-
-
Notifications
You must be signed in to change notification settings - Fork 51
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ebec3d1
commit d0cdeaf
Showing
5 changed files
with
118 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,48 @@ | ||
| #' Provision a service account | ||
| #' | ||
| #' This uses all the \link{gar_service_create} functions to enable creating service account roles more easily | ||
| #' | ||
| #' @inheritParams gar_service_create | ||
| #' @inheritParams gar_set_client | ||
| #' @inheritParams gar_auth | ||
| #' @details | ||
| #' | ||
| #' You will need the OAuth2.0 Client ID JSON from your GCP project via | ||
| #' \code{menu icon > APIs & Services > Credentials > Create Credentials > OAuth client ID} | ||
| #' | ||
| #' You need to authenticate with a user with permission \code{iam.serviceAccounts.create} for the project. Most often the user is an Owner/Editor | ||
| #' | ||
| #' @seealso \url{https://cloud.google.com/iam/docs/creating-managing-service-accounts#iam-service-accounts-create-rest} | ||
| #' | ||
| #' @export | ||
| #' @examples | ||
| #' | ||
| #' \dontrun{ | ||
| #' | ||
| #' gar_service_provision("my-service-account", | ||
| #' c("roles/viewer", "roles/bigquery.jobUser")) | ||
| #' } | ||
| gar_service_provision <- function(accountId, | ||
| roles, | ||
| json = Sys.getenv("GAR_CLIENT_JSON"), | ||
| file = paste0(accountId,"-auth-key.json"), | ||
| email = Sys.getenv("GARGLE_EMAIL")){ | ||
| projectId <- gar_set_client(json, | ||
| scopes = "https://www.googleapis.com/auth/cloud-platform") | ||
| if(email == ""){ | ||
| email <- NULL | ||
| } | ||
| gar_auth(email = email) | ||
| created <- gar_service_create(accountId, projectId = projectId) | ||
|
|
||
| gar_service_grant_roles(created$email, | ||
| roles = roles, | ||
| projectId = projectId) | ||
|
|
||
| gar_service_key(accountId, projectId = projectId, file = file) | ||
|
|
||
| } | ||
|
|
||
| #' Work with service accounts via the API | ||
| #' | ||
| #' These functions let you create a service JSON key from an OAuth2 login. You can then assign it roles and do a one time download of a service account key to use for authentication in other Google APIs | ||
|
|
@@ -37,13 +82,14 @@ gar_service_create <- function( | |
|
|
||
| #' Grant IAM roles to accountIds | ||
| #' | ||
| #' @param accountIds A vector of accountIds in the form \code{serviceAccount:[email protected]} | ||
| #' @param role The role to give the accountIds e.g. \code{roles/editor} - see list of roles here \url{https://cloud.google.com/iam/docs/understanding-roles#predefined_roles} | ||
| #' @param accountIds A vector of accountIds in the form \code{[email protected]} | ||
| #' @param roles A character vector of roles to give the accountIds e.g. \code{roles/editor} - see list of roles here \url{https://cloud.google.com/iam/docs/understanding-roles#predefined_roles} | ||
| #' @param type The type of accountId to add role for - e.g. \code{user:[email protected]} or \code{serviceAccount:[email protected]} | ||
| #' | ||
| #' @export | ||
| #' @rdname gar_service_create | ||
| gar_service_grant_roles <- function(accountIds, | ||
| role, | ||
| roles, | ||
| projectId, | ||
| type = c("serviceAccount", "user")){ | ||
|
|
||
|
|
@@ -54,16 +100,13 @@ gar_service_grant_roles <- function(accountIds, | |
| projectId | ||
| ) | ||
|
|
||
| the_roles <- lapply(roles, function(x){ | ||
| list(role = x, members = list(paste0(type,":",accountIds))) | ||
| }) | ||
|
|
||
| body <- list( | ||
| policy = list( | ||
| bindings = list( | ||
| list( | ||
| role = role, | ||
| members = list( | ||
| paste0(type, ":", accountIds) | ||
| ) | ||
| ) | ||
| ) | ||
| bindings = list(the_roles) | ||
| ) | ||
| ) | ||
|
|
||
|
|
||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| { | ||
| "type": "service_account", | ||
| "project_id": "mark-edmondson-gde", | ||
| "private_key_id": "276db7af1a8836d32aee74674c0c2912183d8460", | ||
| "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC59wHmQ08xHgPB\nViaxkNjh5Zj193aYJUsJmK7AO3w/MfBTDrSCXFPyA/VHNjD21cpwlL1+F2L3x2bj\n8yy3xcoxjj9uUKyQEX0x08tOtN/pfl3J3vD9Nf+Ev3KKMYRQ2rATfihPM3N/gOeT\nPRxQsKzYj4GICBdTtC6bda88ve0rjQ488mRCRXOVPvZMAg/YRqqxtjk8IXYXsm8e\nz1CAs6drmx6lu1fbl56NqLEtpmxGG1jUILDp89reFAl8HGNg/nCtuN5vLuPTUt5i\n/NL0vYTlRnxcHy5eAzeAnKFEWieDv9gRmQ+GlCsfkBW3dyQK6XlOgGVgnG0rqthi\n/ke/fSwBAgMBAAECggEAEe0AKd9jICucgQ56PF48tHRwAjBl0NSyHwKwwFGmRbvd\nRqRW529ZnYKe1MvMfH6vPPBEM9tdQYqJyH9bAtFLZEDUrHWVAhjYJe1x3kG2iR4S\nkbBZL+SnSiHfkKKlS9tIuG2jb78DQHnUg2+TQylEqrtqk7Tz9VrxAzCc67tYbqdy\nxxq9ruOzQ/ZBCPeiZvZ2TDKGIGoWJv5NqiQ49MDkmtMmKAi2ko9cFjnMEIFvNbib\n/FcICovxvn5BO1lV99Hl6oseCkYx+QLNSkHCbnne+0jOov/DECepLGXb9b0inMlG\nnFafZtJIGdoEoAG3gecvX9gR78miiIZzEj3dtsWtYQKBgQDfSLUc9zRRt7k2Wobk\n7/ImmVrnzLHnnUOYgc4Q1ftBLEGmBeUZJxpwG2PbE6FEMxg/Eod0ng2OMfK55UsM\n7Mhj4zW2Rs0LecJAQMxuhZAOM9MYO/Vz4qDcXchFDxHdhgFPbURySUDRntUt9IZC\nnw/5PTRXF4gSsI/W6POxRAoj3wKBgQDVNnliInzIguePWMMAK/E1pF9Ujt+RPn5t\nO/8R6rn3Hdwv4Jy0QJ8q+mfBefkQqK+bcl/kmAe7qW244pLTAM5LLeNPDtDeiqXd\n5ssOTIgD1Hi3ZUeh2Nsdsz19j8taxWTrnaJ72AC5uiIqrZyci/9FNn47kcTVXlIw\nIbdhqvesHwKBgQCgOHkV3uFhHhe+Q/l2ACPfxL1xhfXHAJdHsSVf+VxA6PP2oVZC\n1UdoWI8v3gcjfBKS98XRTbTmazsEX9+Z17L30ktxj56E9IsKNjU7vYWgW1nHkwbP\ncDkDyBv0ShsEvarlBsBNzfjAMlxAjK1m0uLQczXCpPUUjDO7ABAWDH/GOwKBgAKM\n9EbIQtXjOwHr/ekynWAW500LqIEETl7gKNz+AduC7+9isH03iK/q7vLRkrkwS2mA\npMUHTJBiJn3fuAHuMImVsvJvKvB+mB1fdW5mW/ovwIHxJDo7beOdEU8/OR+M3Pg0\nmo0AuIGASIhaK1V0F0msrTXpOIGU70bEIH16nhvhAoGAeMZbJLThRfYZuUCBuLdh\nJLAWVczeGPpeUrJG0jiRQ8LnWTGy34A1+0Msu0qPy8ouigKQZ8U5KbqUSnpB0RxU\nG8HMJF0YEaiH3d0Zgz0wXV7xSsxPFb3vL6k1Hen7X3K++tRjXY9y34QQGlm2baPo\n07VsD8XIbElLFF7+uixVbFk=\n-----END PRIVATE KEY-----\n", | ||
| "client_email": "[email protected]", | ||
| "client_id": "102412822577257088426", | ||
| "auth_uri": "https://accounts.google.com/o/oauth2/auth", | ||
| "token_uri": "https://oauth2.googleapis.com/token", | ||
| "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", | ||
| "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/my-service-account%40mark-edmondson-gde.iam.gserviceaccount.com" | ||
| } | ||
|
|