def Run(self, args):
try:
return self.iam_client.projects_serviceAccounts.GetIamPolicy(
self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.name)))
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args):
try:
# TODO(b/25212870): use resource parsing.
return self.iam_client.projects_serviceAccounts.Get(
self.messages.IamProjectsServiceAccountsGetRequest(
name=iam_util.EmailToAccountResourceName(args.name)))
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args):
try:
result = self.iam_client.projects_serviceAccounts_keys.Get(
self.messages.IamProjectsServiceAccountsKeysGetRequest(
name=iam_util.EmailAndKeyToResourceName(args.iam_account,
args.key),
publicKeyType=iam_util.PublicKeyTypeFromString(args.type)))
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(error, args.iam_account,
args.key)
self.WriteFile(args.output_file, result.publicKeyData)
log.status.Print('written key [{0}] for [{2}] as [{1}]'.format(
args.key, args.output_file, args.iam_account))
def Run(self, args):
try:
console_io.PromptContinue(
message='You are about to delete service '
'account [{0}].'.format(args.name),
cancel_on_no=True)
self.iam_client.projects_serviceAccounts.Delete(
self.messages.IamProjectsServiceAccountsDeleteRequest(
name=iam_util.EmailToAccountResourceName(args.name)))
log.status.Print('deleted service account [{0}]'.format(args.name))
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args):
try:
policy = iam_util.ParseJsonPolicyFile(args.policy_file,
self.messages.Policy)
return self.iam_client.projects_serviceAccounts.SetIamPolicy(
self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.account),
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=policy)))
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(
error, args.account)
def Run(self, args):
try:
response = self.iam_client.projects_serviceAccounts.SignJwt(
self.messages.IamProjectsServiceAccountsSignJwtRequest(
name=iam_util.EmailToAccountResourceName(args.iam_account),
signJwtRequest=self.messages.SignJwtRequest(payload=self.ReadFile(
args.input))))
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(error, args.iam_account)
self.WriteFile(args.output, response.signedJwt)
log.status.Print(
'signed jwt [{0}] as [{1}] for [{2}] using key [{3}]'.format(
args.input, args.output, args.iam_account, response.keyId))
def Run(self, args):
try:
resource_name = iam_util.EmailToAccountResourceName(args.name)
current = self.iam_client.projects_serviceAccounts.Get(
self.messages.IamProjectsServiceAccountsGetRequest(
name=resource_name))
result = self.iam_client.projects_serviceAccounts.Update(
self.messages.ServiceAccount(name=resource_name,
etag=current.etag,
displayName=args.display_name))
log.UpdatedResource(args.name, kind='service account')
return result
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args):
try:
policy = self.iam_client.projects_serviceAccounts.GetIamPolicy(
self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.name)))
iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role)
return self.iam_client.projects_serviceAccounts.SetIamPolicy(
self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.name),
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=policy)))
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(error, args.name)
def Run(self, args):
try:
result = self.iam_client.projects_serviceAccounts_keys.List(
self.messages.IamProjectsServiceAccountsKeysListRequest(
name=iam_util.EmailToAccountResourceName(args.iam_account),
keyTypes=iam_util.ManagedByFromString(args.managed_by)))
keys = result.keys
if args.created_before:
ts = args.created_before
keys = [
key for key in keys
if times.ParseDateTime(key.validAfterTime) < ts
]
return keys
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(
error, args.iam_account)
def Run(self, args):
try:
policy = iam_util.ParseJsonPolicyFile(args.policy_file,
self.messages.Policy)
if not policy.etag:
msg = (
'The specified policy does not contain an "etag" field '
'identifying a specific version to replace. Changing a '
'policy without an "etag" can overwrite concurrent policy '
'changes.')
console_io.PromptContinue(
message=msg,
prompt_string='Replace existing policy',
cancel_on_no=True)
return self.iam_client.projects_serviceAccounts.SetIamPolicy(
self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.account),
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=policy)))
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(
error, args.account)
