演示如何停用 IAM 服务账号密钥。
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
Java
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM Java API 参考文档。
如需向 IAM 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.IamScopes;
import com.google.api.services.iam.v1.model.DisableServiceAccountKeyRequest;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Collections;
public class DisableServiceAccountKey {
public static void main(String[] args) throws IOException {
// TODO(Developer): Replace the below variables before running.
String projectId = "gcloud-project-id";
String serviceAccountName = "service-account-name";
String serviceAccountKeyName = "service-account-key-name";
disableServiceAccountKey(projectId, serviceAccountName, serviceAccountKeyName);
}
// Disables a service account key.
public static void disableServiceAccountKey(String projectId, String serviceAccountName,
String serviceAccountKeyName) {
// Initialize the IAM service.
Iam service = null;
try {
service = initService();
} catch (IOException | GeneralSecurityException e) {
System.out.println("Unable to initialize service: \n" + e);
return;
}
// Construct the service account email.
// You can modify the ".iam.gserviceaccount.com" to match the service account name in which
// you want to disable the key.
// See, https://cloud.google.com/iam/docs/creating-managing-service-account-keys?hl=en#disabling
String serviceAccountEmail = serviceAccountName + "@" + projectId + ".iam.gserviceaccount.com";
try {
DisableServiceAccountKeyRequest
disableServiceAccountKeyRequest = new DisableServiceAccountKeyRequest();
// Use the IAM service to disable the service account key.
service
.projects()
.serviceAccounts()
.keys()
.disable(String
.format("projects/%s/serviceAccounts/%s/keys/%s", projectId, serviceAccountEmail,
serviceAccountKeyName), disableServiceAccountKeyRequest)
.execute();
System.out.println("Disabled service account key: " + serviceAccountKeyName);
} catch (IOException e) {
System.out.println("Failed to disable service account key: \n" + e);
}
}
private static Iam initService() throws GeneralSecurityException, IOException {
/* Use the Application Default Credentials strategy for authentication. For more info, see:
https://cloud.google.com/docs/authentication/production#finding_credentials_automatically */
GoogleCredentials credential =
GoogleCredentials.getApplicationDefault()
.createScoped(Collections.singleton(IamScopes.CLOUD_PLATFORM));
// Initialize the IAM service, which can be used to send requests to the IAM API.
return new Iam.Builder(
GoogleNetHttpTransport.newTrustedTransport(),
GsonFactory.getDefaultInstance(),
new HttpCredentialsAdapter(credential))
.setApplicationName("service-accounts")
.build();
}
}
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。