setup-workload-identity.sh

#!/bin/bash

# Authenticate to Google Cloud
gcloud auth login

# Set the project
gcloud config set project elvoro-483807

# Grant workload identity permission
gcloud iam service-accounts add-iam-policy-binding clientdata@elvoro-483807.iam.gserviceaccount.com \
    --project="elvoro-483807" \
    --role="roles/iam.workloadIdentityUser" \
    --member="principalSet://iam.googleapis.com/projects/181713295829/locations/global/workloadIdentityPools/test-elvoro-data/attribute.repository/ElvoroLtd/Elvoro"

# Verify the binding
echo "Verifying IAM policy binding..."
gcloud iam service-accounts get-iam-policy clientdata@elvoro-483807.iam.gserviceaccount.com \
    --project="elvoro-483807"

echo "✅ Done!"