Class: GoogleApi::CloudPlatform::Client
- Inherits:
-
Auth
- Object
- Auth
- GoogleApi::CloudPlatform::Client
show all
- Defined in:
- lib/google_api/cloud_platform/client.rb
Constant Summary
collapse
- SCOPE =
'https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/service.management'
- LEAST_TOKEN_LIFE_TIME =
10.minutes
- ROLES_LIST =
%w[roles/iam.serviceAccountUser roles/artifactregistry.admin roles/cloudbuild.builds.builder roles/run.admin roles/storage.admin roles/cloudsql.client roles/browser].freeze
- REVOKE_URL =
'https://oauth2.googleapis.com/revoke'
Constants inherited
from Auth
Auth::ConfigMissingError
Instance Attribute Summary
Attributes inherited from Auth
#access_token, #redirect_uri, #state
Class Method Summary
collapse
Instance Method Summary
collapse
-
#create_cloudsql_database(gcp_project_id, instance_name, database_name) ⇒ Object
-
#create_cloudsql_instance(gcp_project_id, instance_name, root_password, database_version, region, tier) ⇒ Object
-
#create_cloudsql_user(gcp_project_id, instance_name, username, password) ⇒ Object
-
#create_service_account(gcp_project_id, display_name, description) ⇒ Object
-
#create_service_account_key(gcp_project_id, service_account_id) ⇒ Object
-
#enable_artifacts_registry(gcp_project_id) ⇒ Object
-
#enable_cloud_build(gcp_project_id) ⇒ Object
-
#enable_cloud_run(gcp_project_id) ⇒ Object
-
#enable_cloud_sql_admin(gcp_project_id) ⇒ Object
-
#enable_compute(gcp_project_id) ⇒ Object
-
#enable_service_networking(gcp_project_id) ⇒ Object
-
#enable_vision_api(gcp_project_id) ⇒ Object
-
#get_cloudsql_instance(gcp_project_id, instance_name) ⇒ Object
-
#grant_service_account_roles(gcp_project_id, email) ⇒ Object
-
#list_cloudsql_databases(gcp_project_id, instance_name) ⇒ Object
-
#list_cloudsql_users(gcp_project_id, instance_name) ⇒ Object
-
#list_projects ⇒ Object
-
#revoke_authorizations ⇒ Object
-
#scope ⇒ Object
-
#validate_token(expires_at) ⇒ Object
Methods inherited from Auth
#authorize_url, #get_token, #initialize
Class Method Details
.new_session_key_for_redirect_uri ⇒ Object
30
31
32
33
34
|
# File 'lib/google_api/cloud_platform/client.rb', line 30
def new_session_key_for_redirect_uri
SecureRandom.hex.tap do |state|
yield session_key_for_redirect_uri(state)
end
end
|
.session_key_for_expires_at ⇒ Object
26
27
28
|
# File 'lib/google_api/cloud_platform/client.rb', line 26
def session_key_for_expires_at
:cloud_platform_expires_at
end
|
.session_key_for_redirect_uri(state) ⇒ Object
36
37
38
|
# File 'lib/google_api/cloud_platform/client.rb', line 36
def session_key_for_redirect_uri(state)
"cloud_platform_second_redirect_uri_#{state}"
end
|
.session_key_for_token ⇒ Object
22
23
24
|
# File 'lib/google_api/cloud_platform/client.rb', line 22
def session_key_for_token
:cloud_platform_access_token
end
|
Instance Method Details
#create_cloudsql_database(gcp_project_id, instance_name, database_name) ⇒ Object
139
140
141
142
|
# File 'lib/google_api/cloud_platform/client.rb', line 139
def create_cloudsql_database(gcp_project_id, instance_name, database_name)
database = Google::Apis::SqladminV1beta4::Database.new(name: database_name)
sql_admin_service.insert_database(gcp_project_id, instance_name, database)
end
|
#create_cloudsql_instance(gcp_project_id, instance_name, root_password, database_version, region, tier) ⇒ Object
159
160
161
162
163
164
165
166
167
168
169
|
# File 'lib/google_api/cloud_platform/client.rb', line 159
def create_cloudsql_instance(gcp_project_id, instance_name, root_password, database_version, region, tier)
database_instance = Google::Apis::SqladminV1beta4::DatabaseInstance.new(
name: instance_name,
root_password: root_password,
database_version: database_version,
region: region,
settings: Google::Apis::SqladminV1beta4::Settings.new(tier: tier)
)
sql_admin_service.insert_instance(gcp_project_id, database_instance)
end
|
#create_cloudsql_user(gcp_project_id, instance_name, username, password) ⇒ Object
148
149
150
151
152
153
|
# File 'lib/google_api/cloud_platform/client.rb', line 148
def create_cloudsql_user(gcp_project_id, instance_name, username, password)
user = Google::Apis::SqladminV1beta4::User.new
user.name = username
user.password = password
sql_admin_service.insert_user(gcp_project_id, instance_name, user)
end
|
#create_service_account(gcp_project_id, display_name, description) ⇒ Object
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# File 'lib/google_api/cloud_platform/client.rb', line 70
def create_service_account(gcp_project_id, display_name, description)
name = "projects/#{gcp_project_id}"
service = Google::Apis::IamV1::IamService.new
service.authorization = access_token
random_account_id = "gitlab-" + SecureRandom.hex(11)
body_params = { account_id: random_account_id,
service_account: { display_name: display_name,
description: description } }
request_body = Google::Apis::IamV1::CreateServiceAccountRequest.new(**body_params)
service.create_service_account(name, request_body)
end
|
#create_service_account_key(gcp_project_id, service_account_id) ⇒ Object
88
89
90
91
92
93
94
95
|
# File 'lib/google_api/cloud_platform/client.rb', line 88
def create_service_account_key(gcp_project_id, service_account_id)
service = Google::Apis::IamV1::IamService.new
service.authorization = access_token
name = "projects/#{gcp_project_id}/serviceAccounts/#{service_account_id}"
request_body = Google::Apis::IamV1::CreateServiceAccountKeyRequest.new
service.create_service_account_key(name, request_body)
end
|
#enable_artifacts_registry(gcp_project_id) ⇒ Object
106
107
108
|
# File 'lib/google_api/cloud_platform/client.rb', line 106
def enable_artifacts_registry(gcp_project_id)
enable_service(gcp_project_id, 'artifactregistry.googleapis.com')
end
|
#enable_cloud_build(gcp_project_id) ⇒ Object
110
111
112
|
# File 'lib/google_api/cloud_platform/client.rb', line 110
def enable_cloud_build(gcp_project_id)
enable_service(gcp_project_id, 'cloudbuild.googleapis.com')
end
|
#enable_cloud_run(gcp_project_id) ⇒ Object
102
103
104
|
# File 'lib/google_api/cloud_platform/client.rb', line 102
def enable_cloud_run(gcp_project_id)
enable_service(gcp_project_id, 'run.googleapis.com')
end
|
#enable_cloud_sql_admin(gcp_project_id) ⇒ Object
114
115
116
|
# File 'lib/google_api/cloud_platform/client.rb', line 114
def enable_cloud_sql_admin(gcp_project_id)
enable_service(gcp_project_id, 'sqladmin.googleapis.com')
end
|
#enable_compute(gcp_project_id) ⇒ Object
118
119
120
|
# File 'lib/google_api/cloud_platform/client.rb', line 118
def enable_compute(gcp_project_id)
enable_service(gcp_project_id, 'compute.googleapis.com')
end
|
#enable_service_networking(gcp_project_id) ⇒ Object
122
123
124
|
# File 'lib/google_api/cloud_platform/client.rb', line 122
def enable_service_networking(gcp_project_id)
enable_service(gcp_project_id, 'servicenetworking.googleapis.com')
end
|
#enable_vision_api(gcp_project_id) ⇒ Object
126
127
128
|
# File 'lib/google_api/cloud_platform/client.rb', line 126
def enable_vision_api(gcp_project_id)
enable_service(gcp_project_id, 'vision.googleapis.com')
end
|
#get_cloudsql_instance(gcp_project_id, instance_name) ⇒ Object
155
156
157
|
# File 'lib/google_api/cloud_platform/client.rb', line 155
def get_cloudsql_instance(gcp_project_id, instance_name)
sql_admin_service.get_instance(gcp_project_id, instance_name)
end
|
#grant_service_account_roles(gcp_project_id, email) ⇒ Object
97
98
99
100
|
# File 'lib/google_api/cloud_platform/client.rb', line 97
def grant_service_account_roles(gcp_project_id, email)
body = policy_request_body(gcp_project_id, email)
cloud_resource_manager_service.set_project_iam_policy(gcp_project_id, body)
end
|
#list_cloudsql_databases(gcp_project_id, instance_name) ⇒ Object
135
136
137
|
# File 'lib/google_api/cloud_platform/client.rb', line 135
def list_cloudsql_databases(gcp_project_id, instance_name)
sql_admin_service.list_databases(gcp_project_id, instance_name, options: )
end
|
#list_cloudsql_users(gcp_project_id, instance_name) ⇒ Object
144
145
146
|
# File 'lib/google_api/cloud_platform/client.rb', line 144
def list_cloudsql_users(gcp_project_id, instance_name)
sql_admin_service.list_users(gcp_project_id, instance_name, options: )
end
|
#list_projects ⇒ Object
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# File 'lib/google_api/cloud_platform/client.rb', line 55
def list_projects
result = []
response = cloud_resource_manager_service.fetch_all(items: :projects) do |token|
cloud_resource_manager_service.list_projects
end
response.each do |project|
result.append(project)
end
result.sort_by(&:project_id)
end
|
#revoke_authorizations ⇒ Object
130
131
132
133
|
# File 'lib/google_api/cloud_platform/client.rb', line 130
def revoke_authorizations
uri = URI(REVOKE_URL)
Gitlab::HTTP.post(uri, body: { 'token' => access_token })
end
|
#scope ⇒ Object
41
42
43
|
# File 'lib/google_api/cloud_platform/client.rb', line 41
def scope
SCOPE
end
|
#validate_token(expires_at) ⇒ Object
45
46
47
48
49
50
51
52
53
|
# File 'lib/google_api/cloud_platform/client.rb', line 45
def validate_token(expires_at)
return false unless access_token
return false unless expires_at
return false if token_life_time(expires_at) < LEAST_TOKEN_LIFE_TIME
true
end
|