David G. Cueva Tello davidcueva

## com.google.cloud.hadoop2GCP.visualizationSec.010.enableAPIs.sh
gcloud services enable dataproc.googleapis.com sqladmin.googleapis.com \
  cloudkms.googleapis.com

## com.google.cloud.hadoop2GCP.visualizationSec.020.topExports.sh
export PROJECT_ID=$(gcloud info --format='value(config.project)')
export REGION=us-central1
export ZONE=us-central1-b

## com.google.cloud.hadoop2GCP.visualizationSec.030.createSA.sh
gcloud iam service-accounts create visualization-security-sa \
  --description="Used by products in visualization security" \
  --display-name="Visualization security service account"

## com.google.cloud.hadoop2GCP.visualizationSec.040.servAcctRoles.sh
bash -c 'array=( dataproc.worker cloudsql.editor cloudkms.cryptoKeyDecrypter )
for i in "${array[@]}"
do
  gcloud projects add-iam-policy-binding ${PROJECT_ID} \
    --member "serviceAccount:visualization-security-sa@${PROJECT_ID}.iam.gserviceaccount.com" \
    --role roles/$i
done'

## com.google.cloud.hadoop2GCP.visualizationSec.050.createCloudSQL.sh
export CLOUD_SQL_NAME=cloudsql-mysql
gcloud sql instances create ${CLOUD_SQL_NAME} \
  --tier=db-n1-standard-1 --region=${REGION}

## com.google.cloud.hadoop2GCP.visualizationSec.060.setSQLPwd.sh
gcloud sql users set-password root \
  --host=% --instance ${CLOUD_SQL_NAME} --password mysql-root-password-99

## com.google.cloud.hadoop2GCP.visualizationSec.070.createKeyring.sh
gcloud kms keyrings create my-keyring --location global

## com.google.cloud.hadoop2GCP.visualizationSec.080.createKey.sh
gcloud kms keys create my-key \
  --location global \
  --keyring my-keyring \
  --purpose encryption

## com.google.cloud.hadoop2GCP.visualizationSec.090.rangerAdminPwd.sh
echo "ranger-admin-password-99" | \
gcloud kms encrypt \
  --location=global \
  --keyring=my-keyring \
  --key=my-key \
  --plaintext-file=- \
  --ciphertext-file=ranger-admin-password.encrypted

## com.google.cloud.hadoop2GCP.visualizationSec.100.rangerDBPwd.sh
echo "ranger-db-admin-password-99" | \
gcloud kms encrypt \
  --location=global \
  --keyring=my-keyring \
  --key=my-key \
  --plaintext-file=- \
  --ciphertext-file=ranger-db-admin-password.encrypted
	gcloud services enable dataproc.googleapis.com sqladmin.googleapis.com \
	cloudkms.googleapis.com
	export PROJECT_ID=$(gcloud info --format='value(config.project)')
	export REGION=us-central1
	export ZONE=us-central1-b
	gcloud iam service-accounts create visualization-security-sa \
	--description="Used by products in visualization security" \
	--display-name="Visualization security service account"
	bash -c 'array=( dataproc.worker cloudsql.editor cloudkms.cryptoKeyDecrypter )
	for i in "${array[@]}"
	do
	gcloud projects add-iam-policy-binding ${PROJECT_ID} \
	--member "serviceAccount:visualization-security-sa@${PROJECT_ID}.iam.gserviceaccount.com" \
	--role roles/$i
	done'
	export CLOUD_SQL_NAME=cloudsql-mysql
	gcloud sql instances create ${CLOUD_SQL_NAME} \
	--tier=db-n1-standard-1 --region=${REGION}
	gcloud sql users set-password root \
	--host=% --instance ${CLOUD_SQL_NAME} --password mysql-root-password-99
	gcloud kms keys create my-key \
	--location global \
	--keyring my-keyring \
	--purpose encryption
	echo "ranger-admin-password-99" \| \
	gcloud kms encrypt \
	--location=global \
	--keyring=my-keyring \
	--key=my-key \
	--plaintext-file=- \
	--ciphertext-file=ranger-admin-password.encrypted
	echo "ranger-db-admin-password-99" \| \
	gcloud kms encrypt \
	--location=global \
	--keyring=my-keyring \
	--key=my-key \
	--plaintext-file=- \
	--ciphertext-file=ranger-db-admin-password.encrypted