[moblab] Versioning partner account setup scripts
Versioning scripts that automate creating storage buckets and
cloud service accounts for partners.
BUG=chromium:809814
TEST=Created a test partner account with the new scripts
Change-Id: I4d1606628049dbe8b68c6987e4dc626969a24459
Reviewed-on: https://chromium-review.googlesource.com/907109
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Matt Mallett <mattmallett@chromium.org>
Reviewed-by: Keith Haddow <haddowk@chromium.org>
diff --git a/scripts/setup_partner_service_account.sh b/scripts/setup_partner_service_account.sh
new file mode 100755
index 0000000..6574cf0
--- /dev/null
+++ b/scripts/setup_partner_service_account.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+# Copyright 2018 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+if [ "$#" -ne 1 ]; then
+ echo 'Usage: ./setup_service_account <PARTNER>'
+ echo ' PARTNER: chromeos-moblab-<PARTNER>'
+ exit 1
+fi
+
+PARTNER='chromeos-moblab-'$1
+
+set -x
+set -e
+
+gcloud config set project chromeos-partner-moblab
+gcloud iam service-accounts create $PARTNER --display-name "$PARTNER"
+gcloud iam service-accounts keys create \
+ ~/$PARTNER-key.json \
+ --iam-account $PARTNER@chromeos-partner-moblab.iam.gserviceaccount.com
+gsutil cp ~/$PARTNER-key.json gs://$PARTNER/pubsub-key-do-not-delete.json
+gcloud beta pubsub topics add-iam-policy-binding moblab-notification --member \
+ serviceAccount:$PARTNER@chromeos-partner-moblab.iam.gserviceaccount.com \
+ --role roles/pubsub.publisher
diff --git a/scripts/setup_partner_storage_bucket.sh b/scripts/setup_partner_storage_bucket.sh
new file mode 100755
index 0000000..aaa2bdf
--- /dev/null
+++ b/scripts/setup_partner_storage_bucket.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# Copyright 2018 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+if [ "$#" -ne 1 ]; then
+ echo 'Usage: ./setup_storage_bucket <PARTNER>'
+ echo ' PARTNER: chromeos-moblab-<PARTNER>'
+ exit 1
+fi
+
+PARTNER_BUCKET='gs://chromeos-moblab-'$1
+GSUTIL='gsutil'
+PARTNER_EMAIL='cros.moblab.'$(echo $1 | sed 's/-/./')'@gmail.com'
+
+set -x
+
+${GSUTIL} mkdir -p chromeos-partner-moblab ${PARTNER_BUCKET}
+${GSUTIL} acl ch -u ${PARTNER_EMAIL}:WRITE ${PARTNER_BUCKET}
+${GSUTIL} defacl ch -u ${PARTNER_EMAIL}:READ ${PARTNER_BUCKET}
+${GSUTIL} -m acl ch -R -u ${PARTNER_EMAIL}:READ ${PARTNER_BUCKET}
+${GSUTIL} acl ch -g \
+ 00b4903a97fb6344be6306829e053825e18a04ab0cc5513e9585a2b8c9634c80:FULL_CONTROL \
+ -g 00b4903a97ce95daf4ef249a9c21dddd83fdfb7126720b7c3440483b6229a03c:FULL_CONTROL \
+ ${PARTNER_BUCKET}
+${GSUTIL} defacl ch -g \
+ 00b4903a97fb6344be6306829e053825e18a04ab0cc5513e9585a2b8c9634c80:FULL_CONTROL \
+ -g 00b4903a97ce95daf4ef249a9c21dddd83fdfb7126720b7c3440483b6229a03c:FULL_CONTROL \
+ ${PARTNER_BUCKET}
+${GSUTIL} acl ch -g google.com:READ ${PARTNER_BUCKET}
+${GSUTIL} defacl ch -g google.com:READ ${PARTNER_BUCKET}
