演示如何列出服务帐号密钥。
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
C++
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM C++ API 参考文档。
namespace iam = ::google::cloud::iam;
[](std::string const& service_account_name,
std::vector<std::string> const& key_type_labels) {
iam::IAMClient client(iam::MakeIAMConnection());
std::vector<google::iam::admin::v1::ListServiceAccountKeysRequest::KeyType>
key_types;
for (auto const& type : key_type_labels) {
if (type == "USER_MANAGED") {
key_types.push_back(google::iam::admin::v1::
ListServiceAccountKeysRequest::USER_MANAGED);
} else if (type == "SYSTEM_MANAGED") {
key_types.push_back(google::iam::admin::v1::
ListServiceAccountKeysRequest::SYSTEM_MANAGED);
}
}
auto response =
client.ListServiceAccountKeys(service_account_name, key_types);
if (!response) throw std::move(response).status();
std::cout << "ServiceAccountKeys successfully retrieved: "
<< response->DebugString() << "\n";
}
C#
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM C# API 参考文档。
using System;
using System.Collections.Generic;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Iam.v1;
using Google.Apis.Iam.v1.Data;
public partial class ServiceAccountKeys
{
public static IList<ServiceAccountKey> ListKeys(string serviceAccountEmail)
{
var credential = GoogleCredential.GetApplicationDefault()
.CreateScoped(IamService.Scope.CloudPlatform);
var service = new IamService(new IamService.Initializer
{
HttpClientInitializer = credential
});
var response = service.Projects.ServiceAccounts.Keys
.List($"projects/-/serviceAccounts/{serviceAccountEmail}")
.Execute();
foreach (ServiceAccountKey key in response.Keys)
{
Console.WriteLine("Key: " + key.Name);
}
return response.Keys;
}
}
Go
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM Go API 参考文档。
import (
"context"
"fmt"
"io"
iam "google.golang.org/api/iam/v1"
)
// listKey lists a service account's keys.
func listKeys(w io.Writer, serviceAccountEmail string) ([]*iam.ServiceAccountKey, error) {
ctx := context.Background()
service, err := iam.NewService(ctx)
if err != nil {
return nil, fmt.Errorf("iam.NewService: %v", err)
}
resource := "projects/-/serviceAccounts/" + serviceAccountEmail
response, err := service.Projects.ServiceAccounts.Keys.List(resource).Do()
if err != nil {
return nil, fmt.Errorf("Projects.ServiceAccounts.Keys.List: %v", err)
}
for _, key := range response.Keys {
fmt.Fprintf(w, "Listing key: %v", key.Name)
}
return response.Keys, nil
}
Java
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM Java API 参考文档。
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.IamScopes;
import com.google.api.services.iam.v1.model.ServiceAccountKey;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.List;
public class ListServiceAccountKeys {
// Lists all keys for a service account.
public static void listKeys(String projectId, String serviceAccountName) {
// String projectId = "my-project-id";
// String serviceAccountName = "my-service-account-name";
Iam service = null;
try {
service = initService();
} catch (IOException | GeneralSecurityException e) {
System.out.println("Unable to initialize service: \n" + e.toString());
return;
}
String serviceAccountEmail = serviceAccountName + "@" + projectId + ".iam.gserviceaccount.com";
try {
List<ServiceAccountKey> keys =
service
.projects()
.serviceAccounts()
.keys()
.list("projects/-/serviceAccounts/" + serviceAccountEmail)
.execute()
.getKeys();
for (ServiceAccountKey key : keys) {
System.out.println("Key: " + key.getName());
}
} catch (IOException e) {
System.out.println("Unable to list service account keys: \n" + e.toString());
}
}
private static Iam initService() throws GeneralSecurityException, IOException {
// Use the Application Default Credentials strategy for authentication. For more info, see:
// https://cloud.google.com/docs/authentication/production#finding_credentials_automatically
GoogleCredentials credential =
GoogleCredentials.getApplicationDefault()
.createScoped(Collections.singleton(IamScopes.CLOUD_PLATFORM));
// Initialize the IAM service, which can be used to send requests to the IAM API.
Iam service =
new Iam.Builder(
GoogleNetHttpTransport.newTrustedTransport(),
JacksonFactory.getDefaultInstance(),
new HttpCredentialsAdapter(credential))
.setApplicationName("service-account-keys")
.build();
return service;
}
}
Python
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM Python API 参考文档。
import os
from google.oauth2 import service_account
import googleapiclient.discovery
def list_keys(service_account_email):
"""Lists all keys for a service account."""
credentials = service_account.Credentials.from_service_account_file(
filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
scopes=['https://www.googleapis.com/auth/cloud-platform'])
service = googleapiclient.discovery.build(
'iam', 'v1', credentials=credentials)
keys = service.projects().serviceAccounts().keys().list(
name='projects/-/serviceAccounts/' + service_account_email).execute()
for key in keys['keys']:
print('Key: ' + key['name'])
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。