blob: 51d08cc5b559a3cbd577616d89148de70e796b14 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# frozen_string_literal: true
module GoogleCloud
class CreateServiceAccountsService < :: BaseService
def execute
service_account = google_api_client.create_service_account(gcp_project_id, service_account_name, service_account_desc)
service_account_key = google_api_client.create_service_account_key(gcp_project_id, service_account.unique_id)
google_api_client.grant_service_account_roles(gcp_project_id, service_account.email)
service_accounts_service.add_for_project(
environment_name,
service_account.project_id,
service_account.to_json,
service_account_key.to_json,
ProtectedBranch.protected?(project, environment_name) || ProtectedTag.protected?(project, environment_name)
)
ServiceResponse.success(message: _('Service account generated successfully'), payload: {
service_account: service_account,
service_account_key: service_account_key
})
end
private
def google_oauth2_token
@params[:google_oauth2_token]
end
def gcp_project_id
@params[:gcp_project_id]
end
def environment_name
@params[:environment_name]
end
def google_api_client
@google_api_client_instance ||= GoogleApi::CloudPlatform::Client.new(google_oauth2_token, nil)
end
def service_accounts_service
GoogleCloud::ServiceAccountsService.new(project)
end
def service_account_name
"GitLab :: #{project.name} :: #{environment_name}"
end
def service_account_desc
"GitLab generated service account for project '#{project.name}' and environment '#{environment_name}'"
end
end
end
GoogleCloud::CreateServiceAccountsService.prepend_mod
|
