Go以Google Cloud Client Libraries for Go來建立Service Account的Key。
事前要求
參考「Golang 建立GCP Service Account」建立Service Account。
建立Service Account
呼叫admin.IamClient.CreateServiceAccountKey
建立Service Account Key,傳入adminpb.CreateServiceAccountKeyRequest
參數。
adminpb.CreateServiceAccountKeyRequest
欄位如下:
Name
- 與Service Account資源名稱,格式為projects/[PROJECT_ID]/serviceAccounts/[ACCOUNT_ID]@[PROJECT_ID].iam.gserviceaccount.com
。[ACCOUNT_ID]
為Service Account的Account ID。
main.go
package main
import (
"context"
"fmt"
admin "cloud.google.com/go/iam/admin/apiv1"
"cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
iamClient, err := admin.NewIamClient(ctx)
if err != nil {
panic(err)
}
key, err := iamClient.CreateServiceAccountKey(ctx, &adminpb.CreateServiceAccountKeyRequest{
Name: "projects/[PROJECT_ID]/serviceAccounts/[ACCOINT_ID]@[PROJECT_ID].iam.gserviceaccount.com",
})
if err != nil {
panic(err)
}
fmt.Println(key.GetName()) // projects/[PROJECT_ID]/serviceAccounts/[ACCOINT_ID]@[PROJECT_ID].iam.gserviceaccount.com/keys/f16516ccee889b6e376164f378648f5a0efca5d3
fmt.Println(key.GetKeyOrigin()) // GOOGLE_PROVIDED
fmt.Println(key.GetKeyAlgorithm()) // KEY_ALG_RSA_2048
fmt.Println(key.GetKeyType()) // USER_MANAGED
fmt.Println(key.GetPrivateKeyType()) // TYPE_GOOGLE_CREDENTIALS_FILE
fmt.Println(string(key.GetPrivateKeyData())) // (json)
fmt.Println(string(key.GetPublicKeyData())) // (empty)
}
測試
執行後印出以下。
projects/[PROJECT_ID]/serviceAccounts/[ACCOINT_ID]@[PROJECT_ID].iam.gserviceaccount.com/keys/2a51b548e08ed5127beeffad57b3a1c284ccf175
GOOGLE_PROVIDED
KEY_ALG_RSA_2048
USER_MANAGED
TYPE_GOOGLE_CREDENTIALS_FILE
{
"type": "service_account",
"project_id": "[PROJECT_ID]",
"private_key_id": "2a51b548e08ed5127beeffad57b3a1c284ccf175",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDuvvv5gAOyFfvA\n2Gh6gVr0E2a0Uvm7f4kOIxhGTT8XrjayOC7LMJMHiW4cpb6SihZ7orZD/LpTnrXV\nnqf1t3mKJ8tftjdFwtbyLSel/ZeRePPVNpmTgKgVlDEbhHBxk/XT/5RcxxBSsaD1\nlp6u79Am5A+cJq4pwtHBSWr1h3WCbuSGhC6XmDn8KrNW2cbu49Y21vkNlequlCDO\nSJhZYpzlfvI0wvWdpTnqBFDPDFTZz73n+2xSrUD7Ml9TTmrGyB+MRtiwm7Na8Zro\nwLnhgdofrHFpMQ3cX3+fRBuONytCVUZhvu7emKW5Fvrx6Wwun6giJIYr+aZ4UVki\nONwR1wZlAgMBAAECggEANYjWyJYXfg3m41HDb8Dky7kz/PhkLlKFQYnGDjGRFbbH\nZgQqHf7Y4UZETiEuT/6t1vBf7XPUth5vCKUoZXVMSBnvRRl/YGG1wB02+EYagBC+\noE87dbNSPXB66IA0lItIgs6bDojGlLxm6tro3zJAGxBlna6gvBWG4lAbr02+IE5d\nfeGmA4+764Khziv65IZkVJAzPnGAxt3BkDm3kATROwpPDNSI+ZY2nq19gQnW4Tt/\n5GzAzfbIf5ZDxJzK6HZaCTlokAC+QCNVD19IC2jdmTa/3/m13+mtVVe9fl1G6AOd\nJxDJvx84YIprg2j9LXvu1lr94kWjvHsQ0avT4kemWwKBgQD+dltEt8AMxeRyM1N7\nDMoF/rT6+kibEk61/H2yQRAu2Ac0JdyzsEnkzr0JHfhjFiBkKGyLF19ajqS7/3pC\nWmgibMDaysC+itKKHGbpXZe9fP9AKOpfohW9OIH/3DcYzfrBmkWRgTehKwKXpyFc\nrfIsENQT+ZTWjWaMRrficwnrTwKBgQDwMFC0Dzbxf+r3chOS7FAY95uC2bTIoau+\nzZbir2tGjffHsG+3PfdGfimwQa2F7nZtde2/K9MoRmgtnKc7CFEjUxRqR6FO4MPX\nPO6p6JjADcvt0CzL75SMlL8dX+KOsOXBlyAE7qOC1sK6sVWx3DyhXkEEKC0neE//\ni9+BX/T2CwKBgQDdCy9pWD2KWvWBhriD8a4k2weX5YbgvlyFlhoSmJZYOuy3DhTU\nOtVV34kyvEgiuvvURZFUmi8I2VScwucPcL14+gPli683VhxiQR3cpqLDxittLp26\nCXDc+JNlEYUDFRs4xqycIyWR6WzNFC/U9H2kbdHssCfs4NQuEth16/y33QKBgQCq\n6vbC6wDCIbDmnLrpFlh5K9nx51IKY2F/yXTRotrHvkbQRvF4iBPqieTIlDQS1npX\nsk+Ydmswgcmoi41FKMn0RS6F4qsbIj66b5W2OtpX8HlppXX7OWWQFFlbYdwqhh84\n/329hMO+W2z+xSqiAoLyocvKVXysVaU3yCUoP0xluQKBgHvYgpMUR24HABza61T6\nijVwb479BeJ3CGOnDf9mLegZ9o2lX+feDq+10oQylqr5kRDRKk/4UL+wf4lrGDBu\nkBQNCbXi7BwYHMrtCNyDn1PuSw8kT+0bbW4bKnzY7EnKGKhMBxFvb1gC+5/tp9wX\nq5u+xbNnOIC5S6Q6sVOfb64f\n-----END PRIVATE KEY-----\n",
"client_email": "[ACCOINT_ID]@[PROJECT_ID].iam.gserviceaccount.com",
"client_id": "107161410884746737733",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/[ACCOINT_ID]%40[PROJECT_ID].iam.gserviceaccount.com",
"universe_domain": "googleapis.com"
}
沒有留言:
張貼留言