Learn R Programming
googleAuthR (version 2.0.2)

gar_service_create: Work with service accounts via the API

Description

These functions let you create a service JSON key from an OAuth2 login. You can then assign it roles and do a one time download of a service account key to use for authentication in other Google APIs

Usage

gar_service_create(
  accountId,
  projectId,
  serviceName = "googleAuthR::gar_service_create",
  serviceDescription = "A service account created via googleAuthR"
)
gar_service_grant_roles(
  accountIds,
  roles,
  projectId,
  type = c("serviceAccount", "user", "group")
)
gar_service_get_roles(
  projectId,
  accountId = NULL,
  type = c("serviceAccount", "user", "group")
)
gar_service_key(
  accountId,
  projectId,
  file = paste0(accountId, "-auth-key.json")
)
gar_service_key_list(accountId, projectId)
gar_service_list(projectId)
gar_service_get(accountId, projectId)

Value

If it already exists, returns it via gar_service_get, else creates the service key

Arguments

accountId

The service accountId

projectId

The projectId containing the service account

serviceName

Name of service account

serviceDescription

Description of service account

accountIds

A vector of accountIds in the form accountId@projectid.iam.gserviceaccount.com

roles

A character vector of roles to give the accountIds e.g. roles/editor - see list of roles here https://cloud.google.com/iam/docs/understanding-roles#predefined_roles or in your GCP console https://console.cloud.google.com/iam-admin/roles/details/roles

type

The type of accountId to add role for - e.g. user:mark@me.com or serviceAccount:accountId@projectid.iam.gserviceaccount.com

file

The file to download the private JSON key to

Details

It will download the existing roles, and append the role you add to it here.

If you supply an accountId to gar_service_get_roles then it will return only those roles that accountId has.

See Also

Combine these functions to provision emails in one step with gar_service_provision

https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy

https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy

https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys/create

Other IAM functions: gar_service_provision()

Examples

Run this code

if (FALSE) {

# all roles
projectId <- gar_set_client(
                json = Sys.getenv("GAR_CLIENT_JSON"), 
                scopes = "https://www.googleapis.com/auth/cloud-platform")
gar_service_get_roles(projectId)

# roles for one accountId
gar_service_get_roles(
    projectId, 
    accountId = "1080525199262@cloudbuild.gserviceaccount.com")

}
if (FALSE) {
 library(googleAuthR)
 gar_set_client(scopes = "https://www.googleapis.com/auth/cloud-platform")
 gar_auth()
 gar_service_create("test12345678", "my-project")
 
 gar_service_get("test12345678@my-project.iam.gserviceaccount.com", 
                 projectId = "my-project")
 
 gar_service_grant_roles("test12345678@my-project.iam.gserviceaccount.com",
                         role = "roles/editor",
                         projectId = "my-project")
 
 gar_service_key("test12345678", "my-project", "my-auth.json")
 
 gar_service_list("my-project")
 
 gar_service_key_list("test12345678", "my-project")
}

Run the code above in your browser using DataLab