如何为Google云端存储服务帐户键入旋转功能?

时间:2016-10-15 21:16:40

标签: google-cloud-storage service-accounts

我编写了用于访问GCS存储桶的代码,以便通过Java获取JSON凭证文件中的API来存储文件。我从谷歌控制台创建了该JSON文件。我需要每90天自动化JSON文件或密钥轮换。如何重新生成/旋转该JSON文件?我是GCS的新手。

import java.io.IOException;
import java.security.GeneralSecurityException;

import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpMethods;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.IamRequest;
import com.google.api.services.iam.v1.IamRequestInitializer;
import com.google.api.services.iam.v1.model.CreateServiceAccountKeyRequest;
public class TestServiceAccount {

    public static void main(String[] args) {
        // TODO Auto-generated method stub
            //ServiceAccountKey  key = new ServiceAccountKey();

            try {
                System.out.println("created");
                String KEY = "AIzaSyDjHg2u4bwfvncb_YwdjJC_vUPRYLW5Sh8";
                IamRequestInitializer req = new IamRequestInitializer(KEY);
                HttpTransport transport;
                transport = GoogleNetHttpTransport.newTrustedTransport();
                JsonFactory jsonFactory = new JacksonFactory();


                Iam iam = new Iam(transport,jsonFactory,new HttpRequestInitializer() {

                    public void initialize(HttpRequest httpRequest) {

                        httpRequest.setConnectTimeout(0);
                        httpRequest.setReadTimeout(0);
                    }
                });
                //https://iam.googleapis.com/v1/projects/newsampleproject/serviceAccounts/NewServiceAccount/keys
                MyIamRequest<String> request = new MyIamRequest<String>(
                        iam, HttpMethods.POST, "/v1/projects/newsampleproject/serviceAccounts/NewServiceAccount/keys", String.class, String.class);
                req.initialize(request);
                System.out.println(req.getKey());
                req.initializeJsonRequest(request);
                System.out.println(req.getUserIp());
            } catch (GeneralSecurityException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (IOException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }catch (Exception e) {
                e.printStackTrace();
            }



            //req.initializeJsonRequest(request);
    }

    public static HttpRequestFactory createRequestFactory(HttpTransport transport) {
        return transport.createRequestFactory(new HttpRequestInitializer() {
          public void initialize(HttpRequest request) throws IOException {

          }
        });
      }

}

这就是我所写的调用API但是我不确定这是否是调用它的方法。

3 个答案:

答案 0 :(得分:1)

如果您正在使用JSON凭据文件,那么您将充当某个特定服务帐户,该帐户是您项目的成员并且可以访问这些文件。

可以通过编程方式控制服务帐户以确切地使用这种用例。 IAM服务帐户API控制服务帐户,您想要进行密钥轮换的两种方法是serviceAccount.keys.create()serviceAccount.keys.delete()

create()调用的结果(如果您传入私钥类型TYPE_GOOGLE_CREDENTIALS_FILE)将是您的服务帐户的新的有效JSON凭据文件。

答案 1 :(得分:1)

  

@ user7049946 

ServiceAccountKey response = getServiceAccountKey(req, iam, requestString);
CreateNewJson.createFile("NEW_JSON_KEY_FILE_NAME", new String(response.decodePrivateKeyData()));

创建新类以将该conent转换为新文件。

public class CreateNewJson {
    public static void createFile(String filename, String content) throws IOException {
        FileOutputStream fileOutputStream = null;
        File file;
        file = new File(filename);
        fileOutputStream = new FileOutputStream(file);
            if (!file.exists()) {
                file.createNewFile();
            }else{
                file.delete();
                file.createNewFile();
            }
            byte[] contentInBytes = content.getBytes();
            fileOutputStream.write(contentInBytes);
            fileOutputStream.flush();
            fileOutputStream.close();
            System.out.println("File Created");
    }
}

答案 2 :(得分:1)

尝试这个解决方案,它对我有用

private static void createNewKey(IamRequestInitializer req) throws IOException, GeneralSecurityException {
        Iam iam = jsonAuthentication();
        CreateServiceAccountKeyRequest keyRequest = new CreateServiceAccountKeyRequest();
        keyRequest.setKeyAlgorithm(KEY_ALGO);
        String account = SERVICE_ACCOUNT_URL + SERVICE_ACCOUNT_EMAIL;
        iam.projects().serviceAccounts().keys().create(account, keyRequest);
        String requestString = BASE_URL + SERVICE_ACCOUNT_EMAIL + KEY;
        ServiceAccountKey result = getServiceAccountKey(req, iam, requestString);
        String jsonKey = new String(result.decodePrivateKeyData());
        System.out.println(jsonKey);
        JsonFileUtil.createFile(JSON_KEY_FILE_NAME, jsonKey);
    }

    private static <T> T getServiceAccountKey(IamRequestInitializer req, Iam iam, String requestString)
            throws IOException {
        MyIamRequest<String> request = new MyIamRequest<String>(iam, HttpMethods.POST, requestString, String.class,
                ServiceAccountKey.class);
        request.setKey(API_KEY);
        request.setFields(
                "keyAlgorithm,name,privateKeyData,privateKeyType,publicKeyData,validAfterTime,validBeforeTime");
        req.initializeJsonRequest(request);
        System.out.println(request.getRequestHeaders());
        return (T) request.execute();
    }
相关问题
最新问题