BindMissingRolesWithPrompt(
service_account_ref, _DATA_PLANE_SECRET_MIN_REQUIRED_ROLES)
if console_io.CanPrompt():
console_io.PromptContinue(
message='This will create a new key for the provided '
'service account.',
cancel_on_no=True)
_, key_ref = client.CreateOrReplaceServiceAccountSecret(
secret_ref, service_account_ref)
client.UpdateNamespaceWithLabels(namespace_ref, _INJECTION_LABELS)
log.status.Print('Created broker [{}] in namespace [{}] with '
'key [{}] for service account [{}].'.format(
args.BROKER, namespace_ref.Name(), key_ref.Name(),
service_account_ref.Name()))