-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathassign_admin_roles.sh
88 lines (71 loc) · 3.21 KB
/
assign_admin_roles.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/bin/bash
# Como executar o arquivo no GCloud CMD:
# 1. Abra a CLI do GCloud e faça a abertura do Editor.
# 2. Crie um novo arquivo .sh e copie o conteúdo abaixo.
# 3. Navegue até o diretório:
# > chmod +x [nome_do_arquivo].sh
# 4. Execute o script:
# > ./[nome_do_arquivo].sh
# Criando Conta de Serviço:
gcloud iam service-accounts create data-engineer-administrator \
--description="Usuário administrador geral" \
--display-name="Data Engineer - Administrator"
# Listar Contas de Serviço:
gcloud iam service-accounts list --project=project-automated-data-market
# Após a criação do usuário, é necessário atribuir as permissões:
USER_EMAIL="data-engineer-administrator@project-automated-data-market.iam.gserviceaccount.com"
PROJECT_ID="project-automated-data-market"
REGION="us-central1"
FUNCTION_NAME="project-data-market"
# Adiciona a função de Administrador do Cloud Functions
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/cloudfunctions.admin"
# Adiciona a função de Administrador do Storage
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/storage.admin"
# Adiciona a função de Administrador do BigQuery
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/bigquery.admin"
# Adiciona a função de Editor do Cloud Build
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/cloudbuild.builds.editor"
# Adiciona a função de Administrador do Cloud Scheduler
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/cloudscheduler.admin"
# Adiciona a função de Administrador do Compute Engine
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/compute.admin"
# Adiciona a função de Visualizador de Objetos do Storage
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/storage.objectViewer"
# Adiciona a função de Get de Objetos do Storage
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/storage.objects.get"
# Adiciona a permissão de invocação à função Cloud Functions
gcloud functions add-iam-policy-binding $FUNCTION_NAME \
--regions=$REGION \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/cloudfunctions.invoker"
# Adiciona a função de Invoker do Cloud Run
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/run.invoker"
# Lista as funções na região especificada
gcloud functions list --project=$PROJECT_ID --regions=$REGION
# Adiciona permissão de invocação à função se existir
if gcloud functions describe $FUNCTION_NAME --project=$PROJECT_ID --regions=$REGION; then
gcloud functions add-iam-policy-binding $FUNCTION_NAME \
--regions=$REGION \
--member="serviceAccount:$USER_EMAIL" \
--role="roles/cloudfunctions.invoker"
else
echo "Função $FUNCTION_NAME não encontrada na região $REGION."
exit 1