1#!/bin/bash 2 3# Copyright 2021 Google LLC 4# 5# Redistribution and use in source and binary forms, with or without 6# modification, are permitted provided that the following conditions are 7# met: 8# 9# * Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# * Redistributions in binary form must reproduce the above 12# copyright notice, this list of conditions and the following disclaimer 13# in the documentation and/or other materials provided with the 14# distribution. 15# * Neither the name of Google LLC nor the names of its 16# contributors may be used to endorse or promote products derived from 17# this software without specific prior written permission. 18# 19# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 31# This script is used to generate the project configurations needed to 32# end-to-end test Downscoping with Credential Access Boundaries in the Auth 33# library. 34# 35# In order to run this script, you need to fill in the project_id and 36# service_account_email variables. 37# 38# This script needs to be run once. It will do the following: 39# 1. Sets the current project to the one specified. 40# 2. Creates a GCS bucket in the specified project. 41# 3. Gives the specified service account the objectAdmin role for this bucket. 42# 4. Creates two text files to be uploaded to the created bucket. 43# 5. Uploads both text files. 44# 6. Prints out the identifiers (bucket ID, first object ID, second object ID) 45# to be used in the accompanying tests. 46# 7. Deletes the created text files in the current directory. 47# 48# The same service account used for this setup script should be used for 49# the integration tests. 50# 51# It is safe to run the setup script again. A new bucket is created along with 52# new objects. If run multiple times, it is advisable to delete 53# unused buckets. 54 55suffix="" 56 57function generate_random_string () { 58 local valid_chars=abcdefghijklmnopqrstuvwxyz0123456789 59 for i in {1..8} ; do 60 suffix+="${valid_chars:RANDOM%${#valid_chars}:1}" 61 done 62} 63 64generate_random_string 65 66bucket_id="cab-int-bucket-"${suffix} 67first_object="cab-first-"${suffix}.txt 68second_object="cab-second-"${suffix}.txt 69 70# Fill in. 71project_id="" 72service_account_email="" 73 74gcloud config set project ${project_id} 75 76# Create the GCS bucket. 77gsutil mb -b on -l us-east1 gs://${bucket_id} 78 79# Give the specified service account the objectAdmin role for this bucket. 80gsutil iam ch serviceAccount:${service_account_email}:objectAdmin gs://${bucket_id} 81 82# Create both objects. 83echo "first" >> ${first_object} 84echo "second" >> ${second_object} 85 86# Upload the created objects to the bucket. 87gsutil cp ${first_object} gs://${bucket_id} 88gsutil cp ${second_object} gs://${bucket_id} 89 90echo "Bucket ID: "${bucket_id} 91echo "First object ID: "${first_object} 92echo "Second object ID: "${second_object} 93 94# Cleanup. 95rm ${first_object} 96rm ${second_object} 97