def remove_white_listed_service_account_ids(sa_ids):
"""
Remove any service account emails that should be ignored when
determining validitity.
Args:
sa_ids (List[str]): Service account emails
Returns:
List[str]: Service account emails
"""
white_listed_sa_emails = config.get("WHITE_LISTED_SERVICE_ACCOUNT_EMAILS",
[])
logger.debug(
"Removing whitelisted SAs {} from the SAs on the project.".format(
white_listed_sa_emails))
monitoring_service_account = get_monitoring_service_account_email()
if monitoring_service_account in sa_ids:
sa_ids.remove(monitoring_service_account)
for email in white_listed_sa_emails:
if email in sa_ids:
sa_ids.remove(email)
return sa_ids
def remove_white_listed_service_account_ids(
sa_ids, app_creds_file=None, white_listed_sa_emails=None
):
"""
Remove any service account emails that should be ignored when
determining validitity.
Args:
sa_ids (List[str]): Service account emails
Returns:
List[str]: Service account emails
"""
if white_listed_sa_emails is None:
white_listed_sa_emails = flask.current_app.config.get(
"WHITE_LISTED_SERVICE_ACCOUNT_EMAILS", []
)
monitoring_service_account = get_monitoring_service_account_email(app_creds_file)
if monitoring_service_account in sa_ids:
sa_ids.remove(monitoring_service_account)
for email in white_listed_sa_emails:
if email in sa_ids:
sa_ids.remove(email)
return sa_ids
def _get_monitoring_service_account_response(self):
"""
Return a response that includes our app's service account used
for monitoring user's Google projects.
Returns:
tuple(dict, int): (response_data, http_status_code)
"""
monitoring_account_email = get_monitoring_service_account_email()
if not monitoring_account_email:
error = (
"No monitoring service account. Fence is not currently "
"configured to support user-registration of service accounts.")
return {"message": error}, 404
response = {"service_account_email": monitoring_account_email}
return response, 200
