網頁

2024/5/21

Golang 建立GCP Service Account Key

Go以Google Cloud Client Libraries for Go來建立Service Account的Key。


事前要求

參考「Golang 建立GCP Service Account」建立Service Account。


建立Service Account

呼叫admin.IamClient.CreateServiceAccountKey建立Service Account Key,傳入adminpb.CreateServiceAccountKeyRequest參數。

adminpb.CreateServiceAccountKeyRequest欄位如下:

  • Name - 與Service Account資源名稱,格式為projects/[PROJECT_ID]/serviceAccounts/[ACCOUNT_ID]@[PROJECT_ID].iam.gserviceaccount.com[ACCOUNT_ID]為Service Account的Account ID。

main.go

package main

import (
    "context"
    "fmt"

    admin "cloud.google.com/go/iam/admin/apiv1"
    "cloud.google.com/go/iam/admin/apiv1/adminpb"
)

func main() {
    ctx := context.Background()
    iamClient, err := admin.NewIamClient(ctx)
    if err != nil {
        panic(err)
    }

    key, err := iamClient.CreateServiceAccountKey(ctx, &adminpb.CreateServiceAccountKeyRequest{
        Name: "projects/[PROJECT_ID]/serviceAccounts/[ACCOINT_ID]@[PROJECT_ID].iam.gserviceaccount.com",
    })
    if err != nil {
        panic(err)
    }

    fmt.Println(key.GetName())                   // projects/[PROJECT_ID]/serviceAccounts/[ACCOINT_ID]@[PROJECT_ID].iam.gserviceaccount.com/keys/f16516ccee889b6e376164f378648f5a0efca5d3
    fmt.Println(key.GetKeyOrigin())              // GOOGLE_PROVIDED
    fmt.Println(key.GetKeyAlgorithm())           // KEY_ALG_RSA_2048
    fmt.Println(key.GetKeyType())                // USER_MANAGED
    fmt.Println(key.GetPrivateKeyType())         // TYPE_GOOGLE_CREDENTIALS_FILE
    fmt.Println(string(key.GetPrivateKeyData())) // (json)
    fmt.Println(string(key.GetPublicKeyData()))  // (empty)

}

github



測試

執行後印出以下。

projects/[PROJECT_ID]/serviceAccounts/[ACCOINT_ID]@[PROJECT_ID].iam.gserviceaccount.com/keys/2a51b548e08ed5127beeffad57b3a1c284ccf175
GOOGLE_PROVIDED
KEY_ALG_RSA_2048
USER_MANAGED
TYPE_GOOGLE_CREDENTIALS_FILE
{
  "type": "service_account",
  "project_id": "[PROJECT_ID]",
  "private_key_id": "2a51b548e08ed5127beeffad57b3a1c284ccf175",
  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDuvvv5gAOyFfvA\n2Gh6gVr0E2a0Uvm7f4kOIxhGTT8XrjayOC7LMJMHiW4cpb6SihZ7orZD/LpTnrXV\nnqf1t3mKJ8tftjdFwtbyLSel/ZeRePPVNpmTgKgVlDEbhHBxk/XT/5RcxxBSsaD1\nlp6u79Am5A+cJq4pwtHBSWr1h3WCbuSGhC6XmDn8KrNW2cbu49Y21vkNlequlCDO\nSJhZYpzlfvI0wvWdpTnqBFDPDFTZz73n+2xSrUD7Ml9TTmrGyB+MRtiwm7Na8Zro\nwLnhgdofrHFpMQ3cX3+fRBuONytCVUZhvu7emKW5Fvrx6Wwun6giJIYr+aZ4UVki\nONwR1wZlAgMBAAECggEANYjWyJYXfg3m41HDb8Dky7kz/PhkLlKFQYnGDjGRFbbH\nZgQqHf7Y4UZETiEuT/6t1vBf7XPUth5vCKUoZXVMSBnvRRl/YGG1wB02+EYagBC+\noE87dbNSPXB66IA0lItIgs6bDojGlLxm6tro3zJAGxBlna6gvBWG4lAbr02+IE5d\nfeGmA4+764Khziv65IZkVJAzPnGAxt3BkDm3kATROwpPDNSI+ZY2nq19gQnW4Tt/\n5GzAzfbIf5ZDxJzK6HZaCTlokAC+QCNVD19IC2jdmTa/3/m13+mtVVe9fl1G6AOd\nJxDJvx84YIprg2j9LXvu1lr94kWjvHsQ0avT4kemWwKBgQD+dltEt8AMxeRyM1N7\nDMoF/rT6+kibEk61/H2yQRAu2Ac0JdyzsEnkzr0JHfhjFiBkKGyLF19ajqS7/3pC\nWmgibMDaysC+itKKHGbpXZe9fP9AKOpfohW9OIH/3DcYzfrBmkWRgTehKwKXpyFc\nrfIsENQT+ZTWjWaMRrficwnrTwKBgQDwMFC0Dzbxf+r3chOS7FAY95uC2bTIoau+\nzZbir2tGjffHsG+3PfdGfimwQa2F7nZtde2/K9MoRmgtnKc7CFEjUxRqR6FO4MPX\nPO6p6JjADcvt0CzL75SMlL8dX+KOsOXBlyAE7qOC1sK6sVWx3DyhXkEEKC0neE//\ni9+BX/T2CwKBgQDdCy9pWD2KWvWBhriD8a4k2weX5YbgvlyFlhoSmJZYOuy3DhTU\nOtVV34kyvEgiuvvURZFUmi8I2VScwucPcL14+gPli683VhxiQR3cpqLDxittLp26\nCXDc+JNlEYUDFRs4xqycIyWR6WzNFC/U9H2kbdHssCfs4NQuEth16/y33QKBgQCq\n6vbC6wDCIbDmnLrpFlh5K9nx51IKY2F/yXTRotrHvkbQRvF4iBPqieTIlDQS1npX\nsk+Ydmswgcmoi41FKMn0RS6F4qsbIj66b5W2OtpX8HlppXX7OWWQFFlbYdwqhh84\n/329hMO+W2z+xSqiAoLyocvKVXysVaU3yCUoP0xluQKBgHvYgpMUR24HABza61T6\nijVwb479BeJ3CGOnDf9mLegZ9o2lX+feDq+10oQylqr5kRDRKk/4UL+wf4lrGDBu\nkBQNCbXi7BwYHMrtCNyDn1PuSw8kT+0bbW4bKnzY7EnKGKhMBxFvb1gC+5/tp9wX\nq5u+xbNnOIC5S6Q6sVOfb64f\n-----END PRIVATE KEY-----\n",
  "client_email": "[ACCOINT_ID]@[PROJECT_ID].iam.gserviceaccount.com",
  "client_id": "107161410884746737733",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/[ACCOINT_ID]%40[PROJECT_ID].iam.gserviceaccount.com",
  "universe_domain": "googleapis.com"
}



沒有留言:

張貼留言