-
Notifications
You must be signed in to change notification settings - Fork 353
/
Configuring IAM Permissions with gCloud Azure
59 lines (45 loc) · 2.47 KB
/
Configuring IAM Permissions with gCloud Azure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
export ZONE_1=
export ZONE_2=
export SECOND_USER_NAME=
export SECOND_PROJECT_ID=
gcloud --version
gcloud auth login --no-launch-browser --quiet
sudo yum install google-cloud-cli -y
gcloud config set compute/zone "$ZONE_1"
export ZONE=$(gcloud config get compute/zone)
gcloud config set compute/region "${ZONE_1%-*}"
export REGION=$(gcloud config get compute/region)
gcloud compute instances create lab-1 --zone=$ZONE
gcloud config set compute/zone $ZONE_2
gcloud init --no-launch-browser
>> Type user2
gcloud config configurations activate default
gcloud config configurations activate user2
echo "export PROJECTID2=$SECOND_PROJECT_ID" >> ~/.bashrc
. ~/.bashrc
gcloud config set project $PROJECTID2 --quiet
gcloud config configurations activate default
sudo yum -y install epel-release
sudo yum -y install jq
echo "export USERID2=$SECOND_USER_NAME" >> ~/.bashrc
. ~/.bashrc
gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
gcloud config configurations activate user2
gcloud config set project $PROJECTID2
gcloud compute instances create lab-2
gcloud config configurations activate default
gcloud iam roles create devops --project $PROJECTID2 --permissions "compute.instances.create,compute.instances.delete,compute.instances.start,compute.instances.stop,compute.instances.update,compute.disks.create,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.instances.setMetadata,compute.instances.setServiceAccount"
gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/iam.serviceAccountUser
gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devops
gcloud config configurations activate user2
gcloud compute instances create lab-2
gcloud config configurations activate default
gcloud config set project $PROJECTID2
gcloud iam service-accounts create devops --display-name devops
gcloud iam service-accounts list --filter "displayName=devops"
SA=$(gcloud iam service-accounts list --format="value(email)" --filter "displayName=devops")
gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/iam.serviceAccountUser
gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/compute.instanceAdmin
gcloud compute instances create lab-3 --service-account $SA --scopes "https://www.googleapis.com/auth/compute"
gcloud compute instances create lab-2 --zone=$ZONE_2
sudo yum install google-cloud-cli -y