Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Code adjustments to ensure that snippets for docs have all necessary info #2386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Sep 11, 2019
Merged

Code adjustments to ensure that snippets for docs have all necessary info #2386

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
a7060ad
Merge pull request #1 from GoogleCloudPlatform/master
melaniedejong Aug 21, 2019
69874d9
Moving variable definitions inside methods
melaniedejong Sep 5, 2019
2b9df10
Added region tags to capture imports
melaniedejong Sep 9, 2019
f75806d
Moved variable definitions inside functions
melaniedejong Sep 9, 2019
4947d0b
Added region tags to capture imports
melaniedejong Sep 9, 2019
927a71f
Minor formatting adjustments
melaniedejong Sep 9, 2019
9264879
Removing whitespace from blank lines
melaniedejong Sep 9, 2019
0880dbe
Removing whitespace from blank lines
melaniedejong Sep 9, 2019
4a5a794
Lint
melaniedejong Sep 9, 2019
574ac7d
Lint
melaniedejong Sep 9, 2019
a3a434c
Lint
melaniedejong Sep 9, 2019
d044d50
Removing pylint tags
melaniedejong Sep 11, 2019
5fd2c2f
Removing pylint tags
melaniedejong Sep 11, 2019
ea50d15
Update service_account to my_service_account
melaniedejong Sep 11, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 27 additions & 8 deletions 35 iam/api-client/service_account_keys.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,23 +22,30 @@
"""

import argparse
# [START iam_create_key]
# [START iam_list_keys]
# [START iam_delete_key]
import os

from google.oauth2 import service_account
import googleapiclient.discovery

credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])
service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)
# [END iam_create_key]
# [END iam_list_keys]
# [END iam_delete_key]


# [START iam_create_key]
def create_key(service_account_email):
"""Creates a key for a service account."""

# pylint: disable=no-member
credentials = service_account.Credentials.from_service_account_file(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems strange that we have to define this at all since Cloud Client libraries handle this automatically. Are we certain that discovery is the right library to use and that discovery can't be coaxed to do this automatically?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's my understanding that the user needs to create the credentials themselves so they can access the service account connected to their project. But really, my context for that is just this doc: https://cloud.google.com/iam/docs/quickstart-client-libraries#client-libraries-usage-python. Is that still relevant?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was hoping it would have a Cloud library somewhere but maybe it doesn't. At any rate, we can assume that's accurate for now. Thanks.

filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)

key = service.projects().serviceAccounts().keys().create(
name='projects/-/serviceAccounts/' + service_account_email, body={}
).execute()
Expand All @@ -51,7 +58,13 @@ def create_key(service_account_email):
def list_keys(service_account_email):
"""Lists all keys for a service account."""

# pylint: disable=no-member
credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)

keys = service.projects().serviceAccounts().keys().list(
name='projects/-/serviceAccounts/' + service_account_email).execute()

Expand All @@ -64,7 +77,13 @@ def list_keys(service_account_email):
def delete_key(full_key_name):
"""Deletes a service account key."""

# pylint: disable=no-member
credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)

service.projects().serviceAccounts().keys().delete(
name=full_key_name).execute()

Expand Down
65 changes: 46 additions & 19 deletions 65 iam/api-client/service_accounts.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,25 +20,33 @@
"""

import argparse
# [START iam_create_service_account]
# [START iam_list_service_account]
# [START iam_rename_service_account]
# [START iam_delete_service_account]
import os

from google.oauth2 import service_account
import googleapiclient.discovery

credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)
# [END iam_create_service_account]
# [END iam_list_service_account]
# [END iam_rename_service_account]
# [END iam_delete_service_account]


# [START iam_create_service_account]
def create_service_account(project_id, name, display_name):
"""Creates a service account."""

# pylint: disable=no-member
service_account = service.projects().serviceAccounts().create(
credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)

my_service_account = service.projects().serviceAccounts().create(
name='projects/' + project_id,
body={
'accountId': name,
Expand All @@ -47,16 +55,22 @@ def create_service_account(project_id, name, display_name):
}
}).execute()

print('Created service account: ' + service_account['email'])
return service_account
print('Created service account: ' + my_service_account['email'])
return my_service_account
# [END iam_create_service_account]


# [START iam_list_service_accounts]
def list_service_accounts(project_id):
"""Lists all service accounts for the current project."""

# pylint: disable=no-member
credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)

service_accounts = service.projects().serviceAccounts().list(
name='projects/' + project_id).execute()

Expand All @@ -73,27 +87,40 @@ def rename_service_account(email, new_display_name):
"""Changes a service account's display name."""

# First, get a service account using List() or Get()
credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)

resource = 'projects/-/serviceAccounts/' + email
# pylint: disable=no-member
service_account = service.projects().serviceAccounts().get(

my_service_account = service.projects().serviceAccounts().get(
name=resource).execute()

# Then you can update the display name
service_account['displayName'] = new_display_name
service_account = service.projects().serviceAccounts().update(
name=resource, body=service_account).execute()
my_service_account['displayName'] = new_display_name
my_service_account = service.projects().serviceAccounts().update(
name=resource, body=my_service_account).execute()

print('Updated display name for {} to: {}'.format(
service_account['email'], service_account['displayName']))
return service_account
my_service_account['email'], my_service_account['displayName']))
return my_service_account
# [END iam_rename_service_account]


# [START iam_delete_service_account]
def delete_service_account(email):
"""Deletes a service account."""

# pylint: disable=no-member
credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)

service.projects().serviceAccounts().delete(
name='projects/-/serviceAccounts/' + email).execute()

Expand Down
Morty Proxy This is a proxified and sanitized view of the page, visit original site.