File: iam_admin.go

package info (click to toggle)
golang-github-hashicorp-go-gcp-common 0.8.0-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 176 kB
  • sloc: makefile: 2
file content (62 lines) | stat: -rw-r--r-- 2,117 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
package gcputil

import (
	"fmt"

	"google.golang.org/api/iam/v1"
)

const (
	// ServiceAccountTemplate is used with Google IAM v1.
	//
	// Deprecated: Use ServiceAccountCredentialsTemplate with Service Account Credentials API v1
	// instead. See https://cloud.google.com/iam/docs/migrating-to-credentials-api
	// ServiceAccountTemplate is used with
	// https://pkg.go.dev/google.golang.org/api@v0.3.0/iam/v1
	ServiceAccountTemplate = "projects/%s/serviceAccounts/%s"

	// ServiceAccountCredentialsTemplate is used with
	// https://pkg.go.dev/google.golang.org/api@v0.3.0/iamcredentials/v1
	ServiceAccountCredentialsTemplate = "projects/-/serviceAccounts/%s"
	ServiceAccountKeyTemplate         = "projects/%s/serviceAccounts/%s/keys/%s"
	ServiceAccountKeyFileType         = "TYPE_X509_PEM_FILE"
)

type ServiceAccountId struct {
	Project   string
	EmailOrId string
}

func (id *ServiceAccountId) ResourceName() string {
	return fmt.Sprintf(ServiceAccountTemplate, id.Project, id.EmailOrId)
}

type ServiceAccountKeyId struct {
	Project   string
	EmailOrId string
	Key       string
}

func (id *ServiceAccountKeyId) ResourceName() string {
	return fmt.Sprintf(ServiceAccountKeyTemplate, id.Project, id.EmailOrId, id.Key)
}

// ServiceAccount wraps a call to the GCP IAM API to get a service account.
func ServiceAccount(iamClient *iam.Service, accountId *ServiceAccountId) (*iam.ServiceAccount, error) {
	account, err := iamClient.Projects.ServiceAccounts.Get(accountId.ResourceName()).Do()
	if err != nil {
		return nil, fmt.Errorf("could not find service account '%s': %v", accountId.ResourceName(), err)
	}

	return account, nil
}

// ServiceAccountKey wraps a call to the GCP IAM API to get a service account key.
func ServiceAccountKey(iamClient *iam.Service, keyId *ServiceAccountKeyId) (*iam.ServiceAccountKey, error) {
	keyResource := keyId.ResourceName()
	key, err := iamClient.Projects.ServiceAccounts.Keys.Get(keyId.ResourceName()).PublicKeyType(ServiceAccountKeyFileType).Do()
	if err != nil {
		return nil, fmt.Errorf("could not find service account key '%s': %v", keyResource, err)
	}
	return key, nil
}