1#!/bin/bash
2
3# Copyright 2021 Google LLC.
4# Use of this source code is governed by a BSD-style
5# license that can be found in the LICENSE file.
6
7
8# This script is used to generate the project configurations needed to
9# end-to-end test Downscoping with Credential Access Boundaries in the Auth
10# library. This script only needs to be run once.
11#
12# In order to run this script, you need to fill in the project_id and
13# service_account_email variables.
14#
15# If an argument is provided, the script will use the provided argument
16# as the bucket name. Otherwise, it will create a new bucket.
17#
18# This script needs to be run once. It will do the following:
19# 1. Sets the current project to the one specified.
20# 2. If no bucket name was provided, creates a GCS bucket in the specified project.
21# 3. Gives the specified service account the objectAdmin role for this bucket.
22# 4. Creates two text files to be uploaded to the created bucket.
23# 5. Uploads both text files.
24# 6. Prints out the identifiers (bucket ID, first object ID, second object ID)
25# to be used in the accompanying tests.
26# 7. Deletes the created text files in the current directory.
27#
28# The same service account used for this setup script should be used for
29# the integration tests.
30#
31# It is safe to run the setup script again. A new bucket is created along with
32# new objects. If run multiple times, it is advisable to delete
33# unused buckets.
34
35suffix=""
36
37function generate_random_string () {
38 local valid_chars=abcdefghijklmnopqrstuvwxyz0123456789
39 for i in {1..8} ; do
40 suffix+="${valid_chars:RANDOM%${#valid_chars}:1}"
41 done
42}
43
44generate_random_string
45
46first_object="cab-first-"${suffix}.txt
47second_object="cab-second-"${suffix}.txt
48
49# Fill in.
50project_id="dulcet-port-762"
51service_account_email="kokoro@dulcet-port-762.iam.gserviceaccount.com"
52
53gcloud config set project ${project_id}
54
55if (( $# != 1 ))
56then
57 # Create the GCS bucket.
58 bucket_id="cab-int-bucket-"${suffix}
59 gsutil mb -b on -l us-east1 gs://${bucket_id}
60else
61 bucket_id="$1"
62fi
63
64# Give the specified service account the objectAdmin role for this bucket.
65gsutil iam ch serviceAccount:${service_account_email}:objectAdmin gs://${bucket_id}
66
67# Create both objects.
68echo "first" >> ${first_object}
69echo "second" >> ${second_object}
70
71# Upload the created objects to the bucket.
72gsutil cp ${first_object} gs://${bucket_id}
73gsutil cp ${second_object} gs://${bucket_id}
74
75echo "Bucket ID: "${bucket_id}
76echo "First object ID: "${first_object}
77echo "Second object ID: "${second_object}
78
79# Cleanup
80rm ${first_object}
81rm ${second_object}
View as plain text