#!/bin/bash
# Running this script requires gcloud command line tools. To install go to https://cloud.google.com/sdk/docs/quickstarts
# See readme.md to understand the variables used in this script

export KEYS_DIR=/opt/sa
export ORGANIZATION_ID="insertyourorganizationID"
export GROUP_NAME=mygroup@mydomain.com
export PROJECT_BASE_NAME=myprojectbasename
export FIRST_PROJECT_NUM=1
export LAST_PROJECT_NUM=12
export SA_EMAIL_BASE_NAME=sagen
export FIRST_SA_NUM=1
export NUM_SAS_PER_PROJECT=100

create_project() {
    export PROJECT=$1
    gcloud projects create $PROJECT --organization=$ORGANIZATION_ID
    gcloud config set project $PROJECT
    gcloud services enable drive.googleapis.com
    sleep 5s
}

create_sas() {
    let LAST_SA_NUM=$FIRST_SA_NUM+$NUM_SAS_PER_PROJECT
    for name in $(seq $FIRST_SA_NUM $LAST_SA_NUM); do
        saname="$SA_EMAIL_BASE_NAME""$name"
        echo creating service account for $saname
        gcloud iam service-accounts create $saname  --display-name=$saname
        gcloud iam service-accounts keys create $KEYS_DIR/$name.json --iam-account=$saname@$PROJECT.iam.gserviceaccount.com
        # NEED to fix syntax for below command to add SA email to group
        #gcloud iam service-accounts add-iam-policy-binding "$saname@$PROJECT.iam.gserviceaccount.com" --member="group:$GROUP_NAME" --role="roles/viewer"
        echo "$GROUP_NAME,$saname@$PROJECT.iam.gserviceaccount.com,USER,MEMBER" | tee -a $KEYS_DIR/members.csv $KEYS_DIR/allmembers.csv
    done
    let FIRST_SA_NUM=$FIRST_SA_NUM+100
    sleep 5s
}

main() {
    mkdir -p $KEYS_DIR
    [ -f $KEYS_DIR/members.csv ] && cat $KEYS_DIR/members.csv >> $KEYS_DIR/allmembers.csv && sort -uo $KEYS_DIR/allmembers.csv $KEYS_DIR/allmembers.csv
    echo "Group Email [Required],Member Email,Member Type,Member Role" >$KEYS_DIR/members.csv
    for project_num in $(seq $FIRST_PROJECT_NUM $LAST_PROJECT_NUM); do
        create_project $PROJECT_BASE_NAME$project_num
        create_sas
    done
}

main