|
14 | 14 | # See the License for the specific language governing permissions and |
15 | 15 | # limitations under the License. |
16 | 16 |
|
17 | | -{ |
18 | | - # set the Google Cloud Project ID |
19 | | - project_id=$1 |
20 | | - echo "Project ID: $project_id" |
21 | | - gcloud config set project "$project_id" |
22 | | -} && { |
23 | | - timestamp=$(date +%s) |
24 | | - |
25 | | - service_account_id="service-acc-$timestamp" |
26 | | - echo "Service Account: $service_account_id" |
27 | | - |
28 | | - # create service account |
29 | | - gcloud iam service-accounts create "$service_account_id" |
30 | | -} && { |
31 | | - # assign necessary roles to your new service account |
32 | | - for role in {retail.admin,editor} |
33 | | - do |
34 | | - gcloud projects add-iam-policy-binding "$project_id" --member="serviceAccount:$service_account_id@$project_id.iam.gserviceaccount.com" --role=roles/"${role}" |
35 | | - done |
36 | | -} && { |
37 | | - echo "Wait ~60 seconds to be sure the appropriate roles have been assigned to your service account" |
38 | | - sleep 60 |
39 | | - |
40 | | - # upload your service account key file |
41 | | - service_acc_email="$service_account_id@$project_id.iam.gserviceaccount.com" |
42 | | - gcloud iam service-accounts keys create ~/key.json --iam-account "$service_acc_email" |
43 | | -} && { |
44 | | - # activate the service account using the key |
45 | | - gcloud auth activate-service-account --key-file ~/key.json |
46 | | -} && { |
47 | | - echo "=======================================" |
48 | | - echo "The Google Cloud setup is completed." |
49 | | - echo "Please proceed with the Tutorial steps" |
50 | | - echo "=======================================" |
51 | | -} || { |
52 | | - echo "=======================================" |
53 | | - echo "The Google Cloud setup was not completed." |
54 | | - echo "Please fix the errors above!" |
55 | | - echo "=======================================" |
| 17 | +success() { |
| 18 | + echo "=========================================" |
| 19 | + echo "The Google Cloud setup is completed." |
| 20 | + echo "Please proceed with the Tutorial steps" |
| 21 | + echo "=========================================" |
| 22 | + exit 0 |
| 23 | +} |
| 24 | + |
| 25 | +failure() { |
| 26 | + echo "=========================================" |
| 27 | + echo "The Google Cloud setup was not completed." |
| 28 | + echo "Please fix the errors above!" |
| 29 | + echo "=========================================" |
| 30 | + exit 1 |
56 | 31 | } |
| 32 | + |
| 33 | +# catch any error that happened during execution |
| 34 | +trap 'failure' ERR |
| 35 | + |
| 36 | +# set the Google Cloud Project ID |
| 37 | +project_id=$1 |
| 38 | +echo "Project ID: $project_id" |
| 39 | +gcloud config set project "$project_id" |
| 40 | + |
| 41 | +email=$(gcloud auth list --filter="status:ACTIVE account:$project_id.iam.gserviceaccount.com" --format="value(account)") |
| 42 | +echo $email |
| 43 | + |
| 44 | +# Check if user has service account active |
| 45 | +if [ -z "$email" ] |
| 46 | +then |
| 47 | + # Create a new service account |
| 48 | + timestamp=$(date +%s) |
| 49 | + service_account_id="service-acc-$timestamp" |
| 50 | + echo "Service Account: $service_account_id" |
| 51 | + gcloud iam service-accounts create "$service_account_id" |
| 52 | +else |
| 53 | + service_account_id="${email%@*}" |
| 54 | + # Log out of service account |
| 55 | + gcloud auth revoke 2>/dev/null |
| 56 | +fi |
| 57 | +echo "$service_account_id" |
| 58 | + |
| 59 | + |
| 60 | +editor=$(gcloud projects get-iam-policy $project_id \ |
| 61 | +--flatten="bindings[].members" \ |
| 62 | +--format='table(bindings.role)' \ |
| 63 | +--filter="bindings.members:$service_account_id ROLE=roles/editor") |
| 64 | + |
| 65 | +retail_admin=$(gcloud projects get-iam-policy $project_id \ |
| 66 | +--flatten="bindings[].members" \ |
| 67 | +--format='table(bindings.role)' \ |
| 68 | +--filter="bindings.members:$service_account_id ROLE=roles/retail.admin") |
| 69 | + |
| 70 | + |
| 71 | +# Check if any of the needed roles is missing |
| 72 | +if [ -z "$editor" ] || [ -z "$retail_admin" ] |
| 73 | +then |
| 74 | + # Assign necessary roles to your new service account. |
| 75 | + for role in {retail.admin,editor} |
| 76 | + do |
| 77 | + gcloud projects add-iam-policy-binding "$project_id" --member="serviceAccount:$service_account_id@$project_id.iam.gserviceaccount.com" --role=roles/"${role}" |
| 78 | + done |
| 79 | + echo "Wait ~60 seconds to be sure the appropriate roles have been assigned to your service account" |
| 80 | + sleep 60 |
| 81 | +fi |
| 82 | + |
| 83 | +# Upload your service account key file. |
| 84 | +service_acc_email="$service_account_id@$project_id.iam.gserviceaccount.com" |
| 85 | +gcloud iam service-accounts keys create ~/key.json --iam-account "$service_acc_email" |
| 86 | + |
| 87 | +# Activate the service account using the key. |
| 88 | +gcloud auth activate-service-account --key-file ~/key.json |
| 89 | + |
| 90 | +'success' |
0 commit comments