-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup-project.sh
executable file
·42 lines (36 loc) · 1.65 KB
/
setup-project.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash
set -o nounset
set -o errexit
readonly PKGDIR="${GOPATH}/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver"
readonly KUBEDEPLOY="${PKGDIR}/deploy/kubernetes"
BIND_ROLES="roles/compute.storageAdmin roles/iam.serviceAccountUser projects/${PROJECT}/roles/gcp_compute_persistent_disk_csi_driver_custom_role"
IAM_NAME="${GCEPD_SA_NAME}@${PROJECT}.iam.gserviceaccount.com"
# Create or Update Custom Role
if gcloud iam roles describe gcp_compute_persistent_disk_csi_driver_custom_role --project "${PROJECT}";
then
yes | gcloud iam roles update gcp_compute_persistent_disk_csi_driver_custom_role \
--project "${PROJECT}" \
--file "${PKGDIR}/deploy/gcp-compute-persistent-disk-csi-driver-custom-role.yaml"
else
gcloud iam roles create gcp_compute_persistent_disk_csi_driver_custom_role \
--project "${PROJECT}" \
--file "${PKGDIR}/deploy/gcp-compute-persistent-disk-csi-driver-custom-role.yaml"
fi
# Delete Service Account Key
if [ -f $SA_FILE ]; then
rm "$SA_FILE"
fi
# Delete Bindings
for role in ${BIND_ROLES}
do
gcloud projects remove-iam-policy-binding "${PROJECT}" --member serviceAccount:"${IAM_NAME}" --role $role --quiet || true
done
# Delete Service Account
gcloud iam service-accounts delete "$IAM_NAME" --quiet || true
# Create new Service Account and Keys
gcloud iam service-accounts create "${GCEPD_SA_NAME}"
for role in ${BIND_ROLES}
do
gcloud projects add-iam-policy-binding "${PROJECT}" --member serviceAccount:"${IAM_NAME}" --role ${role}
done
gcloud iam service-accounts keys create "${SA_FILE}" --iam-account "${IAM_NAME}"