Closed MarkEdmondson1234 closed 4 years ago
library(googleAuthR)
gar_set_client(scopes = "https://www.googleapis.com/auth/cloud-platform")
gar_auth()
gar_service_create("test12345678", "my-project")
gar_service_grant_roles("test12345678@my-project.iam.gserviceaccount.com",
role = "roles/editor",
projectId = "my-project")
gar_service_key("test12345678", "my-project", "my-auth.json")
gar_service_key_list("test12345678", "my-project")
All wrapped up in gar_service_provision()
:
gar_service_provision("my-service-account",
c("roles/viewer", "roles/bigquery.jobUser"))
# 2020-04-23 12:20:09> Writing secret auth JSON key to my-service-account-auth-key.json
Don't use this yet in production, testing
Its ok now, in CRAN version 1.2.1
It would be helpful for a user OAuth2 token to be able to setup service emails. That way for setups a user can login the "easy" way with high permissions, and those permissions can be used to create a service email with locked-down permissions.
https://cloud.google.com/iam/docs/creating-managing-service-accounts#iam-service-accounts-create-rest
https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource