88lex/sa-gen
1
1
Fork 0
mirror of https://github.com/88lex/sa-gen.git synced 2025-02-23 23:24:21 +08:00
Code Issues Projects Releases Packages Wiki Activity

Update sa-gen

Browse source
This commit is contained in:
88lex 2020-05-09 14:57:14 +00:00
parent 0a46eddb34
commit 5a2f79a1c3
1 changed files with 46 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
sa-gen
View file

@ -4,44 +4,73 @@
export KEYS_DIR=/opt/sa export KEYS_DIR=/opt/sa
export ORGANIZATION_ID="insertyourorganizationID" export ORGANIZATION_ID="insertyourorganizationID"
export GROUP_NAME=mygroup@mydomain.com export GROUP_NAME="mygroup@mydomain.com"
export PROJECT_BASE_NAME=myprojectbasename export PROJECT_BASE_NAME="myprojectbasename"
export FIRST_PROJECT_NUM=1 export FIRST_PROJECT_NUM=1
export LAST_PROJECT_NUM=12 export LAST_PROJECT_NUM=12
export SA_EMAIL_BASE_NAME=sagen export SA_EMAIL_BASE_NAME="insertuniquename"
export FIRST_SA_NUM=1 export FIRST_SA_NUM=1
export NUM_SAS_PER_PROJECT=100 export NUM_SAS_PER_PROJECT=100
export CYCLE_DELAY=1s # If issues with Google back end not recognizing SAs increase this number. Set = 0 for no delay
export SECTION_DELAY=15s # If issues with Google back end not recognizing SAs increase this number. Set = 0 for no delay
create_project() {
create_projects() {
export PROJECT=$1 export PROJECT=$1
echo -e "Create project = $PROJECT"
gcloud projects create $PROJECT --organization=$ORGANIZATION_ID gcloud projects create $PROJECT --organization=$ORGANIZATION_ID
sleep $CYCLE_DELAY
}
enable_apis() {
export PROJECT=$1
echo -e "Enable apis for project = $PROJECT"
gcloud config set project $PROJECT gcloud config set project $PROJECT
gcloud services enable drive.googleapis.com gcloud services enable drive.googleapis.com
sleep 5s sleep $CYCLE_DELAY
gcloud services enable sheets.googleapis.com
sleep $CYCLE_DELAY
} }
create_sas() { create_sas() {
let LAST_SA_NUM=$FIRST_SA_NUM+$NUM_SAS_PER_PROJECT export PROJECT=$1
for name in $(seq $FIRST_SA_NUM $LAST_SA_NUM); do echo -e "Create service accounts for project = $PROJECT"
let LAST_SA_NUM=$COUNT+$NUM_SAS_PER_PROJECT-1
for name in $(seq $COUNT $LAST_SA_NUM); do
saname="$SA_EMAIL_BASE_NAME""$name" saname="$SA_EMAIL_BASE_NAME""$name"
echo creating service account for $saname echo -e "Creating service account for $saname@$PROJECT == $name in project $1"
gcloud iam service-accounts create $saname --display-name=$saname gcloud iam service-accounts create $saname --display-name=$saname
gcloud iam service-accounts keys create $KEYS_DIR/$name.json --iam-account=$saname@$PROJECT.iam.gserviceaccount.com sleep $CYCLE_DELAY
# NEED to fix syntax for below command to add SA email to group
#gcloud iam service-accounts add-iam-policy-binding "$saname@$PROJECT.iam.gserviceaccount.com" --member="group:$GROUP_NAME" --role="roles/viewer"
echo "$GROUP_NAME,$saname@$PROJECT.iam.gserviceaccount.com,USER,MEMBER" | tee -a $KEYS_DIR/members.csv $KEYS_DIR/allmembers.csv
done done
let FIRST_SA_NUM=$FIRST_SA_NUM+100 let COUNT=$COUNT+$NUM_SAS_PER_PROJECT
sleep 5s }
create_keys() {
export PROJECT=$1
echo -e "create json keys for $PROJECT"
let LAST_SA_NUM=$COUNT+$NUM_SAS_PER_PROJECT-1
for name in $(seq $COUNT $LAST_SA_NUM); do
saname="$SA_EMAIL_BASE_NAME""$name"
echo -e "creating json keys for $saname@$PROJECT == $name in project $1"
gcloud iam service-accounts keys create $KEYS_DIR/$name.json --iam-account=$saname@$PROJECT.iam.gserviceaccount.com
# NEED to fix syntax for below command to add SA email to group
# gcloud iam service-accounts add-iam-policy-binding "$saname@$PROJECT.iam.gserviceaccount.com" --member="group:$GROUP_NAME" --role="roles/viewer"
echo "$GROUP_NAME,$saname@$PROJECT.iam.gserviceaccount.com,USER,MEMBER" | tee -a $KEYS_DIR/members.csv $KEYS_DIR/allmembers.csv
sleep $CYCLE_DELAY
done
let COUNT=$COUNT+$NUM_SAS_PER_PROJECT
} }
main() { main() {
mkdir -p $KEYS_DIR mkdir -p $KEYS_DIR
[ -f $KEYS_DIR/members.csv ] && cat $KEYS_DIR/members.csv >> $KEYS_DIR/allmembers.csv && sort -uo $KEYS_DIR/allmembers.csv $KEYS_DIR/allmembers.csv [ -f $KEYS_DIR/members.csv ] && cat $KEYS_DIR/members.csv >> $KEYS_DIR/allmembers.csv && sort -uo $KEYS_DIR/allmembers.csv $KEYS_DIR/allmembers.csv
echo "Group Email [Required],Member Email,Member Type,Member Role" >$KEYS_DIR/members.csv echo "Group Email [Required],Member Email,Member Type,Member Role" >$KEYS_DIR/members.csv
for project_num in $(seq $FIRST_PROJECT_NUM $LAST_PROJECT_NUM); do for function in create_projects enable_apis create_sas create_keys ; do
create_project $PROJECT_BASE_NAME$project_num COUNT=$FIRST_SA_NUM
create_sas for project_num in $(seq $FIRST_PROJECT_NUM $LAST_PROJECT_NUM); do
$function $PROJECT_BASE_NAME$project_num
sleep $SECTION_DELAY
done
done done
} }