#!/bin/bash

# Copyright 2021 Google LLC.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.


# This script is used to generate the project configurations needed to
# end-to-end test Downscoping with Credential Access Boundaries in the Auth
# library. This script only needs to be run once.
#
# In order to run this script, you need to fill in the project_id and
# service_account_email variables. 
#
# If an argument is provided, the script will use the provided argument
# as the bucket name.  Otherwise, it will create a new bucket.
#
# This script needs to be run once. It will do the following:
# 1. Sets the current project to the one specified.
# 2. If no bucket name was provided, creates a GCS bucket in the specified project.
# 3. Gives the specified service account the objectAdmin role for this bucket.
# 4. Creates two text files to be uploaded to the created bucket.
# 5. Uploads both text files.
# 6. Prints out the identifiers (bucket ID, first object ID, second object ID)
#    to be used in the accompanying tests. 
# 7. Deletes the created text files in the current directory. 
# 
# The same service account used for this setup script should be used for
# the integration tests.
#
# It is safe to run the setup script again. A new bucket is created along with
# new objects. If run multiple times, it is advisable to delete
# unused buckets. 

suffix=""

function generate_random_string () {
  local valid_chars=abcdefghijklmnopqrstuvwxyz0123456789
  for i in {1..8} ; do
    suffix+="${valid_chars:RANDOM%${#valid_chars}:1}"
    done
}

generate_random_string

first_object="cab-first-"${suffix}.txt
second_object="cab-second-"${suffix}.txt

# Fill in.
project_id="dulcet-port-762"
service_account_email="kokoro@dulcet-port-762.iam.gserviceaccount.com"

gcloud config set project ${project_id}

if (( $# != 1 ))
then
	# Create the GCS bucket.
	bucket_id="cab-int-bucket-"${suffix}
	gsutil mb -b on -l us-east1 gs://${bucket_id}  
else
	bucket_id="$1"
fi

# Give the specified service account the objectAdmin role for this bucket.
gsutil iam ch serviceAccount:${service_account_email}:objectAdmin gs://${bucket_id}

# Create both objects.
echo "first" >> ${first_object}
echo "second" >> ${second_object}

# Upload the created objects to the bucket.
gsutil cp ${first_object} gs://${bucket_id}
gsutil cp ${second_object} gs://${bucket_id}

echo "Bucket ID: "${bucket_id}
echo "First object ID: "${first_object}
echo "Second object ID: "${second_object}

# Cleanup
rm ${first_object}
rm ${second_object}