gar_service_create: Work with service accounts via the API

In googleAuthR: Authenticate and Create Google APIs

Work with service accounts via the API

Description

These functions let you create a service JSON key from an OAuth2 login. You can then assign it roles and do a one time download of a service account key to use for authentication in other Google APIs

Usage

gar_service_create(
  accountId,
  projectId,
  serviceName = "googleAuthR::gar_service_create",
  serviceDescription = "A service account created via googleAuthR"
)

gar_service_grant_roles(
  accountIds,
  roles,
  projectId,
  type = c("serviceAccount", "user", "group")
)

gar_service_get_roles(
  projectId,
  accountId = NULL,
  type = c("serviceAccount", "user", "group")
)

gar_service_key(
  accountId,
  projectId,
  file = paste0(accountId, "-auth-key.json")
)

gar_service_key_list(accountId, projectId)

gar_service_list(projectId)

gar_service_get(accountId, projectId)

Arguments

accountId	The service accountId
projectId	The projectId containing the service account
serviceName	Name of service account
serviceDescription	Description of service account
accountIds	A vector of accountIds in the form accountId@projectid.iam.gserviceaccount.com
roles	A character vector of roles to give the accountIds e.g. roles/editor - see list of roles here https://cloud.google.com/iam/docs/understanding-roles#predefined_roles or in your GCP console https://console.cloud.google.com/iam-admin/roles/details/roles
type	The type of accountId to add role for - e.g. user:mark@me.com or serviceAccount:accountId@projectid.iam.gserviceaccount.com
file	The file to download the private JSON key to

Details

It will download the existing roles, and append the role you add to it here.

If you supply an accountId to gar_service_get_roles then it will return only those roles that accountId has.

Value

If it already exists, returns it via gar_service_get, else creates the service key

See Also

Combine these functions to provision emails in one step with gar_service_provision

https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy

https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy

https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys/create

Other IAM functions: gar_service_provision()

Examples

## Not run: 

# all roles
projectId <- gar_set_client(
                json = Sys.getenv("GAR_CLIENT_JSON"), 
                scopes = "https://www.googleapis.com/auth/cloud-platform")
gar_service_get_roles(projectId)

# roles for one accountId
gar_service_get_roles(
    projectId, 
    accountId = "1080525199262@cloudbuild.gserviceaccount.com")


## End(Not run)
## Not run: 
 library(googleAuthR)
 gar_set_client(scopes = "https://www.googleapis.com/auth/cloud-platform")
 gar_auth()
 gar_service_create("test12345678", "my-project")
 
 gar_service_get("test12345678@my-project.iam.gserviceaccount.com", 
                 projectId = "my-project")
 
 gar_service_grant_roles("test12345678@my-project.iam.gserviceaccount.com",
                         role = "roles/editor",
                         projectId = "my-project")
 
 gar_service_key("test12345678", "my-project", "my-auth.json")
 
 gar_service_list("my-project")
 
 gar_service_key_list("test12345678", "my-project")

## End(Not run)

googleAuthR documentation built on May 29, 2024, 7:22 a.m.