2

I have code below that was given to me to list Google Cloud Service Accounts for a specific Project.

import os
from googleapiclient import discovery
from gcp import get_key

"""gets all Service Accounts from the Service Account page"""

os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = get_key()

service = discovery.build('iam', 'v1')

project_id = 'projects/<google cloud project>'

request = service.projects().serviceAccounts().list(name=project_id)
response = request.execute()

accounts = response['accounts']

for account in accounts:
    print(account['email'])

This code works perfectly and prints the accounts as I need them. What I'm trying to figure out is:

Where can I go to see how to construct code like this? I found a site that has references to the Python API Client, but I can't seem to figure out how to make the code above from it. I can see the Method to list the Service Accounts, but it's still not giving me enough information.

Is there somewhere else I should be going to educate myself. Any information you have is appreciated so I don't pull out the rest of my hair.

Thanks, Eric

Improve this question

2 Answers 2

Reset to default
2

Let me share with you this documentation page, where there is a detailed explanation on how to build a script such as the one you shared, and what does each line of code mean. It is extracted from the documentation of ML Engine, not IAM, but it is using the same Python Google API Client Libary, so just ignore the references to ML and the rest will be useful for you.

In any case, here it is a commented version of your code, so that you understand it better:

# Imports for the Client API Libraries and the key management
import os
from googleapiclient import discovery
from gcp import get_key

# Look for an environment variable containing the credentials for Google Cloud Platform
os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = get_key()

# Build a Python representation of the REST API
service = discovery.build('iam', 'v1')

# Define the Project ID of your project
project_id = 'projects/<google cloud project>'

"""Until this point, the code is general to any API
From this point on, it is specific to the IAM API"""

# Create the request using the appropriate 'serviceAccounts' API
# You can substitute serviceAccounts by any other available API
request = service.projects().serviceAccounts().list(name=project_id)

# Execute the request that was built in the previous step
response = request.execute()

# Process the data from the response obtained with the request execution
accounts = response['accounts']
for account in accounts:
    print(account['email'])

Once you understand the first part of the code, the last lines are specific to the API you are using, which in this case is the Google IAM API. In this link, you can find detailed information on the methods available and what they do.

Then, you can follow the Python API Client Library documentation that you shared in order to see how to call the methods. For instance, in the code you shared, the method used depends on service, which is the Python representation of the API, and then goes down the tree of methods in the last link as in projects(), then serviceAccounts() and finally the specificlist() method, which ends up in request = service.projects().serviceAccounts().list(name=project_id).

Finally, just in case you are interested in the other available APIs, please refer to this page for more information.

I hope the comments I made on your code were of help, and that the documentation shared makes it easier for you to understand how a code like that one could be scripted.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

That's exactly what I was looking for. The documentation page was the missing piece. Your breakdown of my code is icing on the cake. Thanks!
Glad I could help!
1

You can use ipython having googleapiclient installed - with something like:

sudo pip install --upgrade google-api-python-client

You can go to interactive python console and do:

from googleapiclient import discovery
dir(discovery)
help(discovery)

dir - gives all entries that object has - so:

a = ''
dir(a)

Will tell what you can do with string object. Doing help(a) will give help for string object. You can do dipper:

dir(discovery) # and then for instance
help(discovery.re)

You can call your script in steps, and see what is result print it, do some research, having something - do %history to printout your session, and have solution that can be triggered as a script.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.