forked from navikt/arbeidsgiver-notifikasjon-produsent-api
-
Notifications
You must be signed in to change notification settings - Fork 0
/
create-database-iam-users.sh
57 lines (43 loc) · 1.52 KB
/
create-database-iam-users.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/sh
# stop on error
set -e
PROJECTS="fager-dev-24f2 fager-prod-dd77"
INSTANCES="bruker-api produsent-api ekstern-varsling kafka-reaper statistikk"
USERS="peter.brottveit.bock ken.gullaksen bendik.segrov.ibenholt"
# Kommandoen under er idempotent, så vidt jeg kan se.
# Den som kjører kommandoen må ha "roles/cloudsql.admin" i prosjektet.
echo CREATING SQL USERS
for project in $PROJECTS; do
for user in $USERS; do
for instance in $INSTANCES; do
if [ $project = fager-prod-dd77 -a $instance = ekstern-varsling ]; then
continue
fi
echo gcloud beta sql users create [email protected] \
--instance=notifikasjon-$instance \
--project $project \
--type=cloud_iam_user
done
done
done
#list users
#for project in $PROJECTS; do
# for instance in $INSTANCES; do
# echo $project $instance
# gcloud beta sql users list \
# --instance=notifikasjon-$instance \
# --project $project
# done
#done
# Grant all accesses
ALWAYS_ACCESS_PROJECTS="fager-dev-24f2"
INSTANCES="bruker-api produsent-api ekstern-varsling kafka-reaper statistikk"
USERS="peter.brottveit.bock ken.gullaksen bendik.segrov.ibenholt"
echo GRANTING PERMANENT ACCESS
for project in $ALWAYS_ACCESS_PROJECTS; do
for user in $USERS; do
echo gcloud projects add-iam-policy-binding $project \
--member=user:[email protected] \
--role=roles/cloudsql.instanceUser
done
done