Learn R Programming
googleAuthR (version 1.4.1)

gar_service_create: Work with service accounts via the API

Description

These functions let you create a service JSON key from an OAuth2 login. You can then assign it roles and do a one time download of a service account key to use for authentication in other Google APIs

Usage

gar_service_create(
  accountId,
  projectId,
  serviceName = "googleAuthR::gar_service_create",
  serviceDescription = "A service account created via googleAuthR"
)
gar_service_grant_roles(
  accountIds,
  roles,
  projectId,
  type = c("serviceAccount", "user", "group")
)
gar_service_get_roles(
  projectId,
  accountId = NULL,
  type = c("serviceAccount", "user", "group")
)
gar_service_key(
  accountId,
  projectId,
  file = paste0(accountId, "-auth-key.json")
)
gar_service_key_list(accountId, projectId)
gar_service_list(projectId)
gar_service_get(accountId, projectId)

Arguments

accountId

The service accountId

projectId

The projectId containing the service account

serviceName

Name of service account

serviceDescription

Description of service account

accountIds

A vector of accountIds in the form accountId@projectid.iam.gserviceaccount.com

roles

A character vector of roles to give the accountIds e.g. roles/editor - see list of roles here https://cloud.google.com/iam/docs/understanding-roles#predefined_roles or in your GCP console https://console.cloud.google.com/iam-admin/roles/details/roles

type

The type of accountId to add role for - e.g. user:mark@me.com or serviceAccount:accountId@projectid.iam.gserviceaccount.com

file

The file to download the private JSON key to

Value

If it already exists, returns it via gar_service_get, else creates the service key

Details

It will download the existing roles, and append the role you add to it here.

If you supply an accountId to gar_service_get_roles then it will return only those roles that accountId has.

See Also

Combine these functions to provision emails in one step with gar_service_provision

https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy

https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy

https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys/create

Other IAM functions: gar_service_provision()

Examples

Run this code
# NOT RUN {
# }
# NOT RUN {
# all roles
projectId <- gar_set_client(
                json = Sys.getenv("GAR_CLIENT_JSON"), 
                scopes = "https://www.googleapis.com/auth/cloud-platform")
gar_service_get_roles(projectId)

# roles for one accountId
gar_service_get_roles(
    projectId, 
    accountId = "1080525199262@cloudbuild.gserviceaccount.com")

# }
# NOT RUN {
 library(googleAuthR)
 gar_set_client(scopes = "https://www.googleapis.com/auth/cloud-platform")
 gar_auth()
 gar_service_create("test12345678", "my-project")
 
 gar_service_get("test12345678@my-project.iam.gserviceaccount.com", 
                 projectId = "my-project")
 
 gar_service_grant_roles("test12345678@my-project.iam.gserviceaccount.com",
                         role = "roles/editor",
                         projectId = "my-project")
 
 gar_service_key("test12345678", "my-project", "my-auth.json")
 
 gar_service_list("my-project")
 
 gar_service_key_list("test12345678", "my-project")
# }

Run the code above in your browser using DataLab