public static void Main(string[] args)
{
// Get credentials
GoogleCredential credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
// Create the Cloud IAM service object
IamService service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
// Call the Cloud IAM Roles API
ListRolesResponse response = service.Roles.List().Execute();
IList <Role> roles = response.Roles;
// Process the response
foreach (Role role in roles)
{
Console.WriteLine("Title: " + role.Title);
Console.WriteLine("Name: " + role.Name);
Console.WriteLine("Description: " + role.Description);
Console.WriteLine();
}
}
public Role CreateCustomRole(IamService service)
{
var role = new Role
{
Title = "C# Test Custom Role",
Description = "Role for AccessTest",
IncludedPermissions = new List <string> {
"iam.roles.get"
},
Stage = "GA"
};
var request = new CreateRoleRequest
{
Role = role,
RoleId = "csharpTestCustomRole" + new Random().Next()
};
try
{
return(service.Projects.Roles.Create(request, "projects/" + _project).Execute());
}
catch (GoogleApiException ex) when(ex.HttpStatusCode == HttpStatusCode.TooManyRequests && ex.Error.Message.Contains("Maximum number of roles reached"))
{
Skip.If(true, "Maximum number of roles reached.");
throw; // We should never throw here (Skip throws), but we need to make the compiler happy.
}
}
public static void Main(string[] args)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
string fullResourceName = args[0];
// [START iam_view_grantable_roles]
var request = new QueryGrantableRolesRequest
{
FullResourceName = fullResourceName
};
var response = service.Roles.QueryGrantableRoles(request).Execute();
foreach (var role in response.Roles)
{
Console.WriteLine("Title: " + role.Title);
Console.WriteLine("Name: " + role.Name);
Console.WriteLine("Description: " + role.Description);
Console.WriteLine();
}
// [END iam_view_grantable_roles]
}
private bool CreateServiceAccountAndKey(UserCredential userCredential, string projectID, string accountID, string displayName)
{
try
{
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = userCredential,
ApplicationName = AppName,
});
var request2 = new CreateServiceAccountRequest
{
AccountId = accountID,
ServiceAccount = new ServiceAccount
{
DisplayName = displayName
}
};
var serviceAccount = service.Projects.ServiceAccounts.Create(
request2, "projects/" + projectID).Execute();
var email = serviceAccount.Email;
var key = service.Projects.ServiceAccounts.Keys.Create(
new CreateServiceAccountKeyRequest(),
"projects/-/serviceAccounts/" + email)
.Execute();
}
catch (Exception)
{
}
return(true);
}
public QuickStartTest()
{
// Check for _projectId and throw exception if empty
_projectId = Environment.GetEnvironmentVariable("GOOGLE_PROJECT_ID");
if (_projectId == null)
{
throw new ArgumentNullException("GOOGLE_PROJECT_ID", "Environment variable not set");
}
// Create service account for test
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
_iamService = new IamService(
new IamService.Initializer
{
HttpClientInitializer = credential
});
var request = new CreateServiceAccountRequest
{
AccountId = "iam-test-account" + DateTime.UtcNow.Millisecond,
ServiceAccount = new ServiceAccount
{
DisplayName = "iamTestAccount"
}
};
_serviceAccount = _iamService.Projects.ServiceAccounts.Create(
request, "projects/" + _projectId).Execute();
}
public IList <ServiceAccount> ListServiceAccounts(string projectId)
{
var driveAuth = _googleCloudConfig.CredentialsPath;
var scopes = new string[] { DriveService.Scope.Drive, IamService.Scope.CloudPlatform };
using var stream = new FileStream(driveAuth, FileMode.Open, FileAccess.Read);
var credential = GoogleCredential.FromStream(stream)
.CreateScoped(scopes);
var service = new IamService(new BaseClientService.Initializer
{
HttpClientInitializer = credential
});
var response = service.Projects.ServiceAccounts.List("projects/" + projectId).Execute();
foreach (var account in response.Accounts)
{
Console.WriteLine("Name: " + account.Name);
Console.WriteLine("Display Name: " + account.DisplayName);
Console.WriteLine("Email: " + account.Email);
Console.WriteLine();
}
return(response.Accounts);
}
public static Role CreateRole(string name, string projectId, string title,
string description, IList <string> permissions, string stage)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var role = new Role
{
Title = title,
Description = description,
IncludedPermissions = permissions,
Stage = stage
};
var request = new CreateRoleRequest
{
Role = role,
RoleId = name
};
role = service.Projects.Roles.Create(request,
"projects/" + projectId).Execute();
Console.WriteLine("Created role: " + role.Name);
return(role);
}
public async Task SignedUrlWithIamServiceBlobSigner()
{
_fixture.SkipIf(Platform.Instance().Type == PlatformType.Unknown);
var bucketName = _fixture.BucketName;
var objectName = _fixture.HelloStorageObjectName;
var credential = (await GoogleCredential.GetApplicationDefaultAsync()).UnderlyingCredential as ServiceAccountCredential;
var httpClient = new HttpClient();
// Sample: IamServiceBlobSignerUsage
// First obtain the email address of the default service account for this instance from the metadata server.
HttpRequestMessage serviceAccountRequest = new HttpRequestMessage
{
// Note: you could use 169.254.169.254 as the address to avoid a DNS lookup.
RequestUri = new Uri("http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email"),
Headers = { { "Metadata-Flavor", "Google" } }
};
HttpResponseMessage serviceAccountResponse = await httpClient.SendAsync(serviceAccountRequest).ConfigureAwait(false);
serviceAccountResponse.EnsureSuccessStatusCode();
string serviceAccountId = await serviceAccountResponse.Content.ReadAsStringAsync();
// Create an IAM service client object using the default application credentials.
GoogleCredential iamCredential = await GoogleCredential.GetApplicationDefaultAsync();
iamCredential = iamCredential.CreateScoped(IamService.Scope.CloudPlatform);
IamService iamService = new IamService(new BaseClientService.Initializer
{
HttpClientInitializer = iamCredential
});
// Create a request template that will be used to create the signed URL.
UrlSigner.RequestTemplate requestTemplate = UrlSigner.RequestTemplate
.FromBucket(bucketName)
.WithObjectName(objectName)
.WithHttpMethod(HttpMethod.Get);
// Create options specifying for how long the signer URL will be valid.
UrlSigner.Options options = UrlSigner.Options.FromDuration(TimeSpan.FromHours(1));
// Create a URL signer that will use the IAM service for signing. This signer is thread-safe,
// and would typically occur as a dependency, e.g. in an ASP.NET Core controller, where the
// same instance can be reused for each request.
IamServiceBlobSigner blobSigner = new IamServiceBlobSigner(iamService, serviceAccountId);
UrlSigner urlSigner = UrlSigner.FromBlobSigner(blobSigner);
// Use the URL signer to sign a request for the test object for the next hour.
string url = await urlSigner.SignAsync(requestTemplate, options);
// Prove we can fetch the content of the test object with a simple unauthenticated GET request.
HttpResponseMessage response = await httpClient.GetAsync(url);
string content = await response.Content.ReadAsStringAsync();
// End sample
Assert.Equal(_fixture.HelloWorldContent, content);
}
public static void Init()
{
GoogleCredential credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
s_service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
}
public IamService InitializeService()
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
return(service);
}
public static void DeleteKey(string fullKeyName)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
service.Projects.ServiceAccounts.Keys.Delete(fullKeyName).Execute();
Console.WriteLine("Deleted key: " + fullKeyName);
}
public static void DeleteRole(string name, string projectId)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
service.Projects.Roles.Delete(
$"projects/{projectId}/roles/{name}").Execute();
Console.WriteLine("Deleted role: " + name);
}
public static void LoginAsServiceAccountWithJson(string credentialsJson)
{
// Create credentials from the JSON file that we receive from GCP.
GoogleCredential credential = GoogleCredential.FromJson(credentialsJson)
.CreateScoped(IamService.Scope.CloudPlatform);
s_service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
ListRolesResponse response = s_service.Roles.List().Execute();
}
public static void DeleteServiceAccount(string email)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
string resource = "projects/-/serviceAccounts/" + email;
service.Projects.ServiceAccounts.Delete(resource).Execute();
Console.WriteLine("Deleted service account: " + email);
}
public static Role GetRole(string name)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var role = service.Roles.Get(name).Execute();
Console.WriteLine(role.Name);
Console.WriteLine(String.Join(", ", role.IncludedPermissions));
return(role);
}
public static Role UndeleteRole(string name, string projectId)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
string resource = $"projects/{projectId}/roles/{name}";
var role = service.Projects.Roles.Undelete(
new UndeleteRoleRequest(), resource).Execute();
Console.WriteLine("Undeleted role: " + role.Name);
return(role);
}
public static ServiceAccountKey CreateKey(string serviceAccountEmail)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var key = service.Projects.ServiceAccounts.Keys.Create(
new CreateServiceAccountKeyRequest(),
"projects/-/serviceAccounts/" + serviceAccountEmail)
.Execute();
Console.WriteLine("Created key: " + key.Name);
return(key);
}
public static IList <Role> ListRoles(string projectId)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var response = service.Projects.Roles.List("projects/" + projectId)
.Execute();
foreach (var role in response.Roles)
{
Console.WriteLine(role.Name);
}
return(response.Roles);
}
public static IList <ServiceAccountKey> ListKeys(string serviceAccountEmail)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var response = service.Projects.ServiceAccounts.Keys
.List($"projects/-/serviceAccounts/{serviceAccountEmail}")
.Execute();
foreach (ServiceAccountKey key in response.Keys)
{
Console.WriteLine("Key: " + key.Name);
}
return(response.Keys);
}
public static IList <ServiceAccount> ListServiceAccounts(string projectId)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var response = service.Projects.ServiceAccounts.List(
"projects/" + projectId).Execute();
foreach (ServiceAccount account in response.Accounts)
{
Console.WriteLine("Name: " + account.Name);
Console.WriteLine("Display Name: " + account.DisplayName);
Console.WriteLine("Email: " + account.Email);
Console.WriteLine();
}
return(response.Accounts);
}
public Role CreateCustomRole(IamService service)
{
var role = new Role
{
Title = "C# Test Custom Role",
Description = "Role for AccessTest",
IncludedPermissions = new List <string> {
"iam.roles.get"
},
Stage = "GA"
};
var request = new CreateRoleRequest
{
Role = role,
RoleId = "csharpTestCustomRole" + new Random().Next()
};
role = service.Projects.Roles.Create(request, "projects/" + _project).Execute();
return(role);
}
/// <summary>
/// Lists the permissions testable on a resource.A permission is testable if it can be tested for an identity on a resource.
/// Documentation https://developers.google.com/iam/v1/reference/permissions/queryTestablePermissions
/// Generation Note: This does not always build corectly. Google needs to standardise things I need to figuer out which ones are wrong.
/// </summary>
/// <param name="service">Authenticated Iam service.</param>
/// <param name="body">A valid Iam v1 body.</param>
/// <returns>QueryTestablePermissionsResponseResponse</returns>
public static QueryTestablePermissionsResponse QueryTestablePermissions(IamService service, QueryTestablePermissionsRequest body)
{
try
{
// Initial validation.
if (service == null)
{
throw new ArgumentNullException("service");
}
if (body == null)
{
throw new ArgumentNullException("body");
}
// Make the request.
return(service.Permissions.QueryTestablePermissions(body).Execute());
}
catch (Exception ex)
{
throw new Exception("Request Permissions.QueryTestablePermissions failed.", ex);
}
}
/// <summary>
/// Gets a Role definition.
/// Documentation https://developers.google.com/iam/v1/reference/roles/get
/// Generation Note: This does not always build corectly. Google needs to standardise things I need to figuer out which ones are wrong.
/// </summary>
/// <param name="service">Authenticated Iam service.</param>
/// <param name="name">The resource name of the role in one of the following formats:`roles/{ROLE_NAME}``organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}``projects/{PROJECT_ID}/roles/{ROLE_NAME}`</param>
/// <returns>RoleResponse</returns>
public static Role Get(IamService service, string name)
{
try
{
// Initial validation.
if (service == null)
{
throw new ArgumentNullException("service");
}
if (name == null)
{
throw new ArgumentNullException(name);
}
// Make the request.
return(service.Roles.Get(name).Execute());
}
catch (Exception ex)
{
throw new Exception("Request Roles.Get failed.", ex);
}
}
public static Role EditRole(string name, string projectId, string newTitle,
string newDescription, IList <string> newPermissions, string newStage)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
// First, get a Role using List() or Get().
string resource = $"projects/{projectId}/roles/{name}";
var role = service.Projects.Roles.Get(resource).Execute();
// Then you can update its fields.
role.Title = newTitle;
role.Description = newDescription;
role.IncludedPermissions = newPermissions;
role.Stage = newStage;
role = service.Projects.Roles.Patch(role, resource).Execute();
Console.WriteLine("Updated role: " + role.Name);
return(role);
}
public void GenerateServiceAccount(int numberOfAccount = 1)
{
var scopes = new string[] { DriveService.Scope.Drive, IamService.Scope.CloudPlatform };
var driveAuth = _googleCloudConfig.CredentialsPath;
using var stream = new FileStream(driveAuth, FileMode.Open, FileAccess.Read);
var credential = GoogleCredential.FromStream(stream)
.CreateScoped(scopes);
var service = new IamService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential
});
for (var i = 0; i < numberOfAccount; i++)
{
var uniqueId = StringUtil.GenerateUniqueId();
var request = new CreateServiceAccountRequest()
{
AccountId = $"fulan-{uniqueId}",
ServiceAccount = new ServiceAccount()
{
DisplayName = $"fulan {uniqueId}"
}
};
var serviceAccount = service.Projects.ServiceAccounts.Create(request, "projects/zizibot-295007").Execute();
var name = serviceAccount.Name;
var accountKey = service.Projects.ServiceAccounts.Keys.Create(new CreateServiceAccountKeyRequest()
{
PrivateKeyType = "TYPE_GOOGLE_CREDENTIALS_FILE",
KeyAlgorithm = "KEY_ALG_RSA_2048"
}, serviceAccount.Name).Execute();
Log.Information("created: {0}", serviceAccount.Name);
}
}
public static ServiceAccount RenameServiceAccount(string email,
string newDisplayName)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
// First, get a ServiceAccount using List() or Get().
string resource = "projects/-/serviceAccounts/" + email;
var serviceAccount = service.Projects.ServiceAccounts.Get(resource)
.Execute();
// Then you can update the display name.
serviceAccount.DisplayName = newDisplayName;
serviceAccount = service.Projects.ServiceAccounts.Update(
serviceAccount, resource).Execute();
Console.WriteLine($"Updated display name for {serviceAccount.Email} " +
"to: " + serviceAccount.DisplayName);
return(serviceAccount);
}
public static IList <Permission> QueryTestablePermissions(
string fullResourceName)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var request = new QueryTestablePermissionsRequest
{
FullResourceName = fullResourceName
};
var response = service.Permissions.QueryTestablePermissions(request)
.Execute();
foreach (var p in response.Permissions)
{
Console.WriteLine(p.Name);
}
return(response.Permissions);
}
public IHttpActionResult CreateServiceAccount(string projectID, string accountID, string displayName)
{
try
{
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = AppFlowMetadata.UserCredential,
ApplicationName = AppFlowMetadata.AppName,
});
var request2 = new CreateServiceAccountRequest
{
AccountId = accountID,
ServiceAccount = new ServiceAccount
{
DisplayName = displayName
}
};
var serviceAccount = service.Projects.ServiceAccounts.Create(
request2, "projects/" + projectID).Execute();
var email = serviceAccount.Email;
var key = service.Projects.ServiceAccounts.Keys.Create(
new CreateServiceAccountKeyRequest(),
"projects/-/serviceAccounts/" + email)
.Execute();
return(Ok(serviceAccount.UniqueId));
}
catch (Exception)
{
}
return(Ok());
}
public static IList <Role> ViewGrantableRoles(string fullResourceName)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var request = new QueryGrantableRolesRequest
{
FullResourceName = fullResourceName
};
var response = service.Roles.QueryGrantableRoles(request).Execute();
foreach (var role in response.Roles)
{
Console.WriteLine("Title: " + role.Title);
Console.WriteLine("Name: " + role.Name);
Console.WriteLine("Description: " + role.Description);
Console.WriteLine();
}
return(response.Roles);
}
public static ServiceAccount CreateServiceAccount(string projectId,
string name, string displayName)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var request = new CreateServiceAccountRequest
{
AccountId = name,
ServiceAccount = new ServiceAccount
{
DisplayName = displayName
}
};
var serviceAccount = service.Projects.ServiceAccounts.Create(
request, "projects/" + projectId).Execute();
Console.WriteLine("Created service account: " + serviceAccount.Email);
return(serviceAccount);
}
