debian-mirror-gitlab/app/services/google_cloud/create_service_accounts_service.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

41 lines
1.4 KiB
Ruby
Raw Normal View History

2022-03-02 08:16:31 +05:30
# frozen_string_literal: true
module GoogleCloud
2022-08-13 15:12:31 +05:30
class CreateServiceAccountsService < ::GoogleCloud::BaseService
2022-03-02 08:16:31 +05:30
def execute
service_account = google_api_client.create_service_account(gcp_project_id, service_account_name, service_account_desc)
service_account_key = google_api_client.create_service_account_key(gcp_project_id, service_account.unique_id)
2022-04-04 11:22:00 +05:30
google_api_client.grant_service_account_roles(gcp_project_id, service_account.email)
2022-03-02 08:16:31 +05:30
service_accounts_service.add_for_project(
environment_name,
service_account.project_id,
2023-01-13 00:05:48 +05:30
Gitlab::Json.dump(service_account),
Gitlab::Json.dump(service_account_key),
2022-05-07 20:08:51 +05:30
ProtectedBranch.protected?(project, environment_name) || ProtectedTag.protected?(project, environment_name)
2022-03-02 08:16:31 +05:30
)
ServiceResponse.success(message: _('Service account generated successfully'), payload: {
service_account: service_account,
service_account_key: service_account_key
})
end
private
def service_accounts_service
GoogleCloud::ServiceAccountsService.new(project)
end
def service_account_name
"GitLab :: #{project.name} :: #{environment_name}"
end
def service_account_desc
"GitLab generated service account for project '#{project.name}' and environment '#{environment_name}'"
end
end
end
GoogleCloud::CreateServiceAccountsService.prepend_mod