create service account #72

srinandan · Nov 24, 2022 · 57393f8 · 57393f8
1 parent de33c4a
commit 57393f8
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -109,7 +109,8 @@ integrationcli connectors create -n name-of-the-connector -f ./test/pub_sub_conn
 **NOTES:** 
 
 * This command assumes the token is cached, otherwise pass the token via `-t`
-* For PubSub & BigQuery, `integrationcli` adds the IAM permissions for the service account to the resource
+* If the service account doesn't exist, it will be created
+* For PubSub & BigQuery and GCS `integrationcli` adds the IAM permissions for the service account to the resource
 
 ### Third Party Applications
 

diff --git a/apiclient/iam.go b/apiclient/iam.go
@@ -20,6 +20,7 @@ import (
 	"net/url"
 	"path"
 	"regexp"
+	"strings"
 
 	"github.com/apigee/apigeecli/clilog"
 )
@@ -50,6 +51,30 @@ type setIamPolicy struct {
 	Policy iamPolicy `json:"policy,omitempty"`
 }
 
+func CreateServiceAccount(iamname string) (err error) {
+	projectid, name, err := getNameAndProject(iamname)
+	if err != nil {
+		return err
+	}
+
+	var getendpoint = fmt.Sprintf("https://iam.googleapis.com/v1/projects/%s/serviceAccounts/%s", projectid, iamname)
+	var createendpoint = fmt.Sprintf("https://iam.googleapis.com/v1/projects/%s/serviceAccounts", projectid)
+
+	if _, err = HttpClient(false, getendpoint); err != nil { //then the service doesn't exist, create one
+		iamPayload := []string{}
+		iamPayload = append(iamPayload, "\"accountId\":\""+iamname+"\"")
+		iamPayload = append(iamPayload, "\"serviceAccount\": {\"displayName\": \""+name+"\"}")
+		payload := "{" + strings.Join(iamPayload, ",") + "}"
+
+		if _, err = HttpClient(false, createendpoint, payload); err != nil {
+			clilog.Error.Println(err)
+			return err
+		}
+	}
+
+	return nil
+}
+
 // setIAMPermission set permissions for a member
 func setIAMPermission(endpoint string, name string, memberName string, role string, memberType string) (err error) {
 
@@ -240,3 +265,16 @@ func SetCloudStorageIAMPermission(project string, memberName string) (err error)
 
 	return nil
 }
+
+func getNameAndProject(iamFullName string) (name string, projectid string, err error) {
+	parts := strings.Split(iamFullName, "@")
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("invalid iam name")
+	}
+	name = parts[0]
+	projectid = strings.Split(parts[1], ".iam.gserviceaccount.com")[0]
+	if name == "" || projectid == "" {
+		return "", "", fmt.Errorf("invalid iam name")
+	}
+	return name, projectid, nil
+}
diff --git a/client/connections/connectors.go b/client/connections/connectors.go
@@ -137,6 +137,12 @@ func Create(name string, content []byte, grantPermission bool) (respBody []byte,
 		return nil, err
 	}
 
+	if c.ServiceAccount != nil {
+		if err = apiclient.CreateServiceAccount(*c.ServiceAccount); err != nil {
+			return nil, err
+		}
+	}
+
 	// check if permissions need to be set
 	if grantPermission && c.ServiceAccount != nil {
 		var projectId string