def Run(self, args):
try:
return self.iam_client.projects_serviceAccounts.GetIamPolicy(
self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
resource=utils.EmailToAccountResourceName(args.account)))
except exceptions.HttpError as error:
raise utils.ConvertToServiceAccountException(error, args.account)
def Run(self, args):
try:
# TODO(user): b/25212870
# gcloud's resource support doesn't yet work for atomic names. When it
# does this needs to be rewritten to use it.
# ref = self.ParseServiceAccount(args.account)
# return self.iam_client.projects_serviceAccounts.Get(ref.Request())
return self.iam_client.projects_serviceAccounts.Get(
self.messages.IamProjectsServiceAccountsGetRequest(
name=utils.EmailToAccountResourceName(args.account)))
except exceptions.HttpError as error:
raise utils.ConvertToServiceAccountException(error, args.account)
def Run(self, args):
try:
policy = iam_util.ParseJsonPolicyFile(
args.policy_file,
self.messages.Policy)
return self.iam_client.projects_serviceAccounts.SetIamPolicy(
self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
resource=utils.EmailToAccountResourceName(args.account),
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=policy)))
except exceptions.HttpError as error:
raise utils.ConvertToServiceAccountException(error, args.account)
def Run(self, args):
try:
current = self.iam_client.projects_serviceAccounts.Get(
self.messages.IamProjectsServiceAccountsGetRequest(
name=utils.EmailToAccountResourceName(args.account)))
return self.iam_client.projects_serviceAccounts.Update(
self.messages.ServiceAccount(
name=utils.EmailToAccountResourceName(args.account),
etag=current.etag,
displayName=args.display_name))
except exceptions.HttpError as error:
raise utils.ConvertToServiceAccountException(error, args.account)
def Run(self, args):
try:
response = self.iam_client.projects_serviceAccounts.SignBlob(
self.messages.IamProjectsServiceAccountsSignBlobRequest(
name=utils.EmailToAccountResourceName(args.iam_account),
signBlobRequest=self.messages.SignBlobRequest(
bytesToSign=self.ReadFile(args.input))))
self.WriteFile(args.output, response.signature)
log.status.Print(
'signed blob [{0}] as [{1}] for [{2}] using key [{3}]'.format(
args.input, args.output, args.iam_account, response.keyId))
except exceptions.HttpError as error:
raise utils.ConvertToServiceAccountException(error, args.account)
def Run(self, args):
try:
console_io.PromptContinue(
message='You are about to delete service '
'account [{0}].'.format(args.account),
cancel_on_no=True)
self.iam_client.projects_serviceAccounts.Delete(
self.messages.IamProjectsServiceAccountsDeleteRequest(
name=utils.EmailToAccountResourceName(args.account)))
log.status.Print('deleted service account [{0}]'.format(
args.account))
except exceptions.HttpError as error:
raise utils.ConvertToServiceAccountException(error, args.account)
def Run(self, args):
try:
policy = self.iam_client.projects_serviceAccounts.GetIamPolicy(
self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
resource=utils.EmailToAccountResourceName(args.account)))
iam_util.AddBindingToIamPolicy(self.messages, policy, args.member,
args.role)
return self.iam_client.projects_serviceAccounts.SetIamPolicy(
self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
resource=utils.EmailToAccountResourceName(args.account),
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=policy)))
except exceptions.HttpError as error:
raise utils.ConvertToServiceAccountException(error, args.account)
def Run(self, args):
try:
result = self.iam_client.projects_serviceAccounts_keys.List(
self.messages.IamProjectsServiceAccountsKeysListRequest(
name=utils.EmailToAccountResourceName(args.iam_account),
keyTypes=utils.ManagedByFromString(args.managed_by)))
keys = result.keys
if args.created_before:
ts = args.created_before
keys = [
key for key in keys
if datetime.strptime(key.validAfterTime, ZULU_FORMAT) < ts
]
return keys
except exceptions.HttpError as error:
raise utils.ConvertToServiceAccountException(
error, args.iam_account)