-
Notifications
You must be signed in to change notification settings - Fork 2
/
meth_serviceaccountdeployment_deploy.go
69 lines (65 loc) · 3.3 KB
/
meth_serviceaccountdeployment_deploy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the 'License');
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an 'AS IS' BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package iamgt
import (
"fmt"
"log"
"strings"
"google.golang.org/api/iam/v1"
)
// Deploy ServiceaccountDeployment
func (serviceaccountDeployment *ServiceaccountDeployment) Deploy() (err error) {
log.Printf("%s iam service accounts", serviceaccountDeployment.Core.InstanceName)
projectName := fmt.Sprintf("projects/%s", serviceaccountDeployment.Core.SolutionSettings.Hosting.ProjectID)
serviceAccountName := fmt.Sprintf("%s/serviceAccounts/%s@%s.iam.gserviceaccount.com", projectName, serviceaccountDeployment.Core.ServiceName, serviceaccountDeployment.Core.SolutionSettings.Hosting.ProjectID)
projectServiceAccountService := serviceaccountDeployment.Core.Services.IAMService.Projects.ServiceAccounts
retreivedServiceAccount, err := projectServiceAccountService.Get(serviceAccountName).Context(serviceaccountDeployment.Core.Ctx).Do()
if err != nil {
if strings.Contains(err.Error(), "404") && strings.Contains(err.Error(), "notFound") {
var serviceAccount iam.ServiceAccount
serviceAccount.DisplayName = fmt.Sprintf("RAM %s", serviceaccountDeployment.Core.ServiceName)
serviceAccount.Description = fmt.Sprintf("Solution: Real-time Asset Monitor, microservice: %s", serviceaccountDeployment.Core.ServiceName)
var request iam.CreateServiceAccountRequest
request.AccountId = serviceaccountDeployment.Core.ServiceName
request.ServiceAccount = &serviceAccount
retreivedServiceAccount, err = projectServiceAccountService.Create(projectName, &request).Context(serviceaccountDeployment.Core.Ctx).Do()
if err != nil {
// deal with parallel deployments
if strings.Contains(err.Error(), "alreadyExists") {
retreivedServiceAccount, err = projectServiceAccountService.Get(serviceAccountName).Context(serviceaccountDeployment.Core.Ctx).Do()
if err != nil {
return err
}
log.Printf("%s iam eventually found service account %s", serviceaccountDeployment.Core.InstanceName, retreivedServiceAccount.Email)
} else {
if strings.Contains(err.Error(), "403") {
log.Printf("%s iam WARNING impossible to CREATE service account %v", serviceaccountDeployment.Core.InstanceName, err)
return nil
}
return fmt.Errorf("iam projectServiceAccountService.Create %v", err)
}
}
log.Printf("%s iam service account created %s", serviceaccountDeployment.Core.InstanceName, retreivedServiceAccount.Email)
} else {
if strings.Contains(err.Error(), "403") {
log.Printf("%s iam WARNING impossible to GET service account %v", serviceaccountDeployment.Core.InstanceName, err)
return nil
}
return fmt.Errorf("iam projectServiceAccountService.Get %v", err)
}
} else {
log.Printf("%s iam found service account %s", serviceaccountDeployment.Core.InstanceName, retreivedServiceAccount.Email)
}
return nil
}