From b9c4244a2cec0ff5306620e35c06ba3e7a5c0751 Mon Sep 17 00:00:00 2001 From: tejal29 Date: Mon, 28 Jun 2021 22:36:02 -0700 Subject: [PATCH] fetch and set up secret for skaffold-metrics project --- deploy/setup-secret.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/setup-secret.sh b/deploy/setup-secret.sh index cca26537975..cf814a1487b 100755 --- a/deploy/setup-secret.sh +++ b/deploy/setup-secret.sh @@ -17,6 +17,7 @@ set -x # set default project id PROJECT_ID="k8s-skaffold" +METRICS_PROJECT_ID="skaffold-metrics" KEY_FILE="./secrets/keys.json" BUCKET_ID="k8s-skaffold-secrets" LATEST_GCS_PATH="keys.json" @@ -30,7 +31,7 @@ done function download_existing_key() { # Download a valid key created within the past two weeks. - KEY_IDS=$(gcloud iam service-accounts keys list --iam-account=metrics-writer@k8s-skaffold.iam.gserviceaccount.com --project=k8s-skaffold --managed-by=user --filter="validAfterTime>-P2W" --format="value(name)") + KEY_IDS=$(gcloud iam service-accounts keys list --iam-account=metrics-writer@${METRICS_PROJECT_ID}.iam.gserviceaccount.com --project=${METRICS_PROJECT_ID} --managed-by=user --format="value(name)") while read -r KEY_ID do if gsutil cp gs://${BUCKET_ID}/${KEY_ID}.json ${KEY_FILE}; then @@ -43,14 +44,14 @@ function download_existing_key() { function upload_new_key() { echo "Creating new service account key..." - gcloud iam service-accounts keys create ${KEY_FILE} --iam-account=metrics-writer@${PROJECT_ID}.iam.gserviceaccount.com --project=${PROJECT_ID} + gcloud iam service-accounts keys create ${KEY_FILE} --iam-account=metrics-writer@${METRICS_PROJECT_ID}.iam.gserviceaccount.com --project=${METRICS_PROJECT_ID} retVal=$? if [ $retVal -ne 0 ]; then echo "No key created." return 1 fi echo "New service account key created." - KEY_ID=$(gcloud iam service-accounts keys list --iam-account=metrics-writer@k8s-skaffold.iam.gserviceaccount.com --project=k8s-skaffold --managed-by=user --filter="validAfterTime.date('%Y-%m-%d', Z) = `date +%F`" --format="value(name)" --limit=1) + KEY_ID=$(gcloud iam service-accounts keys list --iam-account=metrics-writer@${METRICS_PROJECT_ID}.iam.gserviceaccount.com --project=${METRICS_PROJECT_ID} --managed-by=user --format="value(name)" --limit=1) gsutil cp ${KEY_FILE} gs://${BUCKET_ID}/${KEY_ID}.json gsutil cp ${KEY_FILE} gs://${BUCKET_ID}/${LATEST_GCS_PATH} echo "New service account key uploaded to GCS."