gcp preflight tooling

Worklytics · Feb 10, 2025 · 6e3ed8b · 6e3ed8b
1 parent 4ffc7b6
commit 6e3ed8b
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 20 deletions.
diff --git a/infra/examples-dev/aws/auth b/infra/examples-dev/aws/auth
@@ -10,3 +10,5 @@ if [ -f terraform.tfvars ]; then
         ../../../tools/aws/preflight.sh -r "$AWS_ROLE_ARN"
     fi
 fi
+
+../../../tools/gcp/preflight.sh
diff --git a/infra/examples-dev/gcp/auth b/infra/examples-dev/gcp/auth
@@ -2,23 +2,4 @@
 
 ../../../tools/az-auth.sh
 
-RED='\033[0;31m'
-BLUE='\033[0;34m'
-NC='\033[0m' # No Color
-
-# ensure gcloud installed
-if ! command -v gcloud &> /dev/null
-then
-    printf "${RED}gcloud is not installed.${NC}\n"
-    exit 1
-fi
-
-GCLOUD_ACCOUNT=$(gcloud config get-value account)
-
-if [[ -z "$GCLOUD_ACCOUNT" ]]
-then
-    printf "${RED}gcloud is not authenticated.${NC}\n"
-    exit 1
-fi
-
-printf "gcloud is authenticated with ${BLUE}${GCLOUD_ACCOUNT}${NC}.\n"
+../../../tools/gcp/preflight.sh
diff --git a/tools/gcp/preflight.sh b/tools/gcp/preflight.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+BLUE='\033[0;34m'
+RED='\033[0;31m'
+NC='\033[0m' # No Color
+
+
+# if NO terraform.tfvars, exit
+if [ ! -f "terraform.tfvars" ]; then
+    printf "${RED}No terraform.tfvars found.${NC}\n"
+    exit 1
+fi
+
+
+if [ -f "google-workspace.tf" ]; then
+  printf "${BLUE}google-workspace.tf${NC} found. (Suggests you're using Google Workspace as a data source) \n"
+
+  GOOGLE_WORKSPACE_GCP_PROJECT_ID=$(grep -E "^google_workspace_gcp_project_id" terraform.tfvars | awk -F'=' '{print $2}' | tr -d '"' | xargs)
+fi
+
+GCP_PROJECT_ID=$(grep -E "^gcp_project_id" terraform.tfvars | awk -F'=' '{print $2}' | tr -d '"' | xargs)
+
+# if either GCP_PROJECT_ID or GOOGLE_WORKSPACE_GCP_PROJECT_ID exists
+if [[ -z "$GCP_PROJECT_ID" ]] && [[ -z "$GOOGLE_WORKSPACE_GCP_PROJECT_ID" ]]; then
+    printf "No GCP project id references; not validating gcloud setup found in terraform.tfvars.\n"
+    exit 0
+fi
+
+if ! command -v gcloud &> /dev/null
+then
+    printf "${RED}gcloud is not installed.${NC}\n"
+    exit 1
+fi
+
+GCLOUD_ACCOUNT=$(gcloud config get-value account)
+
+if [[ -z "$GCLOUD_ACCOUNT" ]]
+then
+    printf "${RED}gcloud is not authenticated.${NC}\n"
+    exit 1
+fi
+
+printf "gcloud is authenticated as ${BLUE}${GCLOUD_ACCOUNT}${NC}.\n"
+
+
+# q: is there a good way to validate GCLOUD_ACCOUNTS perms on GCP_PROJECT_ID, without requiring READ of IAM?  (perms to do that ARE not proxy prereqs)
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,3 +10,5 @@ if [ -f terraform.tfvars ]; then @@
             ../../../tools/aws/preflight.sh -r "$AWS_ROLE_ARN"
         fi
     fi
+    ../../../tools/gcp/preflight.sh