Skip to content

Commit

Permalink
Skip "default" gcp service accounts
Browse files Browse the repository at this point in the history 
- Using the email to determine if an account is default to a project

For #93
  • Loading branch information
Genevieve Lesperance committed Sep 20, 2019
1 parent 563acce commit b8c415c
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 7 deletions.
23 changes: 18 additions & 5 deletions gcp/iam/service_accounts.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,18 @@ type serviceAccountsClient interface {
}

type ServiceAccounts struct {
client serviceAccountsClient
logger logger
client serviceAccountsClient
projectName string
projectNumber string
logger logger
}

func NewServiceAccounts(client serviceAccountsClient, logger logger) ServiceAccounts {
func NewServiceAccounts(client serviceAccountsClient, projectName string, projectNumber string, logger logger) ServiceAccounts {
return ServiceAccounts{
client: client,
logger: logger,
client: client,
projectName: projectName,
projectNumber: projectNumber,
logger: logger,
}
}

Expand All @@ -39,6 +43,10 @@ func (s ServiceAccounts) List(filter string) ([]common.Deletable, error) {
for _, account := range accounts {
resource := NewServiceAccount(s.client, s.logger, account.Name, account.Email)

if isDefault(s.projectName, s.projectNumber, account.Email) {
continue
}

if !strings.Contains(resource.Name(), filter) {
continue
}
Expand All @@ -57,3 +65,8 @@ func (s ServiceAccounts) List(filter string) ([]common.Deletable, error) {
func (s ServiceAccounts) Type() string {
return "service-account"
}

func isDefault(projectName, projectNumber, email string) bool {
return email == fmt.Sprintf("%s@appspot.gserviceaccount.com", projectName) ||
email == fmt.Sprintf("%s-compute@developer.gserviceaccount.com", projectNumber)
}
43 changes: 42 additions & 1 deletion gcp/iam/service_accounts_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,21 @@ var _ = Describe("ServiceAccounts", func() {
client *fakes.ServiceAccountsClient
logger *fakes.Logger

projectName string
projectNumber string

serviceAccounts iam.ServiceAccounts
)

BeforeEach(func() {
client = &fakes.ServiceAccountsClient{}
projectName = "projectName"
projectNumber = "11111"
logger = &fakes.Logger{}

logger.PromptWithDetailsCall.Returns.Proceed = true

serviceAccounts = iam.NewServiceAccounts(client, logger)
serviceAccounts = iam.NewServiceAccounts(client, projectName, projectNumber, logger)
})

Describe("List", func() {
Expand Down Expand Up @@ -62,6 +67,42 @@ var _ = Describe("ServiceAccounts", func() {
})
})

Context("when the serviceAccount email is projectName@appspot.gserviceaccount.com", func() {
BeforeEach(func() {
client.ListServiceAccountsCall.Returns.Output = []*gcpiam.ServiceAccount{{
Name: "banana-service-account",
Email: "projectName@appspot.gserviceaccount.com",
}}
filter = "banana"
})

It("does not add it to the list", func() {
list, err := serviceAccounts.List("banana")
Expect(err).NotTo(HaveOccurred())

Expect(logger.PromptWithDetailsCall.CallCount).To(Equal(0))
Expect(list).To(HaveLen(0))
})
})

Context("when the serviceAccount email is 11111-compute@developer.gserviceaccount.com", func() {
BeforeEach(func() {
client.ListServiceAccountsCall.Returns.Output = []*gcpiam.ServiceAccount{{
Name: "banana-service-account",
Email: "11111-compute@developer.gserviceaccount.com",
}}
filter = "banana"
})

It("does not add it to the list", func() {
list, err := serviceAccounts.List("banana")
Expect(err).NotTo(HaveOccurred())

Expect(logger.PromptWithDetailsCall.CallCount).To(Equal(0))
Expect(list).To(HaveLen(0))
})
})

Context("when the serviceAccount name does not contain the filter", func() {
It("does not add it to the list", func() {
list, err := serviceAccounts.List("grape")
Expand Down
8 changes: 7 additions & 1 deletion gcp/leftovers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,12 @@ func NewLeftovers(logger logger, keyPath string) (Leftovers, error) {
return Leftovers{}, err
}

project, err := crmService.Projects.Get(p.ProjectId).Do()
if err != nil {
return Leftovers{}, err
}
projectNumber := string(project.ProjectNumber)

iamService, err := gcpiam.New(httpClient)
if err != nil {
return Leftovers{}, err
Expand Down Expand Up @@ -155,7 +161,7 @@ func NewLeftovers(logger logger, keyPath string) (Leftovers, error) {
compute.NewNetworks(client, logger),
compute.NewAddresses(client, logger, regions),
compute.NewSslCertificates(client, logger),
iam.NewServiceAccounts(iamClient, logger),
iam.NewServiceAccounts(iamClient, p.ProjectId, projectNumber, logger),
dns.NewManagedZones(dnsClient, dns.NewRecordSets(dnsClient), logger),
sql.NewInstances(sqlClient, logger),
storage.NewBuckets(storageClient, logger),
Expand Down

0 comments on commit b8c415c

Please sign in to comment.