2022-03-02 08:16:31 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module GoogleCloud
|
2022-08-13 15:12:31 +05:30
|
|
|
class CreateServiceAccountsService < ::GoogleCloud::BaseService
|
2022-03-02 08:16:31 +05:30
|
|
|
def execute
|
|
|
|
service_account = google_api_client.create_service_account(gcp_project_id, service_account_name, service_account_desc)
|
|
|
|
service_account_key = google_api_client.create_service_account_key(gcp_project_id, service_account.unique_id)
|
2022-04-04 11:22:00 +05:30
|
|
|
google_api_client.grant_service_account_roles(gcp_project_id, service_account.email)
|
2022-03-02 08:16:31 +05:30
|
|
|
|
|
|
|
service_accounts_service.add_for_project(
|
|
|
|
environment_name,
|
|
|
|
service_account.project_id,
|
2023-01-13 00:05:48 +05:30
|
|
|
Gitlab::Json.dump(service_account),
|
|
|
|
Gitlab::Json.dump(service_account_key),
|
2022-05-07 20:08:51 +05:30
|
|
|
ProtectedBranch.protected?(project, environment_name) || ProtectedTag.protected?(project, environment_name)
|
2022-03-02 08:16:31 +05:30
|
|
|
)
|
|
|
|
|
|
|
|
ServiceResponse.success(message: _('Service account generated successfully'), payload: {
|
|
|
|
service_account: service_account,
|
|
|
|
service_account_key: service_account_key
|
|
|
|
})
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def service_accounts_service
|
|
|
|
GoogleCloud::ServiceAccountsService.new(project)
|
|
|
|
end
|
|
|
|
|
|
|
|
def service_account_name
|
|
|
|
"GitLab :: #{project.name} :: #{environment_name}"
|
|
|
|
end
|
|
|
|
|
|
|
|
def service_account_desc
|
|
|
|
"GitLab generated service account for project '#{project.name}' and environment '#{environment_name}'"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
GoogleCloud::CreateServiceAccountsService.prepend_mod
|