Add service account enable/disable snippets (GoogleCloudPlatform#1590)

melaniedejong · kurtisvg · commit 7f6839f43090 · 2019-09-25T12:09:19.000-07:00
diff --git a/iam/api-client/src/main/java/com/google/iam/snippets/DisableServiceAccount.java b/iam/api-client/src/main/java/com/google/iam/snippets/DisableServiceAccount.java
@@ -0,0 +1,84 @@
+/* Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.iam.snippets;
+
+// [START iam_disable_service_account]
+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
+import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
+import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.services.iam.v1.Iam;
+import com.google.api.services.iam.v1.IamScopes;
+import com.google.api.services.iam.v1.model.DisableServiceAccountRequest;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Collections;
+
+public class DisableServiceAccount {
+
+  // Disables a service account.
+  public static void disableServiceAccount(String projectId) {
+    // String projectId = "my-project-id";
+    
+    Iam service = null; 
+    try {
+      service = initService();
+    } catch (IOException | GeneralSecurityException e) {
+      System.out.println("Unable to initialize service: \n" + e.toString());
+      return;
+    }
+
+    try {
+      DisableServiceAccountRequest request = new DisableServiceAccountRequest(); 
+      service
+          .projects()
+          .serviceAccounts()
+          .disable(
+              "projects/-/serviceAccounts/"
+                  + "your-service-account-name@"
+                  + projectId
+                  + ".iam.gserviceaccount.com",
+              request)
+          .execute();
+
+      System.out.println(
+          "Disabled service account: "
+              + "your-service-account-name@"
+              + projectId
+              + ".iam.gserviceaccount.com");
+    } catch (IOException e) {
+      System.out.println("Unable to disable service account: \n" + e.toString());
+    }
+  }
+
+  private static Iam initService() throws GeneralSecurityException, IOException {
+    // Use the Application Default Credentials strategy for authentication. For more info, see:
+    // https://cloud.google.com/docs/authentication/production#finding_credentials_automatically
+    GoogleCredential credential =
+        GoogleCredential.getApplicationDefault()
+            .createScoped(Collections.singleton(IamScopes.CLOUD_PLATFORM));
+    // Initialize the IAM service, which can be used to send requests to the IAM API.
+    Iam service =
+        new Iam.Builder(
+                GoogleNetHttpTransport.newTrustedTransport(),
+                JacksonFactory.getDefaultInstance(),
+                credential)
+            .setApplicationName("service-accounts")
+            .build();
+    return service;
+  }
+}
+// [END iam_disable_service_account]
diff --git a/iam/api-client/src/main/java/com/google/iam/snippets/EnableServiceAccount.java b/iam/api-client/src/main/java/com/google/iam/snippets/EnableServiceAccount.java
@@ -0,0 +1,84 @@
+/* Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.iam.snippets;
+
+// [START iam_enable_service_account]
+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
+import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
+import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.services.iam.v1.Iam;
+import com.google.api.services.iam.v1.IamScopes;
+import com.google.api.services.iam.v1.model.EnableServiceAccountRequest;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Collections;
+
+public class EnableServiceAccount {
+
+  // Enables a service account.
+  public static void enableServiceAccount(String projectId) {
+    // String projectId = "my-project-id";
+    
+    Iam service = null; 
+    try {
+      service = initService();
+    } catch (IOException | GeneralSecurityException e) {
+      System.out.println("Unable to initialize service: \n" + e.toString());
+      return;
+    }
+
+    try {
+      EnableServiceAccountRequest request = new EnableServiceAccountRequest(); 
+      service
+          .projects()
+          .serviceAccounts()
+          .enable(
+              "projects/-/serviceAccounts/"
+                  + "your-service-account-name@"
+                  + projectId
+                  + ".iam.gserviceaccount.com",
+              request)
+          .execute();
+
+      System.out.println(
+          "Enabled service account: "
+              + "your-service-account-name@"
+              + projectId
+              + ".iam.gserviceaccount.com");
+    } catch (IOException e) {
+      System.out.println("Unable to enable service account: \n" + e.toString());
+    }
+  }
+
+  private static Iam initService() throws GeneralSecurityException, IOException {
+    // Use the Application Default Credentials strategy for authentication. For more info, see:
+    // https://cloud.google.com/docs/authentication/production#finding_credentials_automatically
+    GoogleCredential credential =
+        GoogleCredential.getApplicationDefault()
+            .createScoped(Collections.singleton(IamScopes.CLOUD_PLATFORM));
+    // Initialize the IAM service, which can be used to send requests to the IAM API.
+    Iam service =
+        new Iam.Builder(
+                GoogleNetHttpTransport.newTrustedTransport(),
+                JacksonFactory.getDefaultInstance(),
+                credential)
+            .setApplicationName("service-accounts")
+            .build();
+    return service;
+  }
+}
+// [END iam_enable_service_account]
diff --git a/iam/api-client/src/test/java/com/google/iam/snippets/ServiceAccountTests.java b/iam/api-client/src/test/java/com/google/iam/snippets/ServiceAccountTests.java
@@ -103,9 +103,23 @@ public void stage3_testServiceAccountKeyDelete() {
   }
 
   @Test
-  public void stage4_testServiceAccountDelete() {
+  public void stage4_testDisableServiceAccount() {
+    DisableServiceAccount.disableServiceAccount(PROJECT_ID);
+    String got = bout.toString();
+    assertTrue(got.contains("Disabled service account:"));
+  }
+
+  @Test
+  public void stage5_testEnableServiceAccount() {
+    EnableServiceAccount.enableServiceAccount(PROJECT_ID);
+    String got = bout.toString();
+    assertTrue(got.contains("Enabled service account:"));
+  }
+
+  @Test
+  public void stage6_testServiceAccountDelete() {
     DeleteServiceAccount.deleteServiceAccount(PROJECT_ID);
     String got = bout.toString();
     assertTrue(got.contains("Deleted service account:"));
   }
-}
+}
