mirror of
https://github.com/88lex/sa-gen.git
synced 2024-09-20 06:55:57 +08:00
Add more utils
This commit is contained in:
parent
8af297e454
commit
8dfdb0ab63
18
README.md
18
README.md
|
@ -9,11 +9,27 @@ May 2023 NOTE: `sa-gen` has been updated to
|
|||
- SUFFIX may also be set manually in `sa-gen.conf` if you like
|
||||
- Prior versions of sa-gen still run, and have been put in the /old directory
|
||||
|
||||
- A separate, simple script called `make-tds` (from sasync/utils) is added here as well
|
||||
ADDED new scripts
|
||||
- `make-tds` (from sasync/utils) Preequisite: fclone
|
||||
- `make-tds` will create as many new Shared Drives/Team Drives as you like
|
||||
- It uses Mawaya's fclone which you can install with `install_fclone`
|
||||
- If you specify one existing Shared Drive on the same account then all new Shared Drives/TDs will be created with the same Members and permissions as the existing Shared Drive
|
||||
|
||||
- `sa-add2group` Prerequisite: gcloud sdk
|
||||
- This script will extract service account emails from json keys in a local folder,
|
||||
then add the SA emails to a Google group. If the group does not exist it will create the group
|
||||
|
||||
- `sa-count` Prerequisite: gcloud sdk
|
||||
- This scipt will get a list of all projects in an account and print the
|
||||
project name along with the number of service accounts per project
|
||||
|
||||
- `sa-delete` Prerequisite: gcloud sdk
|
||||
- This script will delete all service accounts in a specified project
|
||||
|
||||
- `sa-emails` Prerequisite: jq
|
||||
- This script will list all service account emails for json keys in a given directory
|
||||
|
||||
|
||||
THINGS TO CONSIDER:
|
||||
- Google accounts generally allow 12, 25 or 50 projects depending on the type of account
|
||||
- You may request additional projects. But Google has been a little more selective about granting additional projects recently
|
||||
|
|
52
sa-add2group
Executable file
52
sa-add2group
Executable file
|
@ -0,0 +1,52 @@
|
|||
#!/bin/bash
|
||||
# This script will extract service account emails from json keys in a local folder,
|
||||
# then add the SA emails to a Google group. If the group does not exist it will create the group
|
||||
# Prerequisite: gcloud sdk
|
||||
|
||||
# Get the service account keys location from command line argument or prompt user for input
|
||||
if [ -z "$1" ]; then
|
||||
read -p "Enter the location of the service account keys: " service_account_keys_location
|
||||
else
|
||||
service_account_keys_location="$1"
|
||||
fi
|
||||
|
||||
# Get the google group email name from command line argument or prompt user for input
|
||||
if [ -z "$2" ]; then
|
||||
read -p "Enter the google group email to add the service account emails to: " google_group_email_name
|
||||
else
|
||||
google_group_email_name="$2"
|
||||
fi
|
||||
|
||||
# Get the list of service account json keys
|
||||
service_account_keys=$(find "$service_account_keys_location" -type f -name "*.json" | sort | uniq )
|
||||
|
||||
# Extract the email addresses from the service account json keys
|
||||
email_addresses=()
|
||||
for service_account_key in $service_account_keys; do
|
||||
email_address=$(jq -r '.client_email' "$service_account_key")
|
||||
email_addresses+=("$email_address")
|
||||
done
|
||||
|
||||
printf "There are %s unique service account emails.\n" "${#email_addresses[@]}"
|
||||
|
||||
# Enable necessary Google APIs in gcloud sdk
|
||||
gcloud services enable admin.googleapis.com cloudresourcemanager.googleapis.com cloudidentity.googleapis.com
|
||||
|
||||
# Check if the google group exists
|
||||
if gcloud identity groups describe "$google_group_email_name" &> /dev/null; then
|
||||
printf "The google group %s already exists.\n" "$google_group_email_name"
|
||||
else
|
||||
printf "The google group %s does not exist. Creating it.\n" "$google_group_email_name"
|
||||
organization_id=$(gcloud organizations list --format="value(ID)")
|
||||
if gcloud identity groups create "$google_group_email_name" --description="$google_group_email_name" --organization="$organization_id"; then
|
||||
printf "The google group %s was created successfully.\n" "$google_group_email_name"
|
||||
else
|
||||
printf "Failed to create the google group %s.\n" "$google_group_email_name"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Add service account emails to google group
|
||||
printf "Adding %s emails to %s\n" "${#email_addresses[@]}" "$google_group_email_name"
|
||||
for email in "${email_addresses[@]}"; do
|
||||
gcloud identity groups memberships add --group-email="$google_group_email_name" --member-email="$email"
|
||||
done
|
19
sa-count
Executable file
19
sa-count
Executable file
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
# This scipt will get a list of all projects in an account and print the
|
||||
# project name along with the number of service accounts per project
|
||||
|
||||
PROJECTS=$(gcloud projects list --format="value(projectId)")
|
||||
|
||||
# For each project, get the list of service accounts.
|
||||
for PROJECT in ${PROJECTS}; do
|
||||
|
||||
# Get the list of service accounts in the project.
|
||||
SERVICE_ACCOUNTS=$(gcloud iam service-accounts list --project=${PROJECT})
|
||||
|
||||
# Count the number of service accounts.
|
||||
SERVICE_ACCOUNT_COUNT=$(grep -c "account" <<< ${SERVICE_ACCOUNTS})
|
||||
|
||||
# Print the project name and the number of service accounts.
|
||||
echo "${PROJECT}: ${SERVICE_ACCOUNT_COUNT}"
|
||||
|
||||
done
|
30
sa-delete
Executable file
30
sa-delete
Executable file
|
@ -0,0 +1,30 @@
|
|||
#!/bin/bash
|
||||
# This script will delete all service accounts in a project
|
||||
|
||||
# List all projects and store them in an array
|
||||
PROJECTS=($(gcloud projects list --format="value(projectId)"))
|
||||
# Print the array with indices
|
||||
echo "Available projects:"
|
||||
for i in "${!PROJECTS[@]}"
|
||||
do
|
||||
echo "$i) ${PROJECTS[$i]}"
|
||||
done
|
||||
# Prompt the user to enter an index
|
||||
read -p "Enter the index of the project you want to delete all service accounts for: " INDEX
|
||||
# Validate the input
|
||||
if [[ $INDEX =~ ^[0-9]+$ ]] && [ $INDEX -ge 0 ] && [ $INDEX -lt ${#PROJECTS[@]} ]
|
||||
then
|
||||
# Get the project ID from the array
|
||||
PROJECT_ID=${PROJECTS[$INDEX]}
|
||||
# List all service accounts for the project and store them in an array
|
||||
SERVICE_ACCOUNTS=($(gcloud iam service-accounts list --project $PROJECT_ID --format="value(email)"))
|
||||
# Loop over the array and delete each service account
|
||||
for SA in "${SERVICE_ACCOUNTS[@]}"
|
||||
do
|
||||
echo "Deleting service account $SA"
|
||||
gcloud iam service-accounts delete $SA --quiet
|
||||
done
|
||||
else
|
||||
# Invalid input
|
||||
echo "Invalid index. Please try again."
|
||||
fi
|
21
sa-emails
Executable file
21
sa-emails
Executable file
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
# This script will list all service account emails for json keys in a given directory
|
||||
|
||||
# Get the path to the directory containing the JSON key files.
|
||||
if [ -z "$1" ]; then
|
||||
read -p "Enter the path to the directory containing the JSON key files: " key_file_dir
|
||||
else
|
||||
key_file_dir=$1
|
||||
fi
|
||||
|
||||
# Check if the directory exists.
|
||||
if [ ! -d "$key_file_dir" ]; then
|
||||
echo "The directory '$key_file_dir' does not exist."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Iterate over all the JSON key files in the directory.
|
||||
for key_file in "$key_file_dir"/*.json; do
|
||||
service_account_emails=$(jq -r '.client_email' "$key_file")
|
||||
echo "$service_account_emails"
|
||||
done
|
Loading…
Reference in a new issue