Add service account enable/disable snippets (GoogleCloudPlatform#2410)

* Moving variable definitions inside methods

Ensures that variable definitions are captured in the region tags, so they'll show up in the documentation

* Added region tags to capture imports

* Moved variable definitions inside functions

Moved the variable definitions inside the functions so they would be captured by the region tags

* Added region tags to capture imports

* Minor formatting adjustments

* Removing whitespace from blank lines

* Removing whitespace from blank lines

* Lint

* Lint

* Lint

Solved redundancy between global "service_account" and local variable "service_account" in create_service_account and rename_service_account by changing the name of the local variable to "my_service_account"

* Removing pylint tags

* Removing pylint tags

* Update service_account to my_service_account

* Add enable/disable functions and tests

* Adding region tags for imports

* Adding enable/disable functions

* Lint

Author: melaniedejong

iam/api-client/service_accounts.py

@@ -21,8 +21,10 @@
 
 import argparse
 # [START iam_create_service_account]
-# [START iam_list_service_accounts]
+# [START iam_list_service_account]
 # [START iam_rename_service_account]
+# [START iam_disable_service_account]
+# [START iam_enable_service_account]
 # [START iam_delete_service_account]
 import os
 
@@ -32,6 +34,8 @@
 # [END iam_create_service_account]
 # [END iam_list_service_accounts]
 # [END iam_rename_service_account]
+# [END iam_disable_service_account]
+# [END iam_enable_service_account]
 # [END iam_delete_service_account]
 
 
@@ -110,6 +114,43 @@ def rename_service_account(email, new_display_name):
 # [END iam_rename_service_account]
 
 
+# [START iam_disable_service_account]
+def disable_service_account(email):
+    """Disables a service account."""
+
+    credentials = service_account.Credentials.from_service_account_file(
+        filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
+        scopes=['https://www.googleapis.com/auth/cloud-platform'])
+
+    service = googleapiclient.discovery.build(
+        'iam', 'v1', credentials=credentials)
+
+    service.projects().serviceAccounts().disable(
+        name='projects/-/serviceAccounts/' + email).execute()
+
+    print("Disabled service account :" + email)
+# [END iam_disable_service_account]
+
+# [START iam_enable_service_account]
+
+
+def enable_service_account(email):
+    """Enables a service account."""
+
+    credentials = service_account.Credentials.from_service_account_file(
+        filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
+        scopes=['https://www.googleapis.com/auth/cloud-platform'])
+
+    service = googleapiclient.discovery.build(
+        'iam', 'v1', credentials=credentials)
+
+    service.projects().serviceAccounts().enable(
+        name='projects/-/serviceAccounts/' + email).execute()
+
+    print("Disabled service account :" + email)
+# [END iam_enable_service_account]
+
+
 # [START iam_delete_service_account]
 def delete_service_account(email):
     """Deletes a service account."""
@@ -149,10 +190,20 @@ def main():
 
     # Rename
     rename_parser = subparsers.add_parser(
-        'delete', help=rename_service_account.__doc__)
+        'rename', help=rename_service_account.__doc__)
     rename_parser.add_argument('email')
     rename_parser.add_argument('new_display_name')
 
+    # Disable
+    rename_parser = subparsers.add_parser(
+        'disable', help=disable_service_account.__doc__)
+    list_parser.addargument('email')
+
+    # Enable
+    rename_parser = subparsers.add_parser(
+        'enable', help=enable_service_account.__doc__)
+    list_parser.addargument('email')
+
     # Delete
     delete_parser = subparsers.add_parser(
         'delete', help=delete_service_account.__doc__)

iam/api-client/service_accounts_test.py

@@ -30,5 +30,9 @@ def test_service_accounts(capsys):
         project_id)
     service_accounts.rename_service_account(
         email, 'Updated Py Test Account')
+    service_accounts.disable_service_account(
+        email)
+    service_accounts.enable_service_account(
+        email)
     service_accounts.delete_service_account(
         email)