public static void Main(string[] args) { // Get credentials GoogleCredential credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); // Create the Cloud IAM service object IamService service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); // Call the Cloud IAM Roles API ListRolesResponse response = service.Roles.List().Execute(); IList <Role> roles = response.Roles; // Process the response foreach (Role role in roles) { Console.WriteLine("Title: " + role.Title); Console.WriteLine("Name: " + role.Name); Console.WriteLine("Description: " + role.Description); Console.WriteLine(); } }
public Role CreateCustomRole(IamService service) { var role = new Role { Title = "C# Test Custom Role", Description = "Role for AccessTest", IncludedPermissions = new List <string> { "iam.roles.get" }, Stage = "GA" }; var request = new CreateRoleRequest { Role = role, RoleId = "csharpTestCustomRole" + new Random().Next() }; try { return(service.Projects.Roles.Create(request, "projects/" + _project).Execute()); } catch (GoogleApiException ex) when(ex.HttpStatusCode == HttpStatusCode.TooManyRequests && ex.Error.Message.Contains("Maximum number of roles reached")) { Skip.If(true, "Maximum number of roles reached."); throw; // We should never throw here (Skip throws), but we need to make the compiler happy. } }
public static void Main(string[] args) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); string fullResourceName = args[0]; // [START iam_view_grantable_roles] var request = new QueryGrantableRolesRequest { FullResourceName = fullResourceName }; var response = service.Roles.QueryGrantableRoles(request).Execute(); foreach (var role in response.Roles) { Console.WriteLine("Title: " + role.Title); Console.WriteLine("Name: " + role.Name); Console.WriteLine("Description: " + role.Description); Console.WriteLine(); } // [END iam_view_grantable_roles] }
private bool CreateServiceAccountAndKey(UserCredential userCredential, string projectID, string accountID, string displayName) { try { var service = new IamService(new IamService.Initializer { HttpClientInitializer = userCredential, ApplicationName = AppName, }); var request2 = new CreateServiceAccountRequest { AccountId = accountID, ServiceAccount = new ServiceAccount { DisplayName = displayName } }; var serviceAccount = service.Projects.ServiceAccounts.Create( request2, "projects/" + projectID).Execute(); var email = serviceAccount.Email; var key = service.Projects.ServiceAccounts.Keys.Create( new CreateServiceAccountKeyRequest(), "projects/-/serviceAccounts/" + email) .Execute(); } catch (Exception) { } return(true); }
public QuickStartTest() { // Check for _projectId and throw exception if empty _projectId = Environment.GetEnvironmentVariable("GOOGLE_PROJECT_ID"); if (_projectId == null) { throw new ArgumentNullException("GOOGLE_PROJECT_ID", "Environment variable not set"); } // Create service account for test var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); _iamService = new IamService( new IamService.Initializer { HttpClientInitializer = credential }); var request = new CreateServiceAccountRequest { AccountId = "iam-test-account" + DateTime.UtcNow.Millisecond, ServiceAccount = new ServiceAccount { DisplayName = "iamTestAccount" } }; _serviceAccount = _iamService.Projects.ServiceAccounts.Create( request, "projects/" + _projectId).Execute(); }
public IList <ServiceAccount> ListServiceAccounts(string projectId) { var driveAuth = _googleCloudConfig.CredentialsPath; var scopes = new string[] { DriveService.Scope.Drive, IamService.Scope.CloudPlatform }; using var stream = new FileStream(driveAuth, FileMode.Open, FileAccess.Read); var credential = GoogleCredential.FromStream(stream) .CreateScoped(scopes); var service = new IamService(new BaseClientService.Initializer { HttpClientInitializer = credential }); var response = service.Projects.ServiceAccounts.List("projects/" + projectId).Execute(); foreach (var account in response.Accounts) { Console.WriteLine("Name: " + account.Name); Console.WriteLine("Display Name: " + account.DisplayName); Console.WriteLine("Email: " + account.Email); Console.WriteLine(); } return(response.Accounts); }
public static Role CreateRole(string name, string projectId, string title, string description, IList <string> permissions, string stage) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); var role = new Role { Title = title, Description = description, IncludedPermissions = permissions, Stage = stage }; var request = new CreateRoleRequest { Role = role, RoleId = name }; role = service.Projects.Roles.Create(request, "projects/" + projectId).Execute(); Console.WriteLine("Created role: " + role.Name); return(role); }
public async Task SignedUrlWithIamServiceBlobSigner() { _fixture.SkipIf(Platform.Instance().Type == PlatformType.Unknown); var bucketName = _fixture.BucketName; var objectName = _fixture.HelloStorageObjectName; var credential = (await GoogleCredential.GetApplicationDefaultAsync()).UnderlyingCredential as ServiceAccountCredential; var httpClient = new HttpClient(); // Sample: IamServiceBlobSignerUsage // First obtain the email address of the default service account for this instance from the metadata server. HttpRequestMessage serviceAccountRequest = new HttpRequestMessage { // Note: you could use 169.254.169.254 as the address to avoid a DNS lookup. RequestUri = new Uri("http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email"), Headers = { { "Metadata-Flavor", "Google" } } }; HttpResponseMessage serviceAccountResponse = await httpClient.SendAsync(serviceAccountRequest).ConfigureAwait(false); serviceAccountResponse.EnsureSuccessStatusCode(); string serviceAccountId = await serviceAccountResponse.Content.ReadAsStringAsync(); // Create an IAM service client object using the default application credentials. GoogleCredential iamCredential = await GoogleCredential.GetApplicationDefaultAsync(); iamCredential = iamCredential.CreateScoped(IamService.Scope.CloudPlatform); IamService iamService = new IamService(new BaseClientService.Initializer { HttpClientInitializer = iamCredential }); // Create a request template that will be used to create the signed URL. UrlSigner.RequestTemplate requestTemplate = UrlSigner.RequestTemplate .FromBucket(bucketName) .WithObjectName(objectName) .WithHttpMethod(HttpMethod.Get); // Create options specifying for how long the signer URL will be valid. UrlSigner.Options options = UrlSigner.Options.FromDuration(TimeSpan.FromHours(1)); // Create a URL signer that will use the IAM service for signing. This signer is thread-safe, // and would typically occur as a dependency, e.g. in an ASP.NET Core controller, where the // same instance can be reused for each request. IamServiceBlobSigner blobSigner = new IamServiceBlobSigner(iamService, serviceAccountId); UrlSigner urlSigner = UrlSigner.FromBlobSigner(blobSigner); // Use the URL signer to sign a request for the test object for the next hour. string url = await urlSigner.SignAsync(requestTemplate, options); // Prove we can fetch the content of the test object with a simple unauthenticated GET request. HttpResponseMessage response = await httpClient.GetAsync(url); string content = await response.Content.ReadAsStringAsync(); // End sample Assert.Equal(_fixture.HelloWorldContent, content); }
public static void Init() { GoogleCredential credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); s_service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); }
public IamService InitializeService() { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); return(service); }
public static void DeleteKey(string fullKeyName) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); service.Projects.ServiceAccounts.Keys.Delete(fullKeyName).Execute(); Console.WriteLine("Deleted key: " + fullKeyName); }
public static void DeleteRole(string name, string projectId) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); service.Projects.Roles.Delete( $"projects/{projectId}/roles/{name}").Execute(); Console.WriteLine("Deleted role: " + name); }
public static void LoginAsServiceAccountWithJson(string credentialsJson) { // Create credentials from the JSON file that we receive from GCP. GoogleCredential credential = GoogleCredential.FromJson(credentialsJson) .CreateScoped(IamService.Scope.CloudPlatform); s_service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); ListRolesResponse response = s_service.Roles.List().Execute(); }
public static void DeleteServiceAccount(string email) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); string resource = "projects/-/serviceAccounts/" + email; service.Projects.ServiceAccounts.Delete(resource).Execute(); Console.WriteLine("Deleted service account: " + email); }
public static Role GetRole(string name) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); var role = service.Roles.Get(name).Execute(); Console.WriteLine(role.Name); Console.WriteLine(String.Join(", ", role.IncludedPermissions)); return(role); }
public static Role UndeleteRole(string name, string projectId) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); string resource = $"projects/{projectId}/roles/{name}"; var role = service.Projects.Roles.Undelete( new UndeleteRoleRequest(), resource).Execute(); Console.WriteLine("Undeleted role: " + role.Name); return(role); }
public static ServiceAccountKey CreateKey(string serviceAccountEmail) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); var key = service.Projects.ServiceAccounts.Keys.Create( new CreateServiceAccountKeyRequest(), "projects/-/serviceAccounts/" + serviceAccountEmail) .Execute(); Console.WriteLine("Created key: " + key.Name); return(key); }
public static IList <Role> ListRoles(string projectId) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); var response = service.Projects.Roles.List("projects/" + projectId) .Execute(); foreach (var role in response.Roles) { Console.WriteLine(role.Name); } return(response.Roles); }
public static IList <ServiceAccountKey> ListKeys(string serviceAccountEmail) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); var response = service.Projects.ServiceAccounts.Keys .List($"projects/-/serviceAccounts/{serviceAccountEmail}") .Execute(); foreach (ServiceAccountKey key in response.Keys) { Console.WriteLine("Key: " + key.Name); } return(response.Keys); }
public static IList <ServiceAccount> ListServiceAccounts(string projectId) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); var response = service.Projects.ServiceAccounts.List( "projects/" + projectId).Execute(); foreach (ServiceAccount account in response.Accounts) { Console.WriteLine("Name: " + account.Name); Console.WriteLine("Display Name: " + account.DisplayName); Console.WriteLine("Email: " + account.Email); Console.WriteLine(); } return(response.Accounts); }
public Role CreateCustomRole(IamService service) { var role = new Role { Title = "C# Test Custom Role", Description = "Role for AccessTest", IncludedPermissions = new List <string> { "iam.roles.get" }, Stage = "GA" }; var request = new CreateRoleRequest { Role = role, RoleId = "csharpTestCustomRole" + new Random().Next() }; role = service.Projects.Roles.Create(request, "projects/" + _project).Execute(); return(role); }
/// <summary> /// Lists the permissions testable on a resource.A permission is testable if it can be tested for an identity on a resource. /// Documentation https://developers.google.com/iam/v1/reference/permissions/queryTestablePermissions /// Generation Note: This does not always build corectly. Google needs to standardise things I need to figuer out which ones are wrong. /// </summary> /// <param name="service">Authenticated Iam service.</param> /// <param name="body">A valid Iam v1 body.</param> /// <returns>QueryTestablePermissionsResponseResponse</returns> public static QueryTestablePermissionsResponse QueryTestablePermissions(IamService service, QueryTestablePermissionsRequest body) { try { // Initial validation. if (service == null) { throw new ArgumentNullException("service"); } if (body == null) { throw new ArgumentNullException("body"); } // Make the request. return(service.Permissions.QueryTestablePermissions(body).Execute()); } catch (Exception ex) { throw new Exception("Request Permissions.QueryTestablePermissions failed.", ex); } }
/// <summary> /// Gets a Role definition. /// Documentation https://developers.google.com/iam/v1/reference/roles/get /// Generation Note: This does not always build corectly. Google needs to standardise things I need to figuer out which ones are wrong. /// </summary> /// <param name="service">Authenticated Iam service.</param> /// <param name="name">The resource name of the role in one of the following formats:`roles/{ROLE_NAME}``organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}``projects/{PROJECT_ID}/roles/{ROLE_NAME}`</param> /// <returns>RoleResponse</returns> public static Role Get(IamService service, string name) { try { // Initial validation. if (service == null) { throw new ArgumentNullException("service"); } if (name == null) { throw new ArgumentNullException(name); } // Make the request. return(service.Roles.Get(name).Execute()); } catch (Exception ex) { throw new Exception("Request Roles.Get failed.", ex); } }
public static Role EditRole(string name, string projectId, string newTitle, string newDescription, IList <string> newPermissions, string newStage) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); // First, get a Role using List() or Get(). string resource = $"projects/{projectId}/roles/{name}"; var role = service.Projects.Roles.Get(resource).Execute(); // Then you can update its fields. role.Title = newTitle; role.Description = newDescription; role.IncludedPermissions = newPermissions; role.Stage = newStage; role = service.Projects.Roles.Patch(role, resource).Execute(); Console.WriteLine("Updated role: " + role.Name); return(role); }
public void GenerateServiceAccount(int numberOfAccount = 1) { var scopes = new string[] { DriveService.Scope.Drive, IamService.Scope.CloudPlatform }; var driveAuth = _googleCloudConfig.CredentialsPath; using var stream = new FileStream(driveAuth, FileMode.Open, FileAccess.Read); var credential = GoogleCredential.FromStream(stream) .CreateScoped(scopes); var service = new IamService(new BaseClientService.Initializer() { HttpClientInitializer = credential }); for (var i = 0; i < numberOfAccount; i++) { var uniqueId = StringUtil.GenerateUniqueId(); var request = new CreateServiceAccountRequest() { AccountId = $"fulan-{uniqueId}", ServiceAccount = new ServiceAccount() { DisplayName = $"fulan {uniqueId}" } }; var serviceAccount = service.Projects.ServiceAccounts.Create(request, "projects/zizibot-295007").Execute(); var name = serviceAccount.Name; var accountKey = service.Projects.ServiceAccounts.Keys.Create(new CreateServiceAccountKeyRequest() { PrivateKeyType = "TYPE_GOOGLE_CREDENTIALS_FILE", KeyAlgorithm = "KEY_ALG_RSA_2048" }, serviceAccount.Name).Execute(); Log.Information("created: {0}", serviceAccount.Name); } }
public static ServiceAccount RenameServiceAccount(string email, string newDisplayName) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); // First, get a ServiceAccount using List() or Get(). string resource = "projects/-/serviceAccounts/" + email; var serviceAccount = service.Projects.ServiceAccounts.Get(resource) .Execute(); // Then you can update the display name. serviceAccount.DisplayName = newDisplayName; serviceAccount = service.Projects.ServiceAccounts.Update( serviceAccount, resource).Execute(); Console.WriteLine($"Updated display name for {serviceAccount.Email} " + "to: " + serviceAccount.DisplayName); return(serviceAccount); }
public static IList <Permission> QueryTestablePermissions( string fullResourceName) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); var request = new QueryTestablePermissionsRequest { FullResourceName = fullResourceName }; var response = service.Permissions.QueryTestablePermissions(request) .Execute(); foreach (var p in response.Permissions) { Console.WriteLine(p.Name); } return(response.Permissions); }
public IHttpActionResult CreateServiceAccount(string projectID, string accountID, string displayName) { try { var service = new IamService(new IamService.Initializer { HttpClientInitializer = AppFlowMetadata.UserCredential, ApplicationName = AppFlowMetadata.AppName, }); var request2 = new CreateServiceAccountRequest { AccountId = accountID, ServiceAccount = new ServiceAccount { DisplayName = displayName } }; var serviceAccount = service.Projects.ServiceAccounts.Create( request2, "projects/" + projectID).Execute(); var email = serviceAccount.Email; var key = service.Projects.ServiceAccounts.Keys.Create( new CreateServiceAccountKeyRequest(), "projects/-/serviceAccounts/" + email) .Execute(); return(Ok(serviceAccount.UniqueId)); } catch (Exception) { } return(Ok()); }
public static IList <Role> ViewGrantableRoles(string fullResourceName) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); var request = new QueryGrantableRolesRequest { FullResourceName = fullResourceName }; var response = service.Roles.QueryGrantableRoles(request).Execute(); foreach (var role in response.Roles) { Console.WriteLine("Title: " + role.Title); Console.WriteLine("Name: " + role.Name); Console.WriteLine("Description: " + role.Description); Console.WriteLine(); } return(response.Roles); }
public static ServiceAccount CreateServiceAccount(string projectId, string name, string displayName) { var credential = GoogleCredential.GetApplicationDefault() .CreateScoped(IamService.Scope.CloudPlatform); var service = new IamService(new IamService.Initializer { HttpClientInitializer = credential }); var request = new CreateServiceAccountRequest { AccountId = name, ServiceAccount = new ServiceAccount { DisplayName = displayName } }; var serviceAccount = service.Projects.ServiceAccounts.Create( request, "projects/" + projectId).Execute(); Console.WriteLine("Created service account: " + serviceAccount.Email); return(serviceAccount); }