sa-gen/sa-add2group

#!/bin/bash
# This script will extract service account emails from json keys in a local folder,
# then add the SA emails to a Google group. If the group does not exist it will create the group
# Prerequisite:  gcloud sdk

# Get the service account keys location from command line argument or prompt user for input
if [ -z "$1" ]; then
  read -p "Enter the location of the service account keys: " service_account_keys_location
else
  service_account_keys_location="$1"
fi

# Get the google group email name from command line argument or prompt user for input
if [ -z "$2" ]; then
  read -p "Enter the google group email to add the service account emails to: " google_group_email_name
else
  google_group_email_name="$2"
fi

# Get the list of service account json keys
service_account_keys=$(find "$service_account_keys_location" -type f -name "*.json" | sort | uniq )

# Extract the email addresses from the service account json keys
email_addresses=()
for service_account_key in $service_account_keys; do
  email_address=$(jq -r '.client_email' "$service_account_key")
  email_addresses+=("$email_address")
done

printf "There are %s unique service account emails.\n" "${#email_addresses[@]}"

# Enable necessary Google APIs in gcloud sdk
gcloud services enable admin.googleapis.com cloudresourcemanager.googleapis.com cloudidentity.googleapis.com

# Check if the google group exists
if gcloud identity groups describe "$google_group_email_name" &> /dev/null; then
  printf "The google group %s already exists.\n" "$google_group_email_name"
else
  printf "The google group %s does not exist. Creating it.\n" "$google_group_email_name"
  organization_id=$(gcloud organizations list --format="value(ID)")
  if gcloud identity groups create "$google_group_email_name" --description="$google_group_email_name" --organization="$organization_id"; then
    printf "The google group %s was created successfully.\n" "$google_group_email_name"
  else
    printf "Failed to create the google group %s.\n" "$google_group_email_name"
  fi
fi

# Add service account emails to google group
printf "Adding %s emails to %s\n" "${#email_addresses[@]}" "$google_group_email_name"
for email in "${email_addresses[@]}"; do
  gcloud identity groups memberships add --group-email="$google_group_email_name" --member-email="$email"
done
Add more utils 2023-05-03 21:39:37 +08:00			`#!/bin/bash`
			`# This script will extract service account emails from json keys in a local folder,`
			`# then add the SA emails to a Google group. If the group does not exist it will create the group`
			`# Prerequisite: gcloud sdk`

			`# Get the service account keys location from command line argument or prompt user for input`
			`if [ -z "$1" ]; then`
			`read -p "Enter the location of the service account keys: " service_account_keys_location`
			`else`
			`service_account_keys_location="$1"`
			`fi`

			`# Get the google group email name from command line argument or prompt user for input`
			`if [ -z "$2" ]; then`
			`read -p "Enter the google group email to add the service account emails to: " google_group_email_name`
			`else`
			`google_group_email_name="$2"`
			`fi`

			`# Get the list of service account json keys`
			`service_account_keys=$(find "$service_account_keys_location" -type f -name "*.json" \| sort \| uniq )`

			`# Extract the email addresses from the service account json keys`
			`email_addresses=()`
			`for service_account_key in $service_account_keys; do`
			`email_address=$(jq -r '.client_email' "$service_account_key")`
			`email_addresses+=("$email_address")`
			`done`

			`printf "There are %s unique service account emails.\n" "${#email_addresses[@]}"`

			`# Enable necessary Google APIs in gcloud sdk`
			`gcloud services enable admin.googleapis.com cloudresourcemanager.googleapis.com cloudidentity.googleapis.com`

			`# Check if the google group exists`
			`if gcloud identity groups describe "$google_group_email_name" &> /dev/null; then`
			`printf "The google group %s already exists.\n" "$google_group_email_name"`
			`else`
			`printf "The google group %s does not exist. Creating it.\n" "$google_group_email_name"`
			`organization_id=$(gcloud organizations list --format="value(ID)")`
			`if gcloud identity groups create "$google_group_email_name" --description="$google_group_email_name" --organization="$organization_id"; then`
			`printf "The google group %s was created successfully.\n" "$google_group_email_name"`
			`else`
			`printf "Failed to create the google group %s.\n" "$google_group_email_name"`
			`fi`
			`fi`

			`# Add service account emails to google group`
			`printf "Adding %s emails to %s\n" "${#email_addresses[@]}" "$google_group_email_name"`
			`for email in "${email_addresses[@]}"; do`
			`gcloud identity groups memberships add --group-email="$google_group_email_name" --member-email="$email"`
			`done`