/// <summary>
/// This creates some service accounts with permissions to read and write to a project, which expire
/// in one week.
/// </summary>
private static void Setup()
{
ServiceAccountIds = new List <long>();
var perm = new Permission
{
Parts = { new RepeatedField <string> {
"prj", ProjectName, "*"
} },
Verbs =
{
new RepeatedField <Permission.Types.Verb>
{
Permission.Types.Verb.Read,
Permission.Types.Verb.Write
}
}
};
Console.WriteLine("Setting up for the scenario by creating new service accounts...");
for (var i = 0; i < NumberOfServiceAccountsToCreate; i++)
{
var resp = ServiceAccountServiceClient.CreateServiceAccount(new CreateServiceAccountRequest
{
Name = ServiceAccountName,
ProjectName = ProjectName,
Permissions = { new RepeatedField <Permission> {
perm
} },
Lifetime = Duration.FromTimeSpan(new TimeSpan(1)) // Let this service account live for one day
});
ServiceAccountIds.Add(resp.Id);
}
}
public async Task <object> CreateServiceAccount(dynamic data)
{
return(await Task.Run(() => {
PlatformRefreshTokenCredential CredentialWithProvidedToken = new PlatformRefreshTokenCredential(data._RefreshToken);
ServiceAccountServiceClient _serviceAccountServiceClient = ServiceAccountServiceClient.Create(credentials: CredentialWithProvidedToken);
var perm = new Permission
{
Parts =
{
new RepeatedField <string> {
"prj", data._ProjectName, "*"
}
}
};
if (data._WritePermission)
{
perm.Verbs.Add(Permission.Types.Verb.Write);
}
if (data._ReadPermission)
{
perm.Verbs.Add(Permission.Types.Verb.Read);
}
if (data._GrantPermission)
{
perm.Verbs.Add(Permission.Types.Verb.Grant);
}
var _newAccount = _serviceAccountServiceClient.CreateServiceAccount(new CreateServiceAccountRequest
{
Name = data._ServiceAccountName,
ProjectName = data._ProjectName,
Permissions = { new RepeatedField <Permission> {
perm
} },
Lifetime = Duration.FromTimeSpan(TimeSpan.FromSeconds(data._Lifetime))
});
return _newAccount.Id;
}));
}
private static int CreateServiceAccount(CreateOptions opts)
{
var parsedLifetime = TimeSpan.Zero;
try
{
parsedLifetime = TimeSpan.Parse(opts.Lifetime);
}
catch (FormatException)
{
Console.WriteLine($"Failed to parse lifetime: {opts.Lifetime}");
Console.WriteLine("Expected it to be in a format that can be parsed as a TimeSpan.");
Console.WriteLine("E.g. 1.2:15 is 1 day, 2 hours and 15 minutes.");
return(1);
}
if (File.Exists(opts.RefreshTokenFile))
{
Console.WriteLine($"Refresh token output file {opts.RefreshTokenFile} already exists.");
Console.WriteLine("Aborting service account creation. Please delete / move it before running again.");
return(1);
}
var projectPermissionVerbs = new RepeatedField <Permission.Types.Verb> {
Permission.Types.Verb.Read
};
if (opts.ProjectWrite)
{
Console.WriteLine("Granting the service account project write access.");
projectPermissionVerbs.Add(Permission.Types.Verb.Write);
}
var projectPermission = new Permission
{
Parts = { new RepeatedField <string> {
"prj", opts.ProjectName, "*"
} },
Verbs = { projectPermissionVerbs }
};
var packagePermissions = new Permission
{
Parts = { new RepeatedField <string> {
"srv", "pkg"
} },
Verbs = { new RepeatedField <Permission.Types.Verb> {
Permission.Types.Verb.Read
} }
};
var bundlePermissions = new Permission
{
Parts = { new RepeatedField <string> {
"srv", "bundles"
} },
Verbs = { new RepeatedField <Permission.Types.Verb> {
Permission.Types.Verb.Read
} }
};
var permissions = new RepeatedField <Permission> {
projectPermission, bundlePermissions, packagePermissions
};
if (opts.MetricsRead)
{
Console.WriteLine("Granting the service account metrics read access.");
var metricsReadPermissions = new Permission
{
Parts = { new RepeatedField <string> {
"srv", "*"
} },
Verbs = { new RepeatedField <Permission.Types.Verb> {
Permission.Types.Verb.Read
} }
};
permissions.Add(metricsReadPermissions);
}
var serviceAccount = ServiceAccountServiceClient.CreateServiceAccount(new CreateServiceAccountRequest
{
Name = opts.ServiceAccountName,
ProjectName = opts.ProjectName,
Permissions = { permissions },
Lifetime = Duration.FromTimeSpan(parsedLifetime),
});
Console.WriteLine($"Service account created with ID {serviceAccount.Id}");
Console.WriteLine($"Writing service account refresh token to {opts.RefreshTokenFile}.");
// Don't put a byte-order mark in the created file.
var encoding = new UTF8Encoding(false);
File.WriteAllText(opts.RefreshTokenFile, serviceAccount.Token, encoding);
return(0);
}
