scripts/00-create-service-account.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

#!/bin/sh

if [ ${DEBUG:+1} ]; then
    set -exo pipefail
fi

gcloud iam service-accounts create ${SERVICE_ACCOUNT} \
    --description="Spark access account to Google Cloud Buckets" \
    --display-name="Spark to Bucket"

gcloud projects add-iam-policy-binding ${PROJECT} \
    --member="serviceAccount:${SERVICE_ACCOUNT}@${PROJECT}.iam.gserviceaccount.com" \
    --role="roles/storage.objectAdmin"

gcloud projects add-iam-policy-binding ${PROJECT} \
    --member="serviceAccount:${SERVICE_ACCOUNT}@${PROJECT}.iam.gserviceaccount.com" \
    --role="roles/dataproc.worker"

gcloud iam service-accounts keys create ./google-service-account-key.json \
    --iam-account=${SERVICE_ACCOUNT}@${PROJECT}.iam.gserviceaccount.com