AronllStone/iap-enable.sh

## iap-enable.sh
#!/usr/bin/env bash
set -e

HELP="
NAME
    $0 - turning on IAP policy for WEB backend services

USAGE
    Usage: $0 [ -org ORGANIZATION ] [ -env ENVIRONMENT ] [ -key OAUTH_SECRET_KEY ] [ -id OAUTH_ID ]

REQUIRED ARGUMENTS
    -org ORGANIZATION
        Current organization name.
    -env ENVIRONMENT
        The name of the environment to use. (E.G. staging/preprod/etc.)
    -key OAUTH_SECRET_KEY
        secret key of OAuth client
    -id OAUTH_ID
        secret key ID of OAuth client
"

function fail_on_params() {
    echo "${HELP}"
    exit 1
}

function check_required_argument() {
    local value param
    param="${1}"
    value="${2}"
    [ -z "${value}" ] && (echo "ERROR: Argument '${param}' is required"; fail_on_params)
    return 0
}


[[ $# -lt 8 ]] && fail_on_params

while ([ -n "$1" ] && [ -n "$2" ]); do
  case "$1" in
    -org) ORGANIZATION="${2}" ;;
    -env) ENVIRONMENT="${2}" ;;
    -key) OAUTH_SECRET_KEY="${2}" ;;
    -id) OAUTH_ID="${2}" ;;
  esac
  shift
done

echo "Please enter list of users"
echo "When finish press Enter with an empty string"
while true; do
  read -p "Enter user: " user
  if [[ -n "${user}" ]]; then
    USERS_LIST+=("${user}")
  else
    break
  fi
done

CONFIGURATION="${ORGANIZATION}-${ENVIRONMENT}"
OLD_CONTEXT=$(gcloud config configurations list --filter=IS_ACTIVE=true --format='table[no-heading](name)')

gcloud config configurations activate "${CONFIGURATION}"


LIST_BACKENDS=$(gcloud compute backend-services list --format="[table,no-heading](NAME)" | grep -P "web|grafana|dash" | grep -v "metrics")

for BACKEND_SERVICE in ${LIST_BACKENDS}; do
  gcloud iap web enable --service=${BACKEND_SERVICE} --resource-type=backend-services --oauth2-client-id="${OAUTH_ID}" --oauth2-client-secret="${OAUTH_SECRET_KEY}"
  for USER in ${USERS_LIST[@]}; do
    gcloud iap web add-iam-policy-binding --member="user:${USER}" --role="roles/iap.httpsResourceAccessor" --service=${BACKEND_SERVICE} --resource-type=backend-services
  done
done

gcloud config configurations activate "${OLD_CONTEXT}"
	#!/usr/bin/env bash
	set -e

	HELP="
	NAME
	$0 - turning on IAP policy for WEB backend services

	USAGE
	Usage: $0 [ -org ORGANIZATION ] [ -env ENVIRONMENT ] [ -key OAUTH_SECRET_KEY ] [ -id OAUTH_ID ]

	REQUIRED ARGUMENTS
	-org ORGANIZATION
	Current organization name.
	-env ENVIRONMENT
	The name of the environment to use. (E.G. staging/preprod/etc.)
	-key OAUTH_SECRET_KEY
	secret key of OAuth client
	-id OAUTH_ID
	secret key ID of OAuth client
	"

	function fail_on_params() {
	echo "${HELP}"
	exit 1
	}

	function check_required_argument() {
	local value param
	param="${1}"
	value="${2}"
	[ -z "${value}" ] && (echo "ERROR: Argument '${param}' is required"; fail_on_params)
	return 0
	}


	[[ $# -lt 8 ]] && fail_on_params

	while ([ -n "$1" ] && [ -n "$2" ]); do
	case "$1" in
	-org) ORGANIZATION="${2}" ;;
	-env) ENVIRONMENT="${2}" ;;
	-key) OAUTH_SECRET_KEY="${2}" ;;
	-id) OAUTH_ID="${2}" ;;
	esac
	shift
	done

	echo "Please enter list of users"
	echo "When finish press Enter with an empty string"
	while true; do
	read -p "Enter user: " user
	if [[ -n "${user}" ]]; then
	USERS_LIST+=("${user}")
	else
	break
	fi
	done

	CONFIGURATION="${ORGANIZATION}-${ENVIRONMENT}"
	OLD_CONTEXT=$(gcloud config configurations list --filter=IS_ACTIVE=true --format='table[no-heading](name)')

	gcloud config configurations activate "${CONFIGURATION}"


	LIST_BACKENDS=$(gcloud compute backend-services list --format="[table,no-heading](NAME)" \| grep -P "web\|grafana\|dash" \| grep -v "metrics")

	for BACKEND_SERVICE in ${LIST_BACKENDS}; do
	gcloud iap web enable --service=${BACKEND_SERVICE} --resource-type=backend-services --oauth2-client-id="${OAUTH_ID}" --oauth2-client-secret="${OAUTH_SECRET_KEY}"
	for USER in ${USERS_LIST[@]}; do
	gcloud iap web add-iam-policy-binding --member="user:${USER}" --role="roles/iap.httpsResourceAccessor" --service=${BACKEND_SERVICE} --resource-type=backend-services
	done
	done

	gcloud config configurations activate "${OLD_CONTEXT}"