local wli
Browse files- setup-workload-identity.sh +20 -0
setup-workload-identity.sh
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
#!/bin/bash
|
| 2 |
+
|
| 3 |
+
# Authenticate to Google Cloud
|
| 4 |
+
gcloud auth login
|
| 5 |
+
|
| 6 |
+
# Set the project
|
| 7 |
+
gcloud config set project elvoro-483807
|
| 8 |
+
|
| 9 |
+
# Grant workload identity permission
|
| 10 |
+
gcloud iam service-accounts add-iam-policy-binding clientdata@elvoro-483807.iam.gserviceaccount.com \
|
| 11 |
+
--project="elvoro-483807" \
|
| 12 |
+
--role="roles/iam.workloadIdentityUser" \
|
| 13 |
+
--member="principalSet://iam.googleapis.com/projects/181713295829/locations/global/workloadIdentityPools/test-elvoro-data/attribute.repository/ElvoroLtd/Elvoro"
|
| 14 |
+
|
| 15 |
+
# Verify the binding
|
| 16 |
+
echo "Verifying IAM policy binding..."
|
| 17 |
+
gcloud iam service-accounts get-iam-policy clientdata@elvoro-483807.iam.gserviceaccount.com \
|
| 18 |
+
--project="elvoro-483807"
|
| 19 |
+
|
| 20 |
+
echo "✅ Done!"
|