stackoom
  简体   繁体   中英

How to validate if a GCP PubSub Topic has write access using the service account in java?

 原文  2020-07-21 17:25:25       google-cloud-platform/ google-cloud-pubsub/ google-cloud-iam

Question

I have a service account say for Project A which has write access to the Pubsub topic defined in Project B. I want to validate the same programatically? Could Anyone help me with this?

1 answers

solution1
 0  2020-07-21 22:55:16

I was able to solve it myself. Here is the sample code

public static void PubSubTopicValidator(String projectId, String topicId)
    throws IOException {

    TopicAdminSettings topicAdminSettings = getTopicAdminSettings(projectId);

    try (TopicAdminClient topicAdminClient = TopicAdminClient.create(topicAdminSettings)) {
        ProjectTopicName topicName = ProjectTopicName.of(projectId, topicId);

        List<String> permissions = new LinkedList<>();
        permissions.add("pubsub.topics.attachSubscription");
        permissions.add("pubsub.topics.publish");
        permissions.add("pubsub.topics.update");

        TestIamPermissionsRequest testIamPermissionsRequest =
            TestIamPermissionsRequest.newBuilder()
                .setResource(topicName.toString())
                .addAllPermissions(permissions)
                .build();

        TestIamPermissionsResponse testedPermissionsResponse = topicAdminClient.testIamPermissions(testIamPermissionsRequest);

        log.info("Tested:\n" + testedPermissionsResponse);


    }
}

private static TopicAdminSettings getTopicAdminSettings(String projectId) throws IOException {
    log.info("Get Topic admin settings ");
    String defaultProjectId = System.getenv("GOOGLE_CLOUD_PROJECT");
    GoogleCredentials credentials;
    ClassLoader classloader = Thread.currentThread().getContextClassLoader();
    InputStream is = classloader.getResourceAsStream("int_sa.json");

    log.info(" inputstream "+ is);
    if(projectId.equals(defaultProjectId)){
        credentials = getDefaultCredentials();
    }
    else{
        credentials = getGoogleCredentials(is);
    }

    return TopicAdminSettings.newBuilder()
                .setCredentialsProvider(FixedCredentialsProvider.create(credentials))
                 .build();
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question gcp terraform - how to add pubsub_topic GCP PubSub Permissions for a topic How can I validate the credentials(google service account json key) using GCP python sdk for storage Is there a way to find out to which projects a GCP service account has access to? How do I check to see if a GCP service account has full access to Google Drive? GCP PubSub topic push issue GCP service account access issue How to Attach Custom GCP Role to a GCP Service Account Using Terraform How to create a GCP service account which has permissions for multiple projects? How I can get access to GCP cloud function from python code using service account?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM