-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e600772
commit 2b93c2a
Showing
5 changed files
with
207 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAiaW1hZ2UtdGV4 | ||
| dC10cmFuc2xhdG9yLTQyNTkyMSIsCiAgInByaXZhdGVfa2V5X2lkIjogIjZiMWIxNjk4YWNmMDEx | ||
| M2EzNWIyZTU3M2E4OGFjOGM3YmY5YmI2ZDgiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lO | ||
| IFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dn | ||
| U2pBZ0VBQW9JQkFRQ04va1Q2VDBJUUxEMVpcblBZTEtRZ1VIakQyY0srN3BmVTUxbUtUbWxlTFI4 | ||
| UkwvcktrOUUwQUN2UjlLbGFPK096R1dWcE1oWFUvS0FUdERcbkphcVJ3MFhpNmRScVROVUVYT1dQ | ||
| NUg0ZXE4VktnTTFVNFJRaVg1TmdQQTc1dTdLdi9kZzBTYXZlZHpOVEJsMmRcbnBmQm5TVGh2Rmgr | ||
| SlZpMDdtMTEvVEJ1YlE3YW9GbUIwcjZ5VHQwWmFmTUZ5YloyLzNWZXRXRUV6Yk9pYWhBVGZcbitU | ||
| RGdqdHEvVFRkTHlKZHFQZHY2UTNHK1lhd2RxV1FCdHJXc3lDWENGL3V3dTFHcmE1ZjFBaFhyNEoz | ||
| RzZyRE5cbndubVByb2QzREVueG9CeUNTaGdQbmhpTkdRbHBkbnViazFnckg4SkxaVHJmSGVwdGho | ||
| c3cvZm9NRGFkMko2aE5cbk9JRERXZzY3QWdNQkFBRUNnZ0VBRS9CZ0x2RnI3L1J6dXZFcHlXTEM3 | ||
| UXFTNk9LOGM2VFR4eXlqcWZqak55TGpcblRaYlQxR1BuSHdYLys3Wmo4M0JzS0FCejV3RldQOHl6 | ||
| ZUliZld3VHc3b3B5VGI1ZDdVcHBqQVFFZDg4Y0diaFlcbjNRZEJqMkFjeEZjNnJSNktoWVIwLzBh | ||
| c2IvQU0wTkdraExZMVpNanNqVXVES3kyNFFBQ3kvT1NxNkduTG41MEFcbmpUNnM4bFpvMytVVjYv | ||
| MElUTG5lUGp4ZndRa3dxeTgvVllORzFoRFRwUTZwVGtMa0E2ZDV3eVZuVVk5WEJURHVcbm5hd291 | ||
| S2JpT2hHa0d0TDNjUVp1dzdJWEQ3UWNjeXpJcTRBTFlJbVVGWXZxRm1BNFB1TEVMTGY4Uy9CVk91 | ||
| NDVcbjRoWUl2UlljMWkyQ0Nyc21tKzd4aFc4MVBlSmc1Z3J2Vlplbk5POEJBUUtCZ1FERnY3elRa | ||
| OTZxdXkxc0tRaENcbk5icEhIRUVlZ21kaGJ2blRIdGk4Snl1WEs5RVFhRWlobE1ZbnlIZ2lqWGds | ||
| akxjbGh3b1R2VGd2VUkvWlUxU2xcbkRVUm1xQmJXRG1kYVVXUm8rUFFBTmhvMGw0bEpQUjQ4c0pM | ||
| TDc5SGtrdHNVa1BDVDd5ZjRwajFQTExDMDZaRW1cbitZeGtuNS9sUlAzTTBCNGxmWDA1UnpNWnV3 | ||
| S0JnUUMzMGYwSndrT2JVbDRrVFhqem5yeGVNRXZLSzF3bWxQVG1cbjN5WG9ZbkNHN2lFTnA5dTJu | ||
| Z2NOOVZCMFNXZmdEeFlNOG5zOGVnVnBYM1Z0UUNZaWlDY203aU94ZndUbUI5YVRcblZyTDVwWXpl | ||
| c0pNSC9EZU1FU1lkdE5wMzVwWFloNDFYa2ZCL3JXczRwMEdsREVIcmxqUVVpTUJwUkI4YjJJUkVc | ||
| bnV6UGNJQjhQQVFLQmdIYlYrc3V3cUFkQjVOSVM5bnVUZmhZdHpKUmhHVzljR1pYZCs3RldlTU9u | ||
| K1VNNjZDcnlcbkZRTGpYZzZscFlZclFnU3pXa0x5ZTBrenlMNTViV3lpeEhCTW95eVFDMXdqZll2 | ||
| M3orb3dtUjd4MGZiSlc5cHNcbjRrcmNHKzZZc2o5eHVxR3NId0UySmJIbTBXcG0wbXZ4bTRUOHlF | ||
| SW5hNzRoYzN4a0pWUytqTjd4QW9HQVJ0NmpcbjB3WmRzRjF5UkViR01nN3FDdHBON2hVSGd5eDh1 | ||
| eUlmYUZmRGtKSHdsbVk0RkZFYTRTdktKL3RCSENaVTF3c0pcbnJraFJHODRjNU5FTm90U2hXNllH | ||
| aHVFMHowY0lXR2ZkdXRnejFvdDNOR1h1T0lkSURiM3pXTFRDNHVkbisvSWRcbktleC9ZU2xDNnRJ | ||
| dC9CazkzUWpZUGYxd2pQak9EZjJxd2R4MGZRRUNnWUVBbHZmM2txdUJLejU1VzhJWXYxZmpcbjZV | ||
| QjcyUjA2OVFOQ1pWWm9DVmJCY3BRV0pUcUNFd0pOeEwzV3lvS1ZFQUJxaGhQV1E5U2tINFBQbUpI | ||
| NFAzdldcbm5RWk5WSmczcTdYUTdTaDA1anFTU3VQNjJFUjQzdk5EajhNUXBXRGhFSEo1N0Q1TlE2 | ||
| RWdhM1RBQURlOFFVQUpcbm4xMytTQ2xUTk85T0NIbUtkRElBVExvPVxuLS0tLS1FTkQgUFJJVkFU | ||
| RSBLRVktLS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogImltYWdlLXRleHQtdHJhbnNsYXRvci1n | ||
| aC1zYUBpbWFnZS10ZXh0LXRyYW5zbGF0b3ItNDI1OTIxLmlhbS5nc2VydmljZWFjY291bnQuY29t | ||
| IiwKICAiY2xpZW50X2lkIjogIjExNDExMjc3OTc4MTMwNzMwMjY3OCIsCiAgImF1dGhfdXJpIjog | ||
| Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJp | ||
| IjogImh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRl | ||
| cl94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9j | ||
| ZXJ0cyIsCiAgImNsaWVudF94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMu | ||
| Y29tL3JvYm90L3YxL21ldGFkYXRhL3g1MDkvaW1hZ2UtdGV4dC10cmFuc2xhdG9yLWdoLXNhJTQw | ||
| aW1hZ2UtdGV4dC10cmFuc2xhdG9yLTQyNTkyMS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAg | ||
| InVuaXZlcnNlX2RvbWFpbiI6ICJnb29nbGVhcGlzLmNvbSIKfQo= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAiaW1hZ2UtdGV4 | ||
| dC10cmFuc2xhdG9yLTQyNTkyMSIsCiAgInByaXZhdGVfa2V5X2lkIjogIjZiMWIxNjk4YWNmMDEx | ||
| M2EzNWIyZTU3M2E4OGFjOGM3YmY5YmI2ZDgiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lO | ||
| IFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dn | ||
| U2pBZ0VBQW9JQkFRQ04va1Q2VDBJUUxEMVpcblBZTEtRZ1VIakQyY0srN3BmVTUxbUtUbWxlTFI4 | ||
| UkwvcktrOUUwQUN2UjlLbGFPK096R1dWcE1oWFUvS0FUdERcbkphcVJ3MFhpNmRScVROVUVYT1dQ | ||
| NUg0ZXE4VktnTTFVNFJRaVg1TmdQQTc1dTdLdi9kZzBTYXZlZHpOVEJsMmRcbnBmQm5TVGh2Rmgr | ||
| SlZpMDdtMTEvVEJ1YlE3YW9GbUIwcjZ5VHQwWmFmTUZ5YloyLzNWZXRXRUV6Yk9pYWhBVGZcbitU | ||
| RGdqdHEvVFRkTHlKZHFQZHY2UTNHK1lhd2RxV1FCdHJXc3lDWENGL3V3dTFHcmE1ZjFBaFhyNEoz | ||
| RzZyRE5cbndubVByb2QzREVueG9CeUNTaGdQbmhpTkdRbHBkbnViazFnckg4SkxaVHJmSGVwdGho | ||
| c3cvZm9NRGFkMko2aE5cbk9JRERXZzY3QWdNQkFBRUNnZ0VBRS9CZ0x2RnI3L1J6dXZFcHlXTEM3 | ||
| UXFTNk9LOGM2VFR4eXlqcWZqak55TGpcblRaYlQxR1BuSHdYLys3Wmo4M0JzS0FCejV3RldQOHl6 | ||
| ZUliZld3VHc3b3B5VGI1ZDdVcHBqQVFFZDg4Y0diaFlcbjNRZEJqMkFjeEZjNnJSNktoWVIwLzBh | ||
| c2IvQU0wTkdraExZMVpNanNqVXVES3kyNFFBQ3kvT1NxNkduTG41MEFcbmpUNnM4bFpvMytVVjYv | ||
| MElUTG5lUGp4ZndRa3dxeTgvVllORzFoRFRwUTZwVGtMa0E2ZDV3eVZuVVk5WEJURHVcbm5hd291 | ||
| S2JpT2hHa0d0TDNjUVp1dzdJWEQ3UWNjeXpJcTRBTFlJbVVGWXZxRm1BNFB1TEVMTGY4Uy9CVk91 | ||
| NDVcbjRoWUl2UlljMWkyQ0Nyc21tKzd4aFc4MVBlSmc1Z3J2Vlplbk5POEJBUUtCZ1FERnY3elRa | ||
| OTZxdXkxc0tRaENcbk5icEhIRUVlZ21kaGJ2blRIdGk4Snl1WEs5RVFhRWlobE1ZbnlIZ2lqWGds | ||
| akxjbGh3b1R2VGd2VUkvWlUxU2xcbkRVUm1xQmJXRG1kYVVXUm8rUFFBTmhvMGw0bEpQUjQ4c0pM | ||
| TDc5SGtrdHNVa1BDVDd5ZjRwajFQTExDMDZaRW1cbitZeGtuNS9sUlAzTTBCNGxmWDA1UnpNWnV3 | ||
| S0JnUUMzMGYwSndrT2JVbDRrVFhqem5yeGVNRXZLSzF3bWxQVG1cbjN5WG9ZbkNHN2lFTnA5dTJu | ||
| Z2NOOVZCMFNXZmdEeFlNOG5zOGVnVnBYM1Z0UUNZaWlDY203aU94ZndUbUI5YVRcblZyTDVwWXpl | ||
| c0pNSC9EZU1FU1lkdE5wMzVwWFloNDFYa2ZCL3JXczRwMEdsREVIcmxqUVVpTUJwUkI4YjJJUkVc | ||
| bnV6UGNJQjhQQVFLQmdIYlYrc3V3cUFkQjVOSVM5bnVUZmhZdHpKUmhHVzljR1pYZCs3RldlTU9u | ||
| K1VNNjZDcnlcbkZRTGpYZzZscFlZclFnU3pXa0x5ZTBrenlMNTViV3lpeEhCTW95eVFDMXdqZll2 | ||
| M3orb3dtUjd4MGZiSlc5cHNcbjRrcmNHKzZZc2o5eHVxR3NId0UySmJIbTBXcG0wbXZ4bTRUOHlF | ||
| SW5hNzRoYzN4a0pWUytqTjd4QW9HQVJ0NmpcbjB3WmRzRjF5UkViR01nN3FDdHBON2hVSGd5eDh1 | ||
| eUlmYUZmRGtKSHdsbVk0RkZFYTRTdktKL3RCSENaVTF3c0pcbnJraFJHODRjNU5FTm90U2hXNllH | ||
| aHVFMHowY0lXR2ZkdXRnejFvdDNOR1h1T0lkSURiM3pXTFRDNHVkbisvSWRcbktleC9ZU2xDNnRJ | ||
| dC9CazkzUWpZUGYxd2pQak9EZjJxd2R4MGZRRUNnWUVBbHZmM2txdUJLejU1VzhJWXYxZmpcbjZV | ||
| QjcyUjA2OVFOQ1pWWm9DVmJCY3BRV0pUcUNFd0pOeEwzV3lvS1ZFQUJxaGhQV1E5U2tINFBQbUpI | ||
| NFAzdldcbm5RWk5WSmczcTdYUTdTaDA1anFTU3VQNjJFUjQzdk5EajhNUXBXRGhFSEo1N0Q1TlE2 | ||
| RWdhM1RBQURlOFFVQUpcbm4xMytTQ2xUTk85T0NIbUtkRElBVExvPVxuLS0tLS1FTkQgUFJJVkFU | ||
| RSBLRVktLS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogImltYWdlLXRleHQtdHJhbnNsYXRvci1n | ||
| aC1zYUBpbWFnZS10ZXh0LXRyYW5zbGF0b3ItNDI1OTIxLmlhbS5nc2VydmljZWFjY291bnQuY29t | ||
| IiwKICAiY2xpZW50X2lkIjogIjExNDExMjc3OTc4MTMwNzMwMjY3OCIsCiAgImF1dGhfdXJpIjog | ||
| Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJp | ||
| IjogImh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRl | ||
| cl94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9j | ||
| ZXJ0cyIsCiAgImNsaWVudF94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMu | ||
| Y29tL3JvYm90L3YxL21ldGFkYXRhL3g1MDkvaW1hZ2UtdGV4dC10cmFuc2xhdG9yLWdoLXNhJTQw | ||
| aW1hZ2UtdGV4dC10cmFuc2xhdG9yLTQyNTkyMS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAg | ||
| InVuaXZlcnNlX2RvbWFpbiI6ICJnb29nbGVhcGlzLmNvbSIKfQo= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| ################################################################ | ||
| # One-time creation of sa account for our application services # | ||
| ################################################################ | ||
|
|
||
| # First, authenticate as a user who can create service accounts | ||
| # gcloud auth login | ||
|
|
||
| # Check correct project is selected | ||
| # gcloud config list project | ||
| # export PROJECT_ID=<enter your project ID> | ||
| # gcloud config set project $PROJECT_ID | ||
|
|
||
| # If these are not already set... | ||
| export SVC_ACCOUNT=image-text-translator-sa | ||
| export SVC_ACCOUNT_EMAIL=$SVC_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com | ||
|
|
||
| # Attaching a user-managed service account is the preferred way to | ||
| # provide credentials to ADC for production code running on Google Cloud | ||
| gcloud iam service-accounts create $SVC_ACCOUNT | ||
|
|
||
| ###################################### | ||
| # Grant roles to the service account # | ||
| ###################################### | ||
|
|
||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="serviceAccount:$SVC_ACCOUNT_EMAIL" \ | ||
| --role=roles/run.invoker | ||
|
|
||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="serviceAccount:$SVC_ACCOUNT_EMAIL" \ | ||
| --role=roles/cloudfunctions.invoker | ||
|
|
||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="serviceAccount:$SVC_ACCOUNT_EMAIL" \ | ||
| --role="roles/cloudtranslate.user" | ||
|
|
||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="serviceAccount:$SVC_ACCOUNT_EMAIL" \ | ||
| --role="roles/serviceusage.serviceUsageAdmin" | ||
|
|
||
| ####################################################### | ||
| # Grant roles to our developer account, for deploying # | ||
| ####################################################### | ||
|
|
||
| export MY_ORG=<enter your org domain> | ||
|
|
||
| # Grant the required role to the principal | ||
| # that will attach the service account to other resources. | ||
| # Here we assume your developer account is a member of the gcp-devops group. | ||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="group:gcp-devops@$MY_ORG" \ | ||
| --role=roles/iam.serviceAccountUser | ||
|
|
||
| # Allow service account impersonation | ||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="group:gcp-devops@$MY_ORG" \ | ||
| --role=roles/iam.serviceAccountTokenCreator | ||
|
|
||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="group:gcp-devops@$MY_ORG" \ | ||
| --role roles/cloudfunctions.admin | ||
|
|
||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="group:gcp-devops@$MY_ORG" \ | ||
| --role roles/run.admin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| # First, authenticate as a user who can create service accounts | ||
| # gcloud auth login | ||
|
|
||
| # Check correct project is selected | ||
| # gcloud config list project | ||
| # export PROJECT_ID=<enter your project ID> | ||
| # gcloud config set project $PROJECT_ID | ||
|
|
||
| export PROJECT_ID=$(gcloud config list --format='value(core.project)') | ||
|
|
||
| export MY_ORG=<enter your org domain> | ||
| export GH_SVC_ACCOUNT=image-text-translator-gh-sa | ||
| export GH_SVC_ACCOUNT_EMAIL=$GH_SVC_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com | ||
|
|
||
| gcloud iam service-accounts create $GH_SVC_ACCOUNT | ||
|
|
||
| ###################################### | ||
| # Grant roles to the service account # | ||
| ###################################### | ||
|
|
||
| # Allow service account to access GCS Cloud Build bucket | ||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="serviceAccount:$GH_SVC_ACCOUNT_EMAIL" \ | ||
| --role="roles/storage.admin" | ||
|
|
||
| # Allow service account to run and manage Cloud Build jobs | ||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="serviceAccount:$GH_SVC_ACCOUNT_EMAIL" \ | ||
| --role="roles/cloudbuild.builds.editor" | ||
|
|
||
| # Allow service account access to logs | ||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="serviceAccount:$GH_SVC_ACCOUNT_EMAIL" \ | ||
| --role="roles/logging.viewer" | ||
|
|
||
| # Allow this service account to deploy | ||
| gcloud iam service-accounts add-iam-policy-binding $GH_SVC_ACCOUNT_EMAIL \ | ||
| --member="serviceAccount:$GH_SVC_ACCOUNT_EMAIL" \ | ||
| --role="roles/iam.serviceAccountUser" | ||
|
|
||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="serviceAccount:$GH_SVC_ACCOUNT_EMAIL" \ | ||
| --role=roles/run.admin | ||
|
|
||
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | ||
| --member="serviceAccount:$GH_SVC_ACCOUNT_EMAIL" \ | ||
| --role=roles/cloudfunctions.admin | ||
|
|
||
| ### Create a service account key ### | ||
| gcloud iam service-accounts keys create ~/.config/gcloud/$GH_SVC_ACCOUNT.json \ | ||
| --iam-account=$GH_SVC_ACCOUNT_EMAIL | ||
|
|
||
| # Base64 encode the key # | ||
| base64 ~/.config/gcloud/$GH_SVC_ACCOUNT.json > "${GH_SVC_ACCOUNT}_encoded.txt" |