Last active
August 1, 2022 14:57
-
-
Save AronllStone/de34d79c439a35c62c4a23634f6bb2cb to your computer and use it in GitHub Desktop.
This script allows to create IAP client and enable IAP auth on necessary backend services
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| HELP=" | |
| NAME | |
| $0 - turning on IAP policy for WEB backend services | |
| USAGE | |
| Usage: $0 [ -org ORGANIZATION ] [ -env ENVIRONMENT ] [ -key OAUTH_SECRET_KEY ] [ -id OAUTH_ID ] | |
| REQUIRED ARGUMENTS | |
| -org ORGANIZATION | |
| Current organization name. | |
| -env ENVIRONMENT | |
| The name of the environment to use. (E.G. staging/preprod/etc.) | |
| -key OAUTH_SECRET_KEY | |
| secret key of OAuth client | |
| -id OAUTH_ID | |
| secret key ID of OAuth client | |
| " | |
| function fail_on_params() { | |
| echo "${HELP}" | |
| exit 1 | |
| } | |
| function check_required_argument() { | |
| local value param | |
| param="${1}" | |
| value="${2}" | |
| [ -z "${value}" ] && (echo "ERROR: Argument '${param}' is required"; fail_on_params) | |
| return 0 | |
| } | |
| [[ $# -lt 8 ]] && fail_on_params | |
| while ([ -n "$1" ] && [ -n "$2" ]); do | |
| case "$1" in | |
| -org) ORGANIZATION="${2}" ;; | |
| -env) ENVIRONMENT="${2}" ;; | |
| -key) OAUTH_SECRET_KEY="${2}" ;; | |
| -id) OAUTH_ID="${2}" ;; | |
| esac | |
| shift | |
| done | |
| echo "Please enter list of users" | |
| echo "When finish press Enter with an empty string" | |
| while true; do | |
| read -p "Enter user: " user | |
| if [[ -n "${user}" ]]; then | |
| USERS_LIST+=("${user}") | |
| else | |
| break | |
| fi | |
| done | |
| CONFIGURATION="${ORGANIZATION}-${ENVIRONMENT}" | |
| OLD_CONTEXT=$(gcloud config configurations list --filter=IS_ACTIVE=true --format='table[no-heading](name)') | |
| gcloud config configurations activate "${CONFIGURATION}" | |
| LIST_BACKENDS=$(gcloud compute backend-services list --format="[table,no-heading](NAME)" | grep -P "web|grafana|dash" | grep -v "metrics") | |
| for BACKEND_SERVICE in ${LIST_BACKENDS}; do | |
| gcloud iap web enable --service=${BACKEND_SERVICE} --resource-type=backend-services --oauth2-client-id="${OAUTH_ID}" --oauth2-client-secret="${OAUTH_SECRET_KEY}" | |
| for USER in ${USERS_LIST[@]}; do | |
| gcloud iap web add-iam-policy-binding --member="user:${USER}" --role="roles/iap.httpsResourceAccessor" --service=${BACKEND_SERVICE} --resource-type=backend-services | |
| done | |
| done | |
| gcloud config configurations activate "${OLD_CONTEXT}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment